A General Quantum Duality for Representations of Groups with Applications to Quantum Money, Lightning, and Fire

TL;DR

The paper extends the AAS duality by showing that, for groups with efficient quantum Fourier transforms, implementing a group representation on a subspace is computationally equivalent to performing a Fourier extraction that coherently recovers the encoded subspace state. It develops a unified framework—the Fourier extraction duality—that generalizes the swap-based intuition from Z2 to non-Abelian groups, and uses it to build public-key quantum money, quantum lightning, and quantum fire from non-Abelian group actions. The main contributions include a plain-model security reduction for quantum money/lightning based on preaction-secure group actions, concrete instantiations using the McEliece/Symmetric-group actions, and a candidate quantum-fire construction leveraging a one-way homomorphism. The results have potential to broaden quantum-cryptographic primitives and provide new avenues for secure quantum money and related primitives in the plain model, with open questions on tight approximate duality and untelegraphability proofs.

Abstract

Aaronson, Atia, and Susskind (2020) established that efficiently mapping between quantum states $|ψ\rangle$ and $|φ\rangle$ is computationally equivalent to distinguishing their superpositions $|ψ\rangle \pm |φ\rangle$. We generalize this insight into a broader duality principle, wherein manipulating quantum states in one basis is equivalent to extracting their value in a complementary basis. This general duality principle states that the ability to implement a unitary representation of a group is computationally equivalent to the ability to perform a Fourier subspace extraction from its irreducible representations. Building on our duality principle, we present the following applications: * We extend the construction of publicly-key quantum money of Zhandry (2024) from Abelian group actions to a construction of quantum lightning from non-Abelian group actions, and eliminate Zhandry's reliance on a black-box model for justifying security. Instead, we prove a direct reduction to a computational assumption -- the pre-action security of cryptographic group actions. Our construction is realizable with symmetric group actions, including those implicit in the McEliece cryptosystem. * We provide an alternative quantum lightning construction from one-way homomorphisms, with security holding under certain conditions. This scheme shows equivalence among four security notions: quantum lightning security, worst-case and average-case cloning security, and security against preparing a canonical state. * We formalize the notion of quantum fire, states that are efficiently clonable, but not efficiently telegraphable. These states can be spread like fire, provided they are kept alive quantumly and do not decohere. The only previously known construction relied on a unitary quantum oracle, whereas we present the first candidate construction of quantum fire using a classical oracle.

Figures (12)

• Figure 1: The ideal functionality of a measurement in the Fourier basis of a group representation, $\mathcal{R}$. Here, $\mathrm{QFT}_{\mathcal{R}}$ is not the Fourier transform of the group, but rather the (generally inefficient) Fourier transform of the representation.
• Figure 2: Fourier sampling circuit for the representation $\mathcal{R}$. For Abelian representations, the functionality of this circuit is identical to that of \ref{['fig:fourier-sampling-ideal']}, but unlike the circuit drawn there, this circuit depicts an efficient algorithm.
• Figure 3: The ideal functionality of a measurement in the Fourier basis of an Abelian representation $\mathcal{R}$ that has multiplicity. The label $\lambda$ of the irreducible representation is copied up to the ancilla register, while the multiplicity index $i$ is left inaccessible. While this circuit is not efficiently implementable, its functionality is equivalent to that of the efficient Fourier sampling circuit of \ref{['fig:fourier-sampling']}.
• Figure 4: The ideal functionality of two kinds of measurements in the Fourier basis of a non-Abelian representation $\mathcal{R}$. In both of these, the label $\lambda$ of the irreducible representation is copied up to an ancilla register, and in the strong case, the state index $j$ is copied up as well. The multiplicity index $i$ is of course always left inaccessible. Neither circuit can be instantiated efficiently, but either functionality can be implemented using the efficient Fourier sampling circuit of \ref{['fig:fourier-sampling']}.
• Figure 5: Ideal functionality that occurs for a non-Abelian representation when the circuit of \ref{['fig:fourier-sampling']}, is viewed in the Fourier-transformed bases of both wires (i.e. the group Fourier transform on the top wire and the representation Fourier transform on the bottom wire). Note that the wire corresponding to the state index $j$ is swapped out completely, such that after the second representation Fourier transform, no information about it is left over at the bottom. Thus it is not copied out, but rather extracted.

Theorems & Definitions (97)

• Theorem 1.1: informal
• Theorem 1.2: Duality, informal
• Corollary 1.3: Duality for Abelian Groups, informal
• Remark 2.1
• Definition 4.1: Hilbert-Schmidt inner product
• Definition 4.2: Representation
• Definition 4.3: $\epsilon$-approximate representation gowers2016inverse
• Definition 4.4: $\epsilon$-close representation
• Definition 4.5: Irreducible representation
• Definition 4.6: Dual of a group