To address the challenges of secure physical-digital binding, poor real-time performance, and centralized trust dependency in dynamic adversarial environments for digital twins (DTs), this paper proposes the first physically rooted zero-knowledge authentication framework. Our method innovatively integrates Schnorr zero-knowledge proofs with elliptic curve cryptography to construct a lightweight, decentralized, bidirectional challenge-response protocol that requires no pre-shared keys and enables real-time verifiable synchronization between physical entities and their digital twins. Experimental evaluation demonstrates a 4.5× reduction in authentication latency, a 4× decrease in energy consumption, and over a 10× improvement in false-acceptance rate compared to baseline approaches. The framework significantly enhances the co-optimization of security and efficiency in large-scale urban IoT deployments, establishing a novel paradigm for trustworthy DT implementation in smart cities.

Digital twin (DT) technology is rapidly becoming essential for smart city ecosystems, enabling real-time synchronisation and autonomous decision-making across physical and digital domains. However, as DTs take active roles in control loops, securely binding them to their physical counterparts in dynamic and adversarial environments remains a significant challenge. Existing authentication solutions either rely on static trust models, require centralised authorities, or fail to provide live and verifiable physical-digital binding, making them unsuitable for latency-sensitive and distributed deployments. To address this gap, we introduce PRZK-Bind, a lightweight and decentralised authentication protocol that combines Schnorr-based zero-knowledge proofs with elliptic curve cryptography to establish secure, real-time correspondence between physical entities and DTs without relying on pre-shared secrets. Simulation results show that PRZK-Bind significantly improves performance, offering up to 4.5 times lower latency and 4 times reduced energy consumption compared to cryptography-heavy baselines, while maintaining false acceptance rates more than 10 times lower. These findings highlight its suitability for future smart city deployments requiring efficient, resilient, and trustworthy DT authentication.