Position-Based Quantum Cryptography: Impossibility and Constructions

In this work, we study position-based cryptography in the quantum setting. The aim is to use the geographical position of a party as its only credential. On the negative side, we show that if adversaries are allowed to share an arbitrarily large entangled quantum state, no secure position-verification is possible at all. We show a distributed protocol for computing any unitary operation on a state shared between the different users, using local operations and one round of classical communication. Using this surprising result, we break any position-verification scheme of a very general form. On the positive side, we show that if adversaries do not share any entangled quantum state but can compute arbitrary quantum operations, secure position-verification is achievable. Jointly, these results suggest the interesting question whether secure position-verification is possible in case of a bounded amount of entanglement. Our positive result can be interpreted as resolving this question in the simplest case, where the bound is set to zero. In models where secure positioning is achievable, it has a number of interesting applications. For example, it enables secure communication over an insecure channel without having any pre-shared key, with the guarantee that only a party at a specific location can learn the content of the conversation. More generally, we show that in settings where secure position-verification is achievable, other position-based cryptographic schemes are possible as well, such as secure position-based authentication and position-based key agreement.

💡 Research Summary

The paper investigates the feasibility of position‑based cryptography (PBC) in the quantum setting, where a party’s geographic location is intended to serve as its sole credential. The authors explore two opposite adversarial models and derive both impossibility and possibility results.

First, they consider an extremely powerful adversary that may share an arbitrarily large entangled quantum state before the protocol begins. Under this assumption they construct a distributed unitary protocol: the colluding attackers, each holding a part of the entangled resource, can locally apply quantum operations and exchange a single round of classical messages to implement any global unitary on a state that is shared among the honest verifiers. This capability lets the attackers simulate the honest prover at the claimed location, because they can instantly “teleport” the quantum challenge and response between distant points using the pre‑shared entanglement. Consequently, any position‑verification scheme of a very general form—essentially any protocol that relies only on timing and the inability to clone quantum states—can be broken. The result establishes an information‑theoretic impossibility: if unlimited entanglement is available to the adversary, secure position verification is impossible.

Next, the authors turn to a restricted model in which the adversary is not allowed to possess any pre‑shared entanglement, although it may perform arbitrary quantum operations locally. In this setting they design a secure position‑verification protocol that relies solely on relativistic constraints (the finite speed of light) and the no‑cloning theorem. The verifier sends a quantum challenge that can be correctly measured only at the precise location and within a narrow time window. Because the attacker cannot duplicate the quantum state without entanglement, it cannot produce the correct response from two separated points simultaneously. The verifier checks the timing of the response; any deviation beyond the allowed window leads to rejection. A rigorous security proof shows that the cheating probability decays exponentially with the number of qubits in the challenge, guaranteeing unconditional security under the zero‑entanglement assumption.

Having established a setting where position verification is possible, the paper proceeds to demonstrate several derived cryptographic primitives:

• Position‑based secure communication – a protocol that enables two parties to exchange confidential messages over an insecure channel without any pre‑shared secret, with the guarantee that only a receiver located at the verified position can recover the plaintext.
• Position‑based authentication – a scheme where a prover can prove it is at a specific location, which can be used as a substitute for traditional credential systems.
• Position‑based key agreement – a method for two verifiers to generate a shared secret key that can be used only by a party situated at the authenticated position.

All these constructions inherit their security from the underlying position‑verification protocol and thus share the same entanglement‑free guarantee.

The authors conclude by highlighting an important open problem: the “bounded‑entanglement” regime. Realistic adversaries may have only a limited amount of entanglement, and it remains unknown whether secure PBC can be achieved when the amount of shared entanglement is below some threshold. This question bridges quantum information theory (quantifying the power of limited entanglement) and practical considerations such as noise, timing precision, and device imperfections.

In summary, the paper delivers a stark dichotomy: unlimited pre‑shared entanglement renders any quantum position‑verification scheme insecure, while the complete absence of entanglement permits unconditional security and enables a suite of position‑based cryptographic applications. The work thus clarifies the fundamental limits of quantum PBC and sets a clear agenda for future research on entanglement‑bounded security models.