Security analysis of quantum-readout pufs in the case of challenge-estimation attacks

Quantum Readout (QR) of Physical Unclonable Functions (PUFs) is a new technique for remotely authenticating objects, which has recently been demonstrated experimentally. The security is based on basic quantum information theoretic principles and holds under the assumption that the adversary cannot clone or physically emulate PUFs. We analyse the security of QR under a class of attacks called `digital emulation', in which the adversary first performs state estimation on the challenge and then bases his response on this estimate. We make use of a result by Bru\ss{} and Macchiavello to derive an upper bound on the adversary's success probability as a function of the Hilbert space dimension $K$ and the photon number~$n$. We prove that QR is unconditionally secure against digital emulation attacks when the challenges are Fock states. For non-Fock-states we provide a security proof under the condition that the attacker's measurements commute with the particle number operator.