Results 1 
3 of
3
Quantum Money from Hidden Subspaces
"... Forty years ago, Wiesner pointed out that quantum mechanics raises the striking possibility of money that cannot be counterfeited according to the laws of physics. We propose the first quantum money scheme that is (1) publickey—meaning that anyone can verify a banknote as genuine, not only the bank ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
Forty years ago, Wiesner pointed out that quantum mechanics raises the striking possibility of money that cannot be counterfeited according to the laws of physics. We propose the first quantum money scheme that is (1) publickey—meaning that anyone can verify a banknote as genuine, not only the bank that printed it, and (2) cryptographically secure, under a “classical ” hardness assumption that has nothing to do with quantum money. Our scheme is based on hidden subspaces, encoded as the zerosets of random multivariate polynomials. A main technical advance is to show that the “blackbox ” version of our scheme, where the polynomials are replaced by classical oracles, is unconditionally secure. Previously, such a result had only been known relative to a quantum oracle (and even there, the proof was never published). Even in Wiesner’s original setting—quantum money that can only be verified by the bank— we are able to use our techniques to patch a major security hole in Wiesner’s scheme. We give the first privatekey quantum money scheme that allows unlimited verifications and that remains unconditionally secure, even if the counterfeiter can interact adaptively with the bank. Our money scheme is simpler than previous publickey quantum money schemes, including a knotbased scheme of Farhi et al. The verifier needs to perform only two tests, one in the standard basis and one in the Hadamard basis—matching the original intuition for quantum money, based on the existence of complementary observables. Our security proofs use a new variant of Ambainis’s quantum adversarymethod, and several other tools that might be of independent interest. 1
An adaptive attack on Wiesner’s quantum money,” arXiv:1404.1507 [quantph
"... Unlike classical money, which is hard to forge for practical reasons (e.g. producing paper with a certain property), quantum money is attractive because its security might be based on the nocloning theorem. The first quantum money scheme was introduced by Wiesner circa 1970. Although more sophistic ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Unlike classical money, which is hard to forge for practical reasons (e.g. producing paper with a certain property), quantum money is attractive because its security might be based on the nocloning theorem. The first quantum money scheme was introduced by Wiesner circa 1970. Although more sophisticated quantum money schemes were proposed, Wiesner’s scheme remained appealing because it is both conceptually clean and relatively easy to implement. We show an efficient adaptive attack on Wiesner’s quantum money scheme [Wie83] (and its variant by Bennett et al. [BBBW83]), when valid money is accepted and passed on, while invalid money is destroyed. Our approach is based on interactionfree measurement and the quantum Zeno effect, also known as ElitzurVaidman’s bomb tester. It allows us to break Wiesner’s scheme with 4 possible states per qubit, as well as against generalizations which use more than 4 states per qubit. 1
Quantum Money from Hidden Subspaces (Extended Abstract)
 STOC’12, MAY 19–22, 2012
, 2012
"... Forty years ago, Wiesner pointed out that quantum mechanics raises the striking possibility of money that cannot be counterfeited according to the laws of physics. We propose the first quantum money scheme that is (1) publickey—meaning that anyone can verify a banknote as genuine, not only the bank ..."
Abstract
 Add to MetaCart
Forty years ago, Wiesner pointed out that quantum mechanics raises the striking possibility of money that cannot be counterfeited according to the laws of physics. We propose the first quantum money scheme that is (1) publickey—meaning that anyone can verify a banknote as genuine, not only the bank that printed it, and (2) cryptographically secure, under a “classical” hardness assumption that has nothing to do with quantum money. Our scheme is based on hidden subspaces, encoded as the zerosets of random multivariate polynomials. A main technical advance is to show that the “blackbox” version of our scheme, where the polynomials are replaced by classical oracles, is unconditionally secure. Previously, such a result had only been known relative to a quantum oracle (and even there, the proof was never published). Even in Wiesner’s original setting—quantum money that can only be verified by the bank—we are able to use our techniques to patch a major security hole in Wiesner’s scheme. We give the first privatekey quantum money scheme that allows unlimited verifications and that remains unconditionally secure, even if the counterfeiter can interact adaptively with the bank. Our money scheme is simpler than previous publickey quantum money schemes, including a knotbased scheme of Farhi et al. The verifier needs to perform only two tests, one in the standard basis and one in the Hadamard basis— matching the original intuition for quantum money, based on the existence of complementary observables. Our security proofs use a new variant of Ambainis’s