Quantum money is a cryptographic protocol in which a mint can produce a quantum state, no one else can copy the state, and anyone (with a quantum computer) can verify that the state came from the mint. We present a concrete quantum money scheme based on superpositions of diagrams that encode oriented links with the same Alexander polynomial. We expect our scheme to be secure against computationally bounded adversaries.
Deep Dive into Quantum money from knots.
Quantum money is a cryptographic protocol in which a mint can produce a quantum state, no one else can copy the state, and anyone (with a quantum computer) can verify that the state came from the mint. We present a concrete quantum money scheme based on superpositions of diagrams that encode oriented links with the same Alexander polynomial. We expect our scheme to be secure against computationally bounded adversaries.
In this paper, we present quantum money based on knots (see Figure 1). The purported security of our quantum money scheme is based on the assumption that given two different looking but equivalent knots, it is difficult to explicitly find a transformation that takes one to the other. One of the problems in classical security is that information can be copied: passwords can be stolen, songs can be pirated, and when you email an attachment, you still have the original. One implication is that E-commerce requires communicating with a server (e.g. the credit card company or PayPal) whenever one makes a transaction. One could hope that the no-cloning theorem would help circumvent this and enable a physical quantum state to function like money. Such money could be used in transactions both in person and on a future "Quantum Internet", not requiring contact with a central authority. As we will see, quantum money is harder to forge than the paper bills in our wallets. In order for a quantum state to function as money, we require that:
The mint can produce it.
Anyone can verify it. That is, there is an efficient measurement that anyone (with a quantum device) can perform on a quantum money state that accepts genuine money with high probability and without significantly damaging the money.
No one can forge it. That is, no one but the mint can efficiently produce states that are accepted by the verifier with better than exponentially small probability. In particular, it should not be possible to copy a bill.
A quantum money scheme has two components: pieces of quantum money and an algorithm M that verifies quantum money. A piece of quantum money consists of a classical serial number p (authenticated as coming from the mint) along with an associated quantum state |$ p on n qubits. The verification algorithm M takes as input a quantum state |φ and a serial number q and then decides whether or not the pair (q, |φ ) is a piece of quantum money. If the outcome is “good money” then the verifier also returns the state |φ undamaged so it can be used again. We now formalize each of the above requirements:
There is a polynomial-time algorithm that produces both a quantum money state |$ p and an associated serial number p.
Running the verification algorithm M with inputs p and |$ p returns "good money" and does not damage |$ p . Furthermore, anyone with access to a quantum computer (for example a merchant) can run the verification algorithm M .
Given one piece of quantum money (p, |$ p ), it is hard to generate a quantum state |ψ on 2n qubits such that each part of |ψ (along with the original serial number p) passes the verification algorithm.
What stops anyone other than the mint, using the same algorithm as the mint, from producing counterfeit money states? This is why the serial number needs to be authenticated. When the mint does a production run it produces a set of pairs (p, |$ p ). In our quantum money scheme, the mint does not in advance choose the serial numbers, but rather they are produced by a random process. A rogue mint running the same algorithm as the mint can produce a new set of money pairs, but (with high probability) none of the serial numbers will match those that the mint originally produced. A simple way to ensure security is for the mint to publish the list of valid serial numbers and for the merchant to check against this list to see if the serial number from the tendered money is authentic.
An alternative to publishing a list of serial numbers is for the money state to come with a digital signature of the serial number. There are known classical digital signature protocols that allow anyone who knows the mint’s “public key” to verify that a serial number is one that the mint did indeed produce. Still, the authenticated description of the serial number can easily be copied and this is where the quantum security comes into play: knowledge of the serial number p does not allow one to copy the associated quantum state |$ p . In the remainder of this paper, we assume that anyone verifying quantum money will also check the authentication of the serial number.
We can imagine two different ways to use quantum money for commerce. If we had the technology to print a quantum state onto a piece of paper, then we could use quantum money protocols to enhance the security of paper money against forgery. Alternatively, people could use quantum money states on their personal quantum computers to conduct business either in person or over a quantum Internet. If small portable quantum computers were available (imagine quantum smart phones or quantum debit cards), then it would be easy to buy things with quantum money instead of paper money.
For these uses, the “quantum money” seen by an end-user would either be a file on a quantum computer or a physical piece of money with a quantum state somehow attached.
The idea of quantum money was introduced by Wiesner in 1969, where he proposed using the no
…(Full text truncated)…
This content is AI-processed based on ArXiv data.
