Using Quantum Position Verification (QPV) as an Authentication Layer

For decades, GPS has been treated as the foundation of modern positioning and navigation. It tells ships where they are, guides aircraft across continents, and underpins critical infrastructure around the world. However, GPS was built to estimate location, not to prove location. The signal GPS uses to identify location can be spoofed, relayed, and manipulated; even a perfectly functioning receiver can be made to report a false position.

The distinction between locating an asset and verifying where it truly is has become an important security gap within modern communications. Quantum Position Verification (QPV) addresses that gap by approaching location authentication as a problem of physics, not just computation, and creating a path toward cryptographically-grounded proof-of-place for the next generation of secure communications. QPV offers a method of proving that an endpoint is where it claims to be, using properties of quantum information that adversaries simply cannot copy and relay. As secure communications move into the quantum era, this capability could become a critical layer in how we authenticate infrastructure, protect networks, and establish trust in the physical world.

QPV can be used to limit access to specific critical resources. As a concrete example, it is incredibly valuable to be able to guarantee that something like nuclear infrastructure is only accessible to personnel located in a secure government building.

Global Navigation Satellite Systems (GNSS), including GPS, work by broadcasting precise timing signals from satellites in orbit. A receiver gathers those signals from multiple satellites and calculates its apparent position. That estimate is enormously useful. It enables navigation, synchronization, logistics, and a host of services that modern economies depend on every day. The output of a GPS receiver is still just an estimate based on the signals it receives. It is not proof that those signals are authentic. If a receiver locks onto manipulated signals, it can compute the wrong position while continuing to operate exactly as designed. From the receiver’s perspective, it is still solving the same problem. It has no native way to determine whether the signals really came from the satellites they claim to represent, or from an attacker transmitting false signals nearby.

Positioning is not the same thing as verification. GPS can tell a device where it appears to be. It cannot, by itself, prove that the reported location is accurate. At first glance, location verification sounds straightforward. If you want to confirm that an asset is at a particular location, you can send it a challenge and measure how quickly the response comes back. If the answer arrives on time and is correct, that seems like strong evidence that the asset is where it claims to be.

The problem is that in a classical system, information can be copied and relayed perfectly.

That opens the door to a relay attack. Two adversaries can work together from outside the claimed location. One intercepts the verifier’s challenge and relays it to a collaborator positioned elsewhere. The collaborator computes the correct response and returns it in time to satisfy the protocol’s timing constraints. To the verifier, the answer looks valid. It is correct, and it arrives when expected. But it did not originate from the claimed position and can cause ships and aircraft to end up in unintended places.

This vulnerability to the relay attack does not disappear with more elaborate software, stronger cryptography, or additional engineering layers. Those tools can authenticate identities and protect data. They cannot stop perfectly copyable classical information from being intercepted and relayed by colluding adversaries. Quantum Position Verification changes the problem by changing the kind of information that is sent.

Instead of relying entirely on classical bits, QPV introduces a quantum state as part of the verification challenge. Quantum information behaves differently from classical information. In particular, an unknown quantum state cannot be copied perfectly. This is a consequence of the no-cloning theorem, one of the foundational results of quantum mechanics.

This property of quantum information changes the security model. A classical attacker can intercept a bit, duplicate it, and forward copies to collaborators with no penalty. An attacker who intercepts a qubit does not have that option. They can try to hold it, or they can try to forward it, but they cannot make a perfect duplicate and do both. The relay attack no longer works in the same way when the challenge includes information that cannot be cloned. QPV introduces a physical constraint that adversaries cannot code their way around.

A natural objection to the security claims of QPV is whether quantum teleportation could give attackers a workaround. If they cannot copy a qubit, could they teleport it to a collaborator and still cheat the protocol? In theory, teleportation can move quantum information without physically carrying the original particle from one place to another. But that does not eliminate the practical constraints that QPV relies on.

Teleportation requires pre-shared entanglement between the attackers. It also requires classical communication to complete the process, and classical communication still obeys ordinary timing limits. Most importantly, teleportation does not create an extra copy of the original state. The original qubit is consumed in the process. For that reason, teleportation does not restore the classical attack model. In QPV, the resources needed to mount a successful teleportation-based attack grow exponentially as the protocol becomes more complex, making the attack operationally unrealistic at any meaningful scale.

That does not mean QPV is ready to solve every positioning problem immediately. The near-term opportunity is more specific and more practical: endpoint authentication in quantum networks. Quantum Key Distribution, or QKD, allows two parties to establish shared keys with security rooted in quantum physics. But QKD still depends on knowing that each endpoint is actually the endpoint it claims to be. In other words, even quantum-secure key exchange still needs trusted authentication.

This is where QPV becomes particularly compelling in the near term. By verifying that a QKD endpoint is physically located where it says it is, QPV can add an authentication layer without depending on pre-shared keys. Instead of anchoring trust entirely in computational assumptions or legacy credential models, QPV grounds authentication in the physical properties of quantum information itself.

It’s also important not to overstate the claim. QPV is not a universal fix for all navigation and communications threats. It does not solve GPS jamming. It does not eliminate denial-of-service risk. And it is not yet a drop-in answer for authenticating fast-moving ships, aircraft, or mobile platforms under every real-world condition. What it does offer is narrower, but extremely valuable: a way to defend against location fraud by making it virtually impossible for adversaries to fake presence at a point in spacetime. Near-term deployments are naturally suited to fixed infrastructure and controlled network environments, where timing, geometry, and transmission conditions can be engineered carefully. Over time, those capabilities will extend further.

Location is becoming a security primitive. In critical infrastructure, defense, telecom, and quantum networking, it is no longer enough to know who an endpoint claims to be. Increasingly, we also need confidence in where it actually is. For years, secure communications has focused on protecting data in transit and authenticating identities at the endpoints. QPV represents the next step, authenticating the location itself.