This preview shows pages 1–2. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: MIT-CTP-4091 Breaking and making quantum money: toward a new quantum cryptographic protocol Andrew Lutomirski 1 Scott Aaronson 2 Edward Farhi 1 David Gosset 1 Avinatan Hassidim 1 Jonathan Kelner 2 , 3 Peter Shor 1 , 2 , 3 1 Center for Theoretical Physics, Massachusetts Institute of Technology, Cambridge, MA 02139 2 Computer Science and Artificial Intelligence Laboratory, Massachusetts Institute of Technology, Cambridge, MA 02139 3 Department of Mathematics, Massachusetts Institute of Technology, Cambridge, MA 02139 [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] Abstract: Public-key quantum money is a cryptographic protocol in which a bank can create quantum states which anyone can verify but no one except possibly the bank can clone or forge. There are no secure public-key quantum money schemes in the literature; as we show in this paper, the only previously published scheme [ 1 ] is insecure. We introduce a category of quantum money protocols which we call collision-free . For these protocols, even the bank cannot prepare multiple identical- looking pieces of quantum money. We present a blueprint for how such a protocol might work as well as a concrete example which we believe may be insecure. Keywords: quantum money; cryptography; random matrices; and markov chains 1 Introduction In 1969, Wiesner [ 10 ] pointed out that the no- cloning theorem raises the possibility of uncopy- able cash: bills whose authenticity would be guar- anteed by quantum physics. 1 Here’s how Wies- ner’s scheme works: besides an ordinary serial number, each bill would contain (say) a few hun- dred photons, which the central bank polarized in random directions when it issued the note. The bank remembers the polarization of every photon on every bill ever issued. If you want to verify that a bill is genuine, you take it to the bank, and the bank uses its knowledge of the polarizations to measure the photons. On the other hand, the No-Cloning Theorem ensures that someone who doesn’t know the polarization of a photon can’t produce more photons with the same polarizations. Indeed, copying a bill can succeed with probability at most (5 / 6) n , where n is the number of photons 1 This is the same paper that introduced the idea of quan- tum cryptography. Wiesner’s paper was not published until the 1980s; the field of quantum computing and information (to which it naturally belonged) had not yet been invented. per bill. Despite its elegance, Wiesner’s quantum money is a long way from replacing classical money. The main practical problem is that we don’t know how to reliably store polarized photons (or any other co- herent quantum state) for any appreciable length of time....
View Full Document