Abstract
Public key quantum money can be seen as a version of the quantum no-cloning theorem that holds even when the quantum states can be verified by the adversary. In this work, we investigate quantum lightning, a formalization of “collision-free quantum money” defined by Lutomirski et al. [ICS’10], where no-cloning holds even when the adversary herself generates the quantum state to be cloned. We then study quantum money and quantum lightning, showing the following results:
-
We demonstrate the usefulness of quantum lightning beyond quantum money by showing several potential applications, such as generating random strings with a proof of entropy, to completely decentralized cryptocurrency without a blockchain where transactions are instantaneous and local.
-
We give win–win results for quantum money/lightning, showing that either signatures/hash functions/commitment schemes meet very strong recently proposed notions of security, or they yield quantum money or lightning. Given the difficulty in constructing public key quantum money, this suggests that natural schemes do attain strong security guarantees.
-
We show that instantiating the quantum money scheme of Aaronson and Christiano [STOC’12] with indistinguishability obfuscation that is secure against quantum computers yields a secure quantum money scheme. This construction can be seen as an instance of our win–win result for signatures, giving the first separation between two security notions for signatures from the literature.
-
Finally, we give a plausible construction for quantum lightning, which we prove secure under an assumption related to the multicollision resistance of degree-2 hash functions. Our construction is inspired by our win–win result for hash functions and yields the first plausible standard model instantiation of a non-collapsing collision-resistant hash function. This improves a result of Unruh [Eurocrypt’16] which is relative to a quantum oracle.
Thus, we provide the first constructions of public key quantum money from several cryptographic assumptions. Along the way, we develop several new techniques including a new precise variant of the no-cloning theorem.
Similar content being viewed by others
Notes
Assuming a classical authenticated channel.
Garg et al. only actually discuss message authentication codes, but the same idea applies to signatures.
Technically, there is a slight gap due to the difference between non-negligible and inverse polynomial. Essentially what we show is that the theorem holds for fixed values of the security parameter, but whether (1) or (2) happens may vary across different security parameters.
That is, the oracle itself performs quantum operations.
Technically, Garg et al. only study message authentication codes, but their discussion applies to signatures as well. Subsequent work [7] has also explored the case of signatures more thoroughly.
The subsequent work of [7] gives a different notion of security called blind “unforgeability” that also combats these issues. We leave it as an open problem to extend our win–win results to their definition.
References
S. Aaronson, Limitations of quantum advice and one-way communication, in Proceedings. 19th IEEE Annual Conference on Computational Complexity, 2004. (IEEE, 2004), pp. 320–332.
S. Aaronson, Quantum copy-protection and quantum money, in Proceedings of the 2009 24th Annual IEEE Conference on Computational Complexity, CCC ’09 (IEEE Computer Society, Washington, DC, 2009) pp. 229–242.
