Authentication in Quantum Networks

In this review, we survey the cryptographic task of authentication from the perspective of quantum communication. We review three main flavours of authentication that are often conflated in the literature: authentication of classical messages, authentication of quantum messages, and entity authentication, also covering recent hardware-assisted approaches. We compare representative protocols for each functionality in terms of their security assumptions, set-up requirements, composability, and scalability in large or dynamic networks, and use these criteria to identify and recommend suitable candidates. Finally, applications are surveyed: we provide a detailed case study of authentication and quantum key distribution (QKD), then extend the discussion to protocols beyond QKD, where the role of authentication is more complex. Our take-home message is that an authentication requirement is not an intrinsic limitation of quantum networks: as with all secure communication, each protocol relies on a particular authentication resource, and the security claim of that protocol is meaningful only once the authentication resource and its deployment assumptions are made explicit. At the same time, the existing classical and quantum literature already offers a range of quantum-secure authentication schemes, which can support different applications when carefully matched to the required functionality, assumptions, and security guarantees.