Quantum Money with Classical Verification

We propose and construct a quantum money scheme that allows verification through classical communication with a bank. This is the first demonstration that a secure quantum money scheme exists that does not require quantum communication for coin verification. Our scheme is secure against adaptive adversaries - this property is not directly related to the possibility of classical verification, nevertheless none of the earlier quantum money constructions is known to possess it.

💡 Research Summary

The paper “Quantum Money with Classical Verification” introduces a novel quantum‑money construction, called Q‑Coin, that can be verified using only classical communication with a bank. Historically, quantum money schemes—starting with Wiesner’s original proposal—required the physical coin to be returned to the bank or to involve a quantum channel during verification. This reliance on quantum communication limited practical deployment and left the schemes vulnerable to certain adaptive attacks. The authors overcome these limitations by combining two key ideas: (1) a special two‑qubit quantum state derived from the Hidden Matching Problem with four‑bit inputs (HMP₄), and (2) a protocol that uses a bank‑generated random subset of these states for each verification round.

In the construction, the bank randomly selects k strings x₁,…,x_k ∈ {0,1}⁴ and prepares k independent HMP₄‑states |α(x_i)⟩ = (1/2)∑{j=1}⁴ (−1)^{x{i,j}}|j⟩. Each state lives in a two‑qubit register attached to a paper token that also contains a unique identifier and a k‑bit classical register P initially set to all zeros. The classical register records which quantum registers have already been used in verification.

Verification proceeds as follows: (i) the holder sends the coin’s identifier to the bank; (ii) the bank chooses uniformly at random a subset L ⊂