M.R. Albrecht, S. Bai, L. Ducas, A subfield lattice attack on overstretched NTRU assumptions - cryptanalysis of some FHE and graded encoding schemes, in M. Robshaw, J. Katz (eds.) Advances in Cryptology—CRYPTO 2016, Part I, volume 9814 of Lecture Notes in Computer Science, Santa Barbara, CA, USA, August 14–18, 2016 (Springer, Heidelberg, 2016), pp. 153–178
S. Aaronson, P. Christiano, Quantum money from hidden subspaces, in H.J. Karloff, T. Pitassi (eds.) 44th Annual ACM Symposium on Theory of Computing, New York, NY, USA, May 19–22, 2012 (ACM Press, New York), pp. 41–60
R. Amos, M. Georgiou, A. Kiayias, M. Zhandry, One-shot signatures and applications to hybrid quantum/classical authentication, in Proceedings of STOC 2020 (2020)
B. Applebaum, N. Haramaty, Y. Ishai, E. Kushilevitz, V. Vaikuntanathan, Low-complexity cryptographic hash functions, in C.H. Papadimitriou (ed.) ITCS 2017: 8th Innovations in Theoretical Computer Science Conference, Berkeley, CA, USA, January 9–11, 2017, vol. 4266 (LIPIcs, 2017), pp. 7:1–7:31
G. Alagic, C. Majenz, A. Russell, F. Song, Quantum-access-secure message authentication via blind-unforgeability, in A. Canteaut, Y. Ishai (eds.) Advances in Cryptology—EUROCRYPT 2020, Part III, volume 12107 of Lecture Notes in Computer Science, Zagreb, Croatia, May 10–14, 2020 (Springer, Heidelberg, 2020), pp. 788–817
A. Ambainis, A. Rosmanis, D. Unruh, Quantum attacks on classical proof systems: the hardness of quantum rewinding, in 55th Annual Symposium on Foundations of Computer Science, Philadelphia, PA, USA, October 18–21, 2014 (IEEE Computer Society Press, Washington, DC, 2014), pp. 474–483
C.H. Bennett, G. Brassard, Quantum public key distribution reinvented. SIGACT News 18(4), 51–53 (1987)
C.H. Bennett, E. Bernstein, G. Brassard, U. Vazirani, Strengths and weaknesses of quantum computing. SIAM J. Comput. 26(5), 1510–1523 (1997)
Z. Brakerski, P. Christiano, U. Mahadev, U.V. Vazirani, T. Vidick, A cryptographic test of quantumness and certifiable randomness from a single quantum device, in M. Thorup (ed.) 59th Annual Symposium on Foundations of Computer Science, Paris, France, October 7–9, 2018 (IEEE Computer Society Press, Washington, DC), pp. 320–331
E. Boyle, K.-M. Chung, R. Pass, On extractability obfuscation, in Y. Lindell (ed.) TCC 2014: 11th Theory of Cryptography Conference, volume 8349 of Lecture Notes in Computer Science, San Diego, CA, USA, February 24–26, 2014 (Springer, Heidelberg, 2014), pp. 52–73
S. Ben-David, O. Sattath, Quantum tokens for digital signatures (2016)
B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S.P. Vadhan, K. Yang, On the (im)possibility of obfuscating programs, in J. Kilian (ed.) Advances in Cryptology—CRYPTO 2001, volume 2139 of Lecture Notes in Computer Science, Santa Barbara, CA, USA, August 19–23, 2001 (Springer, Heidelberg, 2001), pp. 1–18
J. Bartusek, J. Guan, F. Ma, M. Zhandry, Return of GGH15: provable security against zeroizing attacks, in A. Beimel, S. Dziembowski (eds.) TCC 2018: 16th Theory of Cryptography Conference, Part II, volume 11240 of Lecture Notes in Computer Science, Panaji, India, November 11–14, 2018 (Springer, Heidelberg, 2018), pp. 544–574
Z. Brakerski, V. Vaikuntanathan, H. Wee, D. Wichs, Obfuscating conjunctions under entropic ring LWE, in M. Sudan (ed.) ITCS 2016: 7th Conference on Innovations in Theoretical Computer Science, Cambridge, MA, USA, January 14–16, 2016 (Association for Computing Machinery), pp. 147–156
D. Boneh, M. Zhandry, Quantum-secure message authentication codes, in T. Johansson, P.Q. Nguyen (eds,) Advances in Cryptology—EUROCRYPT 2013, volume 7881 of Lecture Notes in Computer Science, Athens, Greece, May 26–30, 2013 (Springer, Heidelberg, 2013), pp. 592–608
