Quantum One-Time Protection of any Randomized Algorithm
Sam Gunn, Ramis Movassagh
TL;DR
This work introduces quantum one-time tokens for protecting arbitrary randomized classical programs, enabling exact-one-time evaluation with token-based security in a black-box setting. The scheme combines a quantum one-time authentication layer, a classical obfuscator, and a hash-based random oracle to produce a token that allows evaluating a protected function $f$ on any input, provided the outputs have sufficient $ ext{min}$-entropy. Central to the security are the collapsing-hash and compressed-oracle analyses, which show that composing $f$ with a random oracle yields a collapsing function, supporting one-time security under reasonable assumptions. The framework yields a practical, near-term-appealing route to securely deploy pay-per-use software, including generative models, with quantum-assisted guarantees while keeping the quantum requirements minimal. A broader impact is the potential to demonstrate quantum-secured computation on modest quantum devices, independent of the protected program’s complexity.
Abstract
The meteoric rise in power and popularity of machine learning models dependent on valuable training data has reignited a basic tension between the power of running a program locally and the risk of exposing details of that program to the user. At the same time, fundamental properties of quantum states offer new solutions to data and program security that can require strikingly few quantum resources to exploit, and offer advantages outside of mere computational run time. In this work, we demonstrate such a solution with quantum one-time tokens. A quantum one-time token is a quantum state that permits a certain program to be evaluated exactly once. One-time security guarantees, roughly, that the token cannot be used to evaluate the program more than once. We propose a scheme for building quantum one-time tokens for any randomized classical program, which include generative AI models. We prove that the scheme satisfies an interesting definition of one-time security as long as outputs of the classical algorithm have high enough min-entropy, in a black box model. Importantly, the classical program being protected does not need to be implemented coherently on a quantum computer. In fact, the size and complexity of the quantum one-time token is independent of the program being protected, and additional quantum resources serve only to increase the security of the protocol. Due to this flexibility in adjusting the security, we believe that our proposal is parsimonious enough to serve as a promising candidate for a near-term useful demonstration of quantum computing in either the NISQ or early fault tolerant regime.