Quantum Biometrics Achieves 89% Secure Authentication in Decentralised Systems

The increasing reliance on biometric authentication within smart cities and decentralised systems presents both opportunities and vulnerabilities in digital identity management. Tooba Qasim, Vasilios A. Siris, and Izak Oosthuizen, alongside Muttukrishnan Rajarajan and Sujit Biswas from City, University of London, have addressed the critical need for quantum-resistant security in these evolving infrastructures. Their research tackles the inherent risks of centralised biometric data storage and the trust issues arising in decentralised networks, where devices must verify each other before sharing sensitive information. The team proposes a novel communication protocol leveraging an enhanced Quantum Key Distribution system, fortified with post-quantum cryptography and authentication qubits, to establish secure channels for biometric data transmission. Simulations demonstrate a promising key generation rate and efficiency, suggesting a scalable and robust solution for the next generation of secure, decentralised biometric authentication.

Smart cities require secure access to services spanning governance, transportation, and public infrastructure. Centralised architectures, despite their widespread use, present privacy and scalability challenges stemming from the aggregation of sensitive biometric data. Decentralised identity frameworks offer improved data sovereignty and eliminate single points of failure, yet introduce novel security concerns, specifically regarding mutual trust between distributed devices. Within these environments, biometric sensors and verification agents must authenticate each other prior to sharing sensitive biometric data. Existing authentication schemes predominantly rely on classical public key infrastructure, which is increasingly….

Dual-Layer QKD for Biometric System Security Researchers developed

Researchers developed a novel, quantum-resilient communication protocol designed to secure decentralised biometric systems, addressing vulnerabilities inherent in current smart city infrastructures. The study directly tackles the escalating threat posed by quantum computing to existing public key infrastructure used in biometric authentication. This innovative combination aims to establish a robust and scalable authentication framework for next-generation smart city applications.

The core of the work lies in a dual-layer authentication mechanism embedded within the QKD protocol. The team implemented PQC algorithms on the classical communication channel, providing an initial layer of defence against quantum attacks. Crucially, they then incorporated authentication qubits into the quantum channel itself, verifying the integrity of the communication and establishing mutual trust between devices before key exchange. This dual approach ensures that any malicious attempts to intercept or manipulate data are detected, bolstering the overall security of the system. Once trust is confirmed, the QKD system generates symmetric keys used for encrypting the biometric data itself.

To validate the protocol’s performance, the researchers employed Qiskit-based simulations, a powerful open-source quantum computing software development kit. These simulations demonstrated a key generation rate of 15 bits per second with an efficiency of 89%, indicating the feasibility of implementing the system in real-world smart city deployments. This detailed analysis confirms the protocol’s potential to deliver scalable, robust authentication for a growing network of devices. This study pioneers a significant methodological advancement by directly addressing the limitations of classical cryptographic methods in the face of quantum computing. By harnessing the principles of quantum mechanics, the research provides a pathway towards unconditionally secure biometric authentication. This breakthrough delivers a resilient authentication protocol incorporating post-quantum cryptography (PQC) to secure the classical communication channel and authentication qubits to verify the integrity of the quantum channel itself. The research team successfully demonstrated a layered approach to security, addressing vulnerabilities present in traditional biometric authentication frameworks. Experiments revealed the protocol’s ability to tune performance and security through manipulation of the ratio between decoy and authentication qubits.

Increasing the number of decoy qubits enhances eavesdropping detection, crucial for high-risk environments, while prioritising authentication qubits optimises the protocol for time-sensitive applications. Tests proved that varying configurations, including 50/50, 30/70, and 10/90 ratios of decoy to authentication qubits, allow for a trade-off between security and speed, tailoring the system to specific needs. Measurements confirm the effectiveness of the protocol in defending against Man-in-the-Middle (MitM) attacks by employing the ML-KEM lattice-based PQC algorithm. Alice encapsulates a secret using Bob’s public key, and Bob recovers it with his private key; successful matching of the shared secrets confirms authentication and ensures communication integrity.

Any tampering by an adversary would result in mismatched secrets, immediately aborting the session and preventing unauthorised manipulation. This classical channel security is vital even in the face of potential quantum-capable adversaries. Further analysis demonstrated the protocol’s resilience against Photon Number Splitting (PNS) attacks, a common vulnerability in QKD systems. The researchers inserted decoy qubits of varying intensities into the quantum stream, enabling Bob to analyse detection statistics and identify inconsistencies indicative of eavesdropping. The probability of detecting an eavesdropper increases with both the number of intercepted qubits and the proportion of decoy qubits. Simulation results showed a QBER threshold of 3% effectively distinguishes legitimate communication from malicious interference at the quantum layer, safeguarding against impersonation and injection attacks.

Decentralised Biometric Security via Quantum Authentication

This work details a novel dual-channel authentication protocol designed to secure biometric communication within decentralised networks. By integrating post-quantum cryptography for classical communication with quantum-layer verification, the researchers have established a system where only trusted devices participate in key exchange. This approach defends against impersonation, quantum threats, and channel tampering, offering a significant advancement in biometric security. The protocol’s key contribution lies in its ability to generate symmetric keys for biometric data encryption without reliance on pre-shared keys or central authorities, making it particularly well-suited for scalable deployments in smart city infrastructures. Simulations demonstrate a key generation rate of 15 bits per second with 89% efficiency and minimal runtime overhead, indicating practical feasibility. The authors propose future research focused on testing the protocol on real quantum key distribution hardware, integrating it with edge biometric systems, and expanding its application to multi-user mesh networks with dynamic trust requirements.