D. Boneh, M. Zhandry, Secure signatures and chosen ciphertext security in a quantum computing world, in R. Canetti, J.A. Garay (eds.) Advances in Cryptology—CRYPTO 2013, Part II, volume 8043 of Lecture Notes in Computer Science, Santa Barbara, CA, USA, August 18–22, 2013 (Springer, Heidelberg, 2013), pp. 361–379
R. Cramer, L. Ducas, C. Peikert, O. Regev, Recovering short generators of principal ideals in cyclotomic rings, in M. Fischlin, J.-S. Coron (eds.) Advances in Cryptology—EUROCRYPT 2016, Part II, volume 9666 of Lecture Notes in Computer Science, Vienna, Austria, May 8–12, 2016 (Springer, Heidelberg, 2016), pp. 559–585
Y. Chen, C. Gentry, S. Halevi, Cryptanalyses of candidate branching program obfuscators, in J.-S. Coron, J.B. Nielsen (eds.) Advances in Cryptology—EUROCRYPT 2017, Part III, volume 10212 of Lecture Notes in Computer Science, Paris, France, April 30–May 4, 2017 (Springer, Heidelberg, 2017), pp. 278–307
J.H. Cheon, J. Jeong, C. Lee, An algorithm for CSPR problems and cryptanalysis of the GGH multilinear map without an encoding of zero. Technical report, Cryptology ePrint Archive, Report 2016/139 (2016)
J.-S. Coron, T. Lepoint, M. Tibouchi, Practical multilinear maps over the integers, in R. Canetti, J.A. Garay (eds) Advances in Cryptology—CRYPTO 2013, Part I, volume 8042 of Lecture Notes in Computer Science, Santa Barbara, CA, USA, August 18–22, 2013 (Springer, Heidelberg, 2013), pp. 476–493
R. Colbeck, Quantum and relativistic protocols for secure multi-party computation (2009)
A. Coladangelo, O. Sattath, A quantum money solution to the blockchain scalability problem, Quantum 4, 297 (2020)
I. Damgård, J. Funder, J.B. Nielsen, L. Salvail, Superposition attacks on cryptographic protocols, in C. Padró (ed.) ICITS 13: 7th International Conference on Information Theoretic Security, volume 8317 of Lecture Notes in Computer Science, Singapore, 2014 (Springer, Heidelberg, 2014), pp. 142–161
J. Ding, B.-Y. Yang, Multivariates Polynomials for Hashing (Springer, Berlin, 2008), pp. 358–371
E. Farhi, D. Gosset, A. Hassidim, A. Lutomirski, D. Nagaj, P. Shor, Quantum state restoration and single-copy tomography for ground states of hamiltonians, Phys. Rev. Lett. 105(19), 190503 (2010)
E. Farhi, D. Gosset, A. Hassidim, A. Lutomirski, P.W. Shor, Quantum money from knots, in S. Goldwasser (ed.), ITCS 2012: 3rd Innovations in Theoretical Computer Science, Cambridge, MA, USA, January 8–10, 2012 (Association for Computing Machinery, 2012), pp. 276–289
D. Gavinsky, Quantum money with classical verification (2011)
S. Garg, C. Gentry, S. Halevi, Candidate multilinear maps from ideal lattices, in T. Johansson, P.Q. Nguyen (eds.) Advances in Cryptology—EUROCRYPT 2013, volume 7881 of Lecture Notes in Computer Science, Athens, Greece, May 26–30, 2013 (Springer, Heidelberg, 2013), pp. 1–17
S. Garg, C. Gentry, S. Halevi, M. Raykova, A. Sahai, B. Waters, Candidate indistinguishability obfuscation and functional encryption for all circuits, in 54th Annual Symposium on Foundations of Computer Science, Berkeley, CA, USA, October 26–29, 2013 (IEEE Computer Society Press, Washington, DC), pp. 40–49
C. Gentry, S. Gorbunov, S. Halevi, Graph-induced multilinear maps from lattices, in Y. Dodis, J.B. Nielsen (eds.) TCC 2015: 12th Theory of Cryptography Conference, Part II, volume 9015 of Lecture Notes in Computer Science, Warsaw, Poland, March 23–25, 2015 (Springer, Heidelberg, 2015), pp. 498–527
R. Goyal, V. Koppula, B. Waters, Lockable obfuscation. Cryptology ePrint Archive, Report 2017/274 (2017). http://eprint.iacr.org/2017/274.
