SpringerLink
Log in

Quantum Lightning Never Strikes the Same State Twice. Or: Quantum Money from Cryptographic Assumptions

  • Published:
Journal of Cryptology Aims and scope Submit manuscript

    We’re sorry, something doesn't seem to be working properly.

    Please try refreshing the page. If that doesn't work, please contact support so we can address the problem.

Abstract

Public key quantum money can be seen as a version of the quantum no-cloning theorem that holds even when the quantum states can be verified by the adversary. In this work, we investigate quantum lightning, a formalization of “collision-free quantum money” defined by Lutomirski et al. [ICS’10], where no-cloning holds even when the adversary herself generates the quantum state to be cloned. We then study quantum money and quantum lightning, showing the following results:

  • We demonstrate the usefulness of quantum lightning beyond quantum money by showing several potential applications, such as generating random strings with a proof of entropy, to completely decentralized cryptocurrency without a blockchain where transactions are instantaneous and local.

  • We give win–win results for quantum money/lightning, showing that either signatures/hash functions/commitment schemes meet very strong recently proposed notions of security, or they yield quantum money or lightning. Given the difficulty in constructing public key quantum money, this suggests that natural schemes do attain strong security guarantees.

  • We show that instantiating the quantum money scheme of Aaronson and Christiano [STOC’12] with indistinguishability obfuscation that is secure against quantum computers yields a secure quantum money scheme. This construction can be seen as an instance of our win–win result for signatures, giving the first separation between two security notions for signatures from the literature.

  • Finally, we give a plausible construction for quantum lightning, which we prove secure under an assumption related to the multicollision resistance of degree-2 hash functions. Our construction is inspired by our win–win result for hash functions and yields the first plausible standard model instantiation of a non-collapsing collision-resistant hash function. This improves a result of Unruh [Eurocrypt’16] which is relative to a quantum oracle.

Thus, we provide the first constructions of public key quantum money from several cryptographic assumptions. Along the way, we develop several new techniques including a new precise variant of the no-cloning theorem.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

Notes

  1. Assuming a classical authenticated channel.

  2. Garg et al. only actually discuss message authentication codes, but the same idea applies to signatures.

  3. Technically, there is a slight gap due to the difference between non-negligible and inverse polynomial. Essentially what we show is that the theorem holds for fixed values of the security parameter, but whether (1) or (2) happens may vary across different security parameters.

  4. That is, the oracle itself performs quantum operations.

  5. Technically, Garg et al. only study message authentication codes, but their discussion applies to signatures as well. Subsequent work [7] has also explored the case of signatures more thoroughly.

  6. The subsequent work of [7] gives a different notion of security called blind “unforgeability” that also combats these issues. We leave it as an open problem to extend our win–win results to their definition.

References

  1. S. Aaronson, Limitations of quantum advice and one-way communication, in Proceedings. 19th IEEE Annual Conference on Computational Complexity, 2004. (IEEE, 2004), pp. 320–332.

  2. S. Aaronson, Quantum copy-protection and quantum money, in Proceedings of the 2009 24th Annual IEEE Conference on Computational Complexity, CCC ’09 (IEEE Computer Society, Washington, DC, 2009) pp. 229–242.

  3. M.R. Albrecht, S. Bai, L. Ducas, A subfield lattice attack on overstretched NTRU assumptions - cryptanalysis of some FHE and graded encoding schemes, in M. Robshaw, J. Katz (eds.) Advances in Cryptology—CRYPTO 2016, Part I, volume 9814 of Lecture Notes in Computer Science, Santa Barbara, CA, USA, August 14–18, 2016 (Springer, Heidelberg, 2016), pp. 153–178

  4. S. Aaronson, P. Christiano, Quantum money from hidden subspaces, in H.J. Karloff, T. Pitassi (eds.) 44th Annual ACM Symposium on Theory of Computing, New York, NY, USA, May 19–22, 2012 (ACM Press, New York), pp. 41–60

  5. R. Amos, M. Georgiou, A. Kiayias, M. Zhandry, One-shot signatures and applications to hybrid quantum/classical authentication, in Proceedings of STOC 2020 (2020)

