Quantum Token for Network Authentication

Abstract

Classical token-based authentication can play a significant role in the web security check without accessing the database. For example, JSON Web Tokens (JWT) has been used to support scenarios such as single-sign-on. However, with the development of quantum computer, the security of JWT relying on the RSA algorithm would be compromised. Therefore, we propose a protocol to realize network authentication utilizing quantum token. Inspired by the structure of classical JWT, the structure of quantum token also consists of three parts: header, payload and quantum information. After the user logs in successfully, the quantum token can be issued by the server. If the user presents the quantum token to access again during the validity period, the server can verify whether the quantum token is valid. Our quantum token protocol can detect eavesdropping and achieve identity authentication. We also conduct a security analysis of the proposed protocol by addressing possible motives of an Eavesdropper and conclude the approach to be resilient against a broad range of attacks.