S. Garg, H. Yuen, M. Zhandry, New security notions and feasibility results for authentication of quantum data, in J. Katz, H. Shacham (eds.) Advances in Cryptology—CRYPTO 2017, Part II, volume 10402 of Lecture Notes in Computer Science, Santa Barbara, CA, USA, August 20–24, 2017 (Springer, Heidelberg), pp. 342–371
M. Hayashi, Optimal sequence of povms in the sense of stein’s lemma in quantum hypothesis testing. ar**v preprint quant-ph/0107004 (2001)
A. Lutomirski, S. Aaronson, E. Farhi, D. Gosset, J.A. Kelner, A. Hassidim, P.W. Shor, Breaking and making quantum money: toward a new quantum cryptographic protocol, in A.C.-C. Yao (ed.) ICS 2010: 1st Innovations in Computer Science, Tsinghua University, Bei**g, China, January 5–7, 2010 (Tsinghua University Press, Bei**g, 2010), pp. 20–31
A. Lutomirski, An online attack against wiesner’s quantum money (2010)
Q. Liu, M. Zhandry, Revisiting post-quantum Fiat-Shamir, in A. Boldyreva, D. Micciancio (eds.) Advances in Cryptology—CRYPTO 2019, Part II, volume 11693 of Lecture Notes in Computer Science, Santa Barbara, CA, USA, August 18–22, 2019 (Springer, Heidelberg, 2019), pp. 326–355
D. Micciancio, O. Regev, Worst-case to average-case reductions based on gaussian measures. SIAM J. Comput. 37(1), 267–302 (2007)
M. Mosca, D. Stebila, Quantum coins. 523, 35–47 (2010)
M.C. Pena, J.-C. Faugère, L. Perret, Algebraic cryptanalysis of a quantum money scheme: the noise-free case, in J. Katz (ed.) PKC 2015: 18th International Conference on Theory and Practice of Public Key Cryptography, volume 9020 of Lecture Notes in Computer Science, Gaithersburg, MD, USA, March 30–April 1, 2015 (Springer, Heidelberg, 2015), pp. 194–213
O. Regev, On lattices, learning with errors, random linear codes, and cryptography, in H.N. Gabow, R. Fagin (eds.) 37th Annual ACM Symposium on Theory of Computing, Baltimore, MA, USA, May 22–24, 2005 (ACM Press, New York), pp. 84–93
S.R.R. Leander, F. Wiemer. Personal communication (2019)
B. Roberts, Toward secure quantum money (2019)
D. Unruh, Revocable quantum timed-release encryption, in P.Q. Nguyen, E. Oswald (eds.) Advances in Cryptology—EUROCRYPT 2014, volume 8441 of Lecture Notes in Computer Science, Copenhagen, Denmark, May 11–15, 2014 (Springer, Heidelberg, 2014), pp. 129–146
Dominique Unruh. Computationally binding quantum commitments, in M. Fischlin, J.-S. Coron, (eds.) Advances in Cryptology—EUROCRYPT 2016, Part II, volume 9666 of Lecture Notes in Computer Science, Vienna, Austria, May 8–12, 2016 (Springer, Heidelberg, 2016), pp. 497–527
S. Wiesner, Conjugate coding. SIGACT News 15(1), 78–88 (1983)
A. Winter, Coding theorem and strong converse for quantum channels. IEEE Trans. Inf. Theor. 45(7), 2481–2485 (1999)
D. Wichs, G. Zirdelis, Obfuscating compute-and-compare programs under LWE. Cryptology ePrint Archive, Report 2017/276 (2017). http://eprint.iacr.org/2017/276.
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by Serge Fehr
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Zhandry, M. Quantum Lightning Never Strikes the Same State Twice. Or: Quantum Money from Cryptographic Assumptions. J Cryptol 34, 6 (2021). https://doi.org/10.1007/s00145-020-09372-x
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s00145-020-09372-x