On the Security of Password-Authenticated Quantum Key Exchange

Motivated by the Quantum Key Distribution (QKD) protocol, introduced in 1984 in the seminal paper of Bennett and Brassard, we investigate in this paper the achievability of unconditionally secure password-authenticated quantum key exchange (quantum PAKE), where the authentication is implemented by the means of human-memorable passwords. We first show a series of impossibility results forbidding the achievement of very strong security, leaving open the feasibility of achieving a weaker security notion. We then answer this open question positively by presenting a construction for quantum PAKE that provably achieves everlasting security in the simulation-based model. Everlasting security is a security notion introduced by M\"uller-Quade and Unruh in 2007, which implies unconditional security after the execution of the protocol and only reduces the power of the adversary to be computational during the execution of the protocol, which seems quite a reasonable assumption for nowadays practical use-cases.