Quantum-Secure Authentication with a Classical Key

Authentication provides the trust people need to engage in transactions. The advent of physical keys that are impossible to copy promises to revolutionize this field. Up to now, such keys have been verified by classical challenge-response protocols. Such protocols are in general susceptible to emulation attacks. Here we demonstrate Quantum-Secure Authentication ("QSA") of an unclonable classical physical key in a way that is inherently secure by virtue of quantum-physical principles. Our quantum-secure authentication operates in the limit of a large number of channels, represented by the more than thousand degrees of freedom of an optical wavefront shaped with a spatial light modulator. This allows us to reach quantum security with weak coherent pulses of light containing dozens of photons, too few for an adversary to determine their complex spatial shapes, thereby rigorously preventing emulation.