Secure login in networks

One application of the quantum internet is to obtain fundamentally secure communication via quantum key distribution. With a few changes in the quantum key distribution scheme, another application of the quantum internet becomes available: secure login.

This means that you can, in a fundamentally secure way:

  • Identify the party you’re communicating with over the network.
  • Prove your own identity to the other party.

Everyday examples of securely identifying users and servers at networks are numerous. In ATM usage, for instance, a bank needs to establish whether a user is the client they say they are, while the user wants to avoid disclosing any information to any party except for the bank. Or when you open your email account, the server needs to know you are the person you say you are, and you don’t want your login information to be exposed to a fake website trying to steal your data.

On the classical internet, identification is done by a user – let’s call her Alice – typically sending her password (or other credentials) to the server – call it Bob. The disadvantages of this are that the server Bob gets the password over the internet connection between Alice and Bob. More sophisticated schemes use the password in combination with cryptographic schemes based on the hardness of certain mathematical problems such as factoring. Many of these schemes are not safe against adversaries with a quantum computer. This allows malpractices in which a third party – call her Eve – aims to intercept this communication with the password, either by eavesdropping on the line between Alice and Bob, or by phishing through presenting a fake server to Alice.

A more ideal login protocol would be one in which Alice does not send her password to the server Bob, yet that allows Bob to verify that Alice is in possession of her password.

Quantum information technology makes such a protocol possible under reasonable conditions. More precisely, it allows for a protocol in which Alice and Bob are given a password and by which Alice can identify herself numerous times. Under such a protocol:

The protocol is secure if we assume that the technological abilities of the eavesdropper are somewhat limited. Broadly put, the eavesdropper can have a quantum computer, but that quantum computer should have a limited amount of memory, or should have a memory that is slightly noisy. These assumptions only need to hold during the execution of the protocol.

With such a protocol users and servers can regain confidence about the identities of the users and servers they communicate with. This would limit the abilities of users and servers that fake their identity and thus be a major improvement of security as compared to the classical internet.


I. Damgård, S. Fehr, L. Salvail, C. Schaffner, Secure identification and QKD in the bounded-quantum-storage model. Theor. Comput. Sci. 560, 12 (2014). doi: 10.1016/j.tcs.2014.09.014

F. Dupuis, O. Fawzi, S. Wehner, Entanglement sampling and applications. IEEE Trans. Inf. Theory 61, 1093–1112 (2014). doi: 10.1109/TIT.2014.2371464