Simultaneous Haar Indistinguishability with Applications to Unclonable Cryptography

TL;DR

This work introduces simultaneous Haar indistinguishability (SSI) as a nonlocal-state discrimination framework to study unclonable cryptographic primitives. It proves a central bound: for Haar-dimension $d$ and $t$ copies, the indistinguishability error is $\varepsilon=O\left(\tfrac{t^2}{\sqrt{d}}\right)$, even against entangled adversaries, and provides a matching lower bound in the $t=1$ case. Leveraging SSI, the authors construct unclonable encryption with quantum decryption keys in the plain model, along with a single-decryptor encryption variant and a leakage-resilient quantum secret-sharing scheme. The results unify cryptographic feasibility questions in the plain model and yield concrete protocols with quantum ciphertexts/keys, along with a framework to analyze multi-copy and multi-party security in quantum cryptography. Overall, the paper advances unclonable cryptography by tying its security to a well-characterized nonlocal indistinguishability task and delivering practical constructions with strong security guarantees.

Abstract

Unclonable cryptography is concerned with leveraging the no-cloning principle to build cryptographic primitives that are otherwise impossible to achieve classically. Understanding the feasibility of unclonable encryption, one of the key unclonable primitives, satisfying indistinguishability security in the plain model has been a major open question in the area. So far, the existing constructions of unclonable encryption are either in the quantum random oracle model or are based on new conjectures. We present a new approach to unclonable encryption via a reduction to a novel question about nonlocal quantum state discrimination: how well can non-communicating -- but entangled -- players distinguish between different distributions over quantum states? We call this task simultaneous state indistinguishability. Our main technical result is showing that the players cannot distinguish between each player receiving independently-chosen Haar random states versus all players receiving the same Haar random state. We leverage this result to present the first construction of unclonable encryption satisfying indistinguishability security, with quantum decryption keys, in the plain model. We also show other implications to single-decryptor encryption and leakage-resilient secret sharing.

Figures (1)

• Figure 1: A graphical proof of the equivalence of \ref{['eq:tensor']}. On the left is a tensor network diagram depicting the trace inner product between $\tilde{M} \otimes N$ and $\Omega \otimes F$; the grey dashed lines denote the trace; the red wires denote the (unnormalized) maximally entangled state $\Omega$, and the blue wires denote the swap operation $F$. By following the wire connections we deduce the tensor network diagram on the right, which is the same as the trace inner product between $\tilde{M}$ and the partial transpose of $N$ on register ${\color{gray}C}_1$.

Theorems & Definitions (100)

• Theorem 1: Informal
• Theorem 2: Informal
• Theorem 3: Informal
• Theorem 4: Informal
• Lemma 5: Simultaneous Quantum Goldreich-Levin
• Lemma 6
• proof
• Lemma 7
• Lemma 8
• proof