cryptography

Authentication in Quantum Networks

Curator's Take

This article spotlights a often‑overlooked pillar of quantum networking—authentication—and clarifies how classical and quantum approaches differ in assumptions, composability and scalability. By mapping the landscape of message‑level and entity authentication to real‑world QKD deployments, it gives engineers concrete guidance on which schemes can be rolled out as networks grow or become dynamic. The review also underscores that secure quantum communication is not limited by a lack of authentication primitives; rather, choosing the right quantum‑secure protocol is now a practical engineering decision that will shape the rollout of future quantum internet services.

— Mark Eatherly

Summary

In this review, we survey the cryptographic task of authentication from the perspective of quantum communication. We review three main flavours of authentication that are often conflated in the literature: authentication of classical messages, authentication of quantum messages, and entity authentication, also covering recent hardware-assisted approaches. We compare representative protocols for each functionality in terms of their security assumptions, set-up requirements, composability, and scalability in large or dynamic networks, and use these criteria to identify and recommend suitable candidates. Finally, applications are surveyed: we provide a detailed case study of authentication and quantum key distribution (QKD), then extend the discussion to protocols beyond QKD, where the role of authentication is more complex. Our take-home message is that an authentication requirement is not an intrinsic limitation of quantum networks: as with all secure communication, each protocol relies on a particular authentication resource, and the security claim of that protocol is meaningful only once the authentication resource and its deployment assumptions are made explicit. At the same time, the existing classical and quantum literature already offers a range of quantum-secure authentication schemes, which can support different applications when carefully matched to the required functionality, assumptions, and security guarantees.