Quantum Readout PUFs (QR-PUFs) have been proposed as a technique for remote authentication of objects. The security is based on basic quantum information theoretic principles and the assumption that the adversary cannot losslessly implement arbitrary unitary transformations on a K-dimensional state space, with K ‘large’. We consider all possible attacks in which the adversary bases his response on challenge state estimation by measurements. We first analyze the security of QR-PUF schemes in the case where each challenge consists of precisely n identical quanta. We use a result by Bruß and Macchiavello to derive an upper bound on the adversary’s success probability as a function of K and n. Then we generalize to challenges that contain a probabilistic number of quanta, and in particular a Poisson distribution.