  6. B. Applebaum, N. Haramaty, Y. Ishai, E. Kushilevitz, V. Vaikuntanathan, Low-complexity cryptographic hash functions, in C.H. Papadimitriou (ed.) ITCS 2017: 8th Innovations in Theoretical Computer Science Conference, Berkeley, CA, USA, January 9–11, 2017, vol. 4266 (LIPIcs, 2017), pp. 7:1–7:31

  7. G. Alagic, C. Majenz, A. Russell, F. Song, Quantum-access-secure message authentication via blind-unforgeability, in A. Canteaut, Y. Ishai (eds.) Advances in Cryptology—EUROCRYPT 2020, Part III, volume 12107 of Lecture Notes in Computer Science, Zagreb, Croatia, May 10–14, 2020 (Springer, Heidelberg, 2020), pp. 788–817

  8. A. Ambainis, A. Rosmanis, D. Unruh, Quantum attacks on classical proof systems: the hardness of quantum rewinding, in 55th Annual Symposium on Foundations of Computer Science, Philadelphia, PA, USA, October 18–21, 2014 (IEEE Computer Society Press, Washington, DC, 2014), pp. 474–483

  9. C.H. Bennett, G. Brassard, Quantum public key distribution reinvented. SIGACT News 18(4), 51–53 (1987)

    Article  Google Scholar 

  10. C.H. Bennett, E. Bernstein, G. Brassard, U. Vazirani, Strengths and weaknesses of quantum computing. SIAM J. Comput. 26(5), 1510–1523 (1997)

    Article  MathSciNet  Google Scholar 

  11. Z. Brakerski, P. Christiano, U. Mahadev, U.V. Vazirani, T. Vidick, A cryptographic test of quantumness and certifiable randomness from a single quantum device, in M. Thorup (ed.) 59th Annual Symposium on Foundations of Computer Science, Paris, France, October 7–9, 2018 (IEEE Computer Society Press, Washington, DC), pp. 320–331

  12. E. Boyle, K.-M. Chung, R. Pass, On extractability obfuscation, in Y. Lindell (ed.) TCC 2014: 11th Theory of Cryptography Conference, volume 8349 of Lecture Notes in Computer Science, San Diego, CA, USA, February 24–26, 2014 (Springer, Heidelberg, 2014), pp. 52–73

  13. S. Ben-David, O. Sattath, Quantum tokens for digital signatures (2016)

  14. B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S.P. Vadhan, K. Yang, On the (im)possibility of obfuscating programs, in J. Kilian (ed.) Advances in Cryptology—CRYPTO 2001, volume 2139 of Lecture Notes in Computer Science, Santa Barbara, CA, USA, August 19–23, 2001 (Springer, Heidelberg, 2001), pp. 1–18

  15. J. Bartusek, J. Guan, F. Ma, M. Zhandry, Return of GGH15: provable security against zeroizing attacks, in A. Beimel, S. Dziembowski (eds.) TCC 2018: 16th Theory of Cryptography Conference, Part II, volume 11240 of Lecture Notes in Computer Science, Panaji, India, November 11–14, 2018 (Springer, Heidelberg, 2018), pp. 544–574

  16. Z. Brakerski, V. Vaikuntanathan, H. Wee, D. Wichs, Obfuscating conjunctions under entropic ring LWE, in M. Sudan (ed.) ITCS 2016: 7th Conference on Innovations in Theoretical Computer Science, Cambridge, MA, USA, January 14–16, 2016 (Association for Computing Machinery), pp. 147–156

  17. D. Boneh, M. Zhandry, Quantum-secure message authentication codes, in T. Johansson, P.Q. Nguyen (eds,) Advances in Cryptology—EUROCRYPT 2013, volume 7881 of Lecture Notes in Computer Science, Athens, Greece, May 26–30, 2013 (Springer, Heidelberg, 2013), pp. 592–608

  18. D. Boneh, M. Zhandry, Secure signatures and chosen ciphertext security in a quantum computing world, in R. Canetti, J.A. Garay (eds.) Advances in Cryptology—CRYPTO 2013, Part II, volume 8043 of Lecture Notes in Computer Science, Santa Barbara, CA, USA, August 18–22, 2013 (Springer, Heidelberg, 2013), pp. 361–379

  19. R. Cramer, L. Ducas, C. Peikert, O. Regev, Recovering short generators of principal ideals in cyclotomic rings, in M. Fischlin, J.-S. Coron (eds.) Advances in Cryptology—EUROCRYPT 2016, Part II, volume 9666 of Lecture Notes in Computer Science, Vienna, Austria, May 8–12, 2016 (Springer, Heidelberg, 2016), pp. 559–585

  20. Y. Chen, C. Gentry, S. Halevi, Cryptanalyses of candidate branching program obfuscators, in J.-S. Coron, J.B. Nielsen (eds.) Advances in Cryptology—EUROCRYPT 2017, Part III, volume 10212 of Lecture Notes in Computer Science, Paris, France, April 30–May 4, 2017 (Springer, Heidelberg, 2017), pp. 278–307

  21. J.H. Cheon, J. Jeong, C. Lee, An algorithm for CSPR problems and cryptanalysis of the GGH multilinear map without an encoding of zero. Technical report, Cryptology ePrint Archive, Report 2016/139 (2016)

  22. J.-S. Coron, T. Lepoint, M. Tibouchi, Practical multilinear maps over the integers, in R. Canetti, J.A. Garay (eds) Advances in Cryptology—CRYPTO 2013, Part I, volume 8042 of Lecture Notes in Computer Science, Santa Barbara, CA, USA, August 18–22, 2013 (Springer, Heidelberg, 2013), pp. 476–493

  23. R. Colbeck, Quantum and relativistic protocols for secure multi-party computation (2009)

  24. A. Coladangelo, O. Sattath, A quantum money solution to the blockchain scalability problem, Quantum 4, 297 (2020)

    Article  Google Scholar 

  25. I. Damgård, J. Funder, J.B. Nielsen, L. Salvail, Superposition attacks on cryptographic protocols, in C. Padró (ed.) ICITS 13: 7th International Conference on Information Theoretic Security, volume 8317 of Lecture Notes in Computer Science, Singapore, 2014 (Springer, Heidelberg, 2014), pp. 142–161

  26. J. Ding, B.-Y. Yang, Multivariates Polynomials for Hashing (Springer, Berlin, 2008), pp. 358–371

    MATH  Google Scholar 

  27. E. Farhi, D. Gosset, A. Hassidim, A. Lutomirski, D. Nagaj, P. Shor, Quantum state restoration and single-copy tomography for ground states of hamiltonians, Phys. Rev. Lett. 105(19), 190503 (2010)

    Article  Google Scholar 

  28. E. Farhi, D. Gosset, A. Hassidim, A. Lutomirski, P.W. Shor, Quantum money from knots, in S. Goldwasser (ed.), ITCS 2012: 3rd Innovations in Theoretical Computer Science, Cambridge, MA, USA, January 8–10, 2012 (Association for Computing Machinery, 2012), pp. 276–289

  29. D. Gavinsky, Quantum money with classical verification (2011)

  30. S. Garg, C. Gentry, S. Halevi, Candidate multilinear maps from ideal lattices, in T. Johansson, P.Q. Nguyen (eds.) Advances in Cryptology—EUROCRYPT 2013, volume 7881 of Lecture Notes in Computer Science, Athens, Greece, May 26–30, 2013 (Springer, Heidelberg, 2013), pp. 1–17

  31. S. Garg, C. Gentry, S. Halevi, M. Raykova, A. Sahai, B. Waters, Candidate indistinguishability obfuscation and functional encryption for all circuits, in 54th Annual Symposium on Foundations of Computer Science, Berkeley, CA, USA, October 26–29, 2013 (IEEE Computer Society Press, Washington, DC), pp. 40–49

  32. C. Gentry, S. Gorbunov, S. Halevi, Graph-induced multilinear maps from lattices, in Y. Dodis, J.B. Nielsen (eds.) TCC 2015: 12th Theory of Cryptography Conference, Part II, volume 9015 of Lecture Notes in Computer Science, Warsaw, Poland, March 23–25, 2015 (Springer, Heidelberg, 2015), pp. 498–527

  33. R. Goyal, V. Koppula, B. Waters, Lockable obfuscation. Cryptology ePrint Archive, Report 2017/274 (2017). http://eprint.iacr.org/2017/274.

  34. S. Garg, H. Yuen, M. Zhandry, New security notions and feasibility results for authentication of quantum data, in J. Katz, H. Shacham (eds.) Advances in Cryptology—CRYPTO 2017, Part II, volume 10402 of Lecture Notes in Computer Science, Santa Barbara, CA, USA, August 20–24, 2017 (Springer, Heidelberg), pp. 342–371

  35. M. Hayashi, Optimal sequence of povms in the sense of stein’s lemma in quantum hypothesis testing. ar**v preprint quant-ph/0107004 (2001)

  36. A. Lutomirski, S. Aaronson, E. Farhi, D. Gosset, J.A. Kelner, A. Hassidim, P.W. Shor, Breaking and making quantum money: toward a new quantum cryptographic protocol, in A.C.-C. Yao (ed.) ICS 2010: 1st Innovations in Computer Science, Tsinghua University, Bei**g, China, January 5–7, 2010 (Tsinghua University Press, Bei**g, 2010), pp. 20–31

  37. A. Lutomirski, An online attack against wiesner’s quantum money (2010)

  38. Q. Liu, M. Zhandry, Revisiting post-quantum Fiat-Shamir, in A. Boldyreva, D. Micciancio (eds.) Advances in Cryptology—CRYPTO 2019, Part II, volume 11693 of Lecture Notes in Computer Science, Santa Barbara, CA, USA, August 18–22, 2019 (Springer, Heidelberg, 2019), pp. 326–355

  39. D. Micciancio, O. Regev, Worst-case to average-case reductions based on gaussian measures. SIAM J. Comput. 37(1), 267–302 (2007)

    Article  MathSciNet  Google Scholar 

  40. M. Mosca, D. Stebila, Quantum coins. 523, 35–47 (2010)

  41. M.C. Pena, J.-C. Faugère, L. Perret, Algebraic cryptanalysis of a quantum money scheme: the noise-free case, in J. Katz (ed.) PKC 2015: 18th International Conference on Theory and Practice of Public Key Cryptography, volume 9020 of Lecture Notes in Computer Science, Gaithersburg, MD, USA, March 30–April 1, 2015 (Springer, Heidelberg, 2015), pp. 194–213

  42. O. Regev, On lattices, learning with errors, random linear codes, and cryptography, in H.N. Gabow, R. Fagin (eds.) 37th Annual ACM Symposium on Theory of Computing, Baltimore, MA, USA, May 22–24, 2005 (ACM Press, New York), pp. 84–93

  43. S.R.R. Leander, F. Wiemer. Personal communication (2019)

  44. B. Roberts, Toward secure quantum money (2019)

  45. D. Unruh, Revocable quantum timed-release encryption, in P.Q. Nguyen, E. Oswald (eds.) Advances in Cryptology—EUROCRYPT 2014, volume 8441 of Lecture Notes in Computer Science, Copenhagen, Denmark, May 11–15, 2014 (Springer, Heidelberg, 2014), pp. 129–146

  46. Dominique Unruh. Computationally binding quantum commitments, in M. Fischlin, J.-S. Coron, (eds.) Advances in Cryptology—EUROCRYPT 2016, Part II, volume 9666 of Lecture Notes in Computer Science, Vienna, Austria, May 8–12, 2016 (Springer, Heidelberg, 2016), pp. 497–527

  47. S. Wiesner, Conjugate coding. SIGACT News 15(1), 78–88 (1983)

    Article  Google Scholar 

  48. A. Winter, Coding theorem and strong converse for quantum channels. IEEE Trans. Inf. Theor. 45(7), 2481–2485 (1999)

    Article  MathSciNet  Google Scholar 

  49. D. Wichs, G. Zirdelis, Obfuscating compute-and-compare programs under LWE. Cryptology ePrint Archive, Report 2017/276 (2017). http://eprint.iacr.org/2017/276.

Download references

Author information

Authors and Affiliations

  1. Princeton University and NTT Research, Princeton, USA

    Mark Zhandry

Authors
  1. Mark Zhandry
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mark Zhandry.

Additional information

Communicated by Serge Fehr

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Zhandry, M. Quantum Lightning Never Strikes the Same State Twice. Or: Quantum Money from Cryptographic Assumptions. J Cryptol 34, 6 (2021). https://doi.org/10.1007/s00145-020-09372-x

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s00145-020-09372-x

Keywords

Search

Navigation