Digital signatures with classical shadows on near-term quantum computers

TL;DR

This work proposes a near-term quantum digital signature scheme that relies on classical shadows as public keys rather than quantum states or memory. The security rests on a conjectured hardness of learning quantum circuits from their shadows (computational no-learning from shadows, CNL), which the authors support with evidence against existing learning algorithms and by extending learning-hardness arguments to all-to-all shallow circuits. A central technical advance is the Iceberg code for error detection and its gauge-fixing variant, enabling high-fidelity certification and parallelized operations on 32–40 qubit states in current hardware. The experimental demonstration on trapped-ion hardware achieves a shadow overlap around 0.91 and an honest-state fidelity near 0.90, highlighting near-term feasibility for classical-key quantum signatures; the framework also extends to multi-bit signatures and links to the broader notion of one-way puzzles. Overall, the work provides a concrete path toward OWF-free quantum cryptographic primitives that can operate with classical communications and within the capabilities of present-day quantum devices.

Abstract

Quantum mechanics provides cryptographic primitives whose security is grounded in hardness assumptions independent of those underlying classical cryptography. However, existing proposals require low-noise quantum communication and long-lived quantum memory, capabilities which remain challenging to realize in practice. In this work, we introduce a quantum digital signature scheme that operates with only classical communication, using the classical shadows of states produced by random circuits as public keys. We provide theoretical and numerical evidence supporting the conjectured hardness of learning the private key (the circuit) from the public key (the shadow). A key technical ingredient enabling our scheme is an improved state-certification primitive that achieves higher noise tolerance and lower sample complexity than prior methods. We realize this certification by designing a high-rate error-detecting code tailored to our random-circuit ensemble and experimentally generating shadows for 32-qubit states using circuits with $\geq 80$ logical ($\geq 582$ physical) two-qubit gates, attaining 0.90 $\pm$ 0.01 fidelity. With increased number of measurement samples, our hardware-demonstrated primitives realize a proof-of-principle quantum digital signature, demonstrating the near-term feasibility of our scheme.

Figures (13)

• Figure 1: Computational no-learning conjecture. a, Our shadow-based signature schemes uses assumptions independent of those traditionally used in classical cryptography. b, Our conjecture states that it is not feasible for an adversary to learn circuits from randomized measurements (shadows).
• Figure 2: Digital signature schemes.a, The setup and the communication phases of classical digital signature. b, The setup and the communication phases of quantum digital signature. We show an example where the message communicated is a single bit $\mathrm{msg}=0$. Blue arrows denote quantum communication, and black arrows represent classical communication. The left half of the panel shows a protocol requiring quantum communication and quantum memory. The right half of the panel shows our classical shadow protocol. Here, shadows of a quantum state correspond to classical descriptions of measurement outcomes on the state. Verification by the receiver only requires a classical computer but takes time exponential in the number of qubits. c,d,e,f, Classical shadow schemes. c, Single-qubit random Pauli basis protocol of Ref. huang2024certifying, where a randomly chosen qubit is measured in a random Pauli basis and the rest are measured in the computational basis. d, An $m$-level shadow overlap protocol of Ref. huang2024certifying, where $m=3$ qubits are randomly chosen and measured in random Pauli bases, and the rest are measured in the computational basis. We improve the multi-qubit protocol by modifying the post-processing step. e, An $m$-level protocol, where $m=3$ qubits are randomly chosen and an $m$-qubit random Clifford circuit is applied to them before all qubits are measured in the computational basis. This protocol is proposed by this work. f, A special case of the protocol in e where $m$ is the same as the number of qubits. A global random Clifford circuit is applied to all qubits before measurement. This is the same as the classical shadow protocol based on random Clifford measurements for predicting quantum fidelities huang2020predicting.
• Figure 3: Discriminating between the honest signer and the adversary. To improve the discriminating power of the shadow overlap, we devise an improved protocol that reduces the relaxation time $\tau$ to shift the adversary distribution to the left and reduces the variance of the score. Additionally, we use quantum error detection to increase the fidelity to shift the honest distribution to the right.
• Figure 4: Quantum circuits used in the experiment.a, The circuit without encoding. The circuit has four blocks. Blue gates are Hadamard gates, and purple gates are parameterized single-qubit gates $Z^p X^{1/2}$ for $p\in\{-1,-\frac{3}{4},\dots,\frac{3}{4}\}$. We interleave layers of random pairs of inner-block CZ gates and random pairs of transversal intra-block CZ gates. b, One layer of logical single-qubit gates. Each logical single-qubit $R_{Z}$ gate is implemented using a physical parameterized $R_{ZZ}$ gate (purple gates with circular ends), and each logical $R_{X}$ gate is implemented using a physical $R_{XX}$ gate (orange gates with square ends). c, The circuit with Iceberg code encoding. The encoder prepares the logical $\vert{+}\rangle$ state with post selection. All logical two-qubit gates are implemented by physical two-qubit gates. The decoder transforms the encoded state into the physical state with post selection. Then, tomography on the decoded physical state is performed by collecting random Clifford classical shadows. The random Clifford circuit is applied to a random set of physical four qubits after decoding.
• Figure 5: Multi-block random circuit and encoding in Iceberg code.a, Logical random circuit is composed of blocks of qubits, with each block encoded in a separate Iceberg code block. b, Single-qubit logical gates in Iceberg error-detection code: logical $R_{X}$ and $R_{Z}$ rotations are implemented with a physical two-qubit interaction involving the “top” qubit and the “bottom” qubit respectively. c, Promoting select logical operators to stabilizers ("gauge fixing") enables multiple logical single-qubit rotations to be performed in parallel. The qubits gauge-fixed to eigenstates of logical $x$ and logical $z$ are denoted $g_x$ and $g_z$ respectively.

Theorems & Definitