Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Anonymous Quantum Tokens with Classical Verification

Dmytro Gavinsky, Dar Gilboa, Siddhartha Jain, Dmitri Maslov, Jarrod R. McClean

TL;DR

Anonymous quantum money with classical verification is achieved by minting $n$-qubit quantum tokens that remain identical before measurement but yield different classical data after measurement. The core technique is a repetitive token construction with an auditing mechanism: users can perform swap tests to detect whether the issuing bank is tracking them, and verification is performed classically via a bank-held secret. The paper provides a concrete construction with explicit parameters that guarantees correctness, unforgeability, and anonymity under unconditional security, using a quantum-query bound to limit forging and a history-based Verify procedure to prevent fraud. Applications include Anonymous quantum money, Anonymous one-time pads, and Anonymous voting, with an emphasis on minimizing quantum resources while enabling auditing.

Abstract

The no-cloning theorem can be used as a basis for quantum money constructions which guarantee unconditionally unforgeable currency. Existing schemes, however, either (i) require long-term quantum memory and quantum communication between the user and the bank in order to verify the validity of a bill or (ii) fail to protect user privacy due to the uniqueness of each bill issued by the bank, which can allow its usage to be tracked. We introduce a construction of single-use quantum money that gives users the ability to detect whether the issuing authority is tracking them, employing an auditing procedure for which we prove unconditional security. Bill validation is classical, and hence does not require long-term quantum memory or quantum communication, making the protocol relatively practical to deploy. We discuss potential applications beyond money, including anonymous one-time pads and voting.

Anonymous Quantum Tokens with Classical Verification

TL;DR

Anonymous quantum money with classical verification is achieved by minting -qubit quantum tokens that remain identical before measurement but yield different classical data after measurement. The core technique is a repetitive token construction with an auditing mechanism: users can perform swap tests to detect whether the issuing bank is tracking them, and verification is performed classically via a bank-held secret. The paper provides a concrete construction with explicit parameters that guarantees correctness, unforgeability, and anonymity under unconditional security, using a quantum-query bound to limit forging and a history-based Verify procedure to prevent fraud. Applications include Anonymous quantum money, Anonymous one-time pads, and Anonymous voting, with an emphasis on minimizing quantum resources while enabling auditing.

Abstract

The no-cloning theorem can be used as a basis for quantum money constructions which guarantee unconditionally unforgeable currency. Existing schemes, however, either (i) require long-term quantum memory and quantum communication between the user and the bank in order to verify the validity of a bill or (ii) fail to protect user privacy due to the uniqueness of each bill issued by the bank, which can allow its usage to be tracked. We introduce a construction of single-use quantum money that gives users the ability to detect whether the issuing authority is tracking them, employing an auditing procedure for which we prove unconditional security. Bill validation is classical, and hence does not require long-term quantum memory or quantum communication, making the protocol relatively practical to deploy. We discuss potential applications beyond money, including anonymous one-time pads and voting.

Paper Structure

This paper contains 16 sections, 1 theorem, 58 equations, 1 figure, 1 table.

Table of Contents

  1. Introduction
  2. Key results
  3. Outline of the paper
  4. Preliminaries and notation
  5. Quantum states and their distinguishabilityState distinguishability
  6. Notation for mixed states.
  7. Limitations of quantum queries
  8. Quantum tokens with classical verification From traceability to anonymityTokens with classical verification
  9. Towards anonymity: Repetitive tokensRepetitive tokens
  10. Anonymity of repetitive schemes
  11. A repetitive token scheme Construction and analysisConstruction and analysis
  12. Applications
  13. Anonymous quantum money
  14. Anonymous one-time pads
  15. Anonymous voting
  16. ...and 1 more sections

Key Result

Lemma 8

If an algorithm makes $q$ quantum queries with respect to a uniformly random $F:\: X\to Y$ and outputs at most $N$ distinct pairs $(x_i,y_i)$, then =1001

Figures (1)

  • Figure 1: Anonymous quantum tokens with classical verification. The four stages of our protocol involve (i) the bank minting quantum tokens and distributing them to users, (ii) users performing optional auditing of the bank to ensure anonymity, (iii) measurement of the quantum tokens, and subsequent storage in classical memory, (vi) validation of the tokens by sending the measurement result to the bank for verification. The pair $(S,H)$ represents a random string used by the bank to generate tokens and the history of redeemed tokens, respectively. Quantum communication/memory is represented in purple, while classical communication/memory is in grey. Quantum measurement is represented in orange.

Theorems & Definitions (18)

  • Claim 2
  • proof : Proof
  • Claim 5: Swap test for mixed states
  • proof : Proof
  • Claim 6: Chain inequality for swap test
  • proof : Proof
  • Lemma 8
  • proof : Proof
  • Definition 9: Quantum tokens with classical verification
  • Definition 11: Repetitive quantum tokens with classical verification
  • ...and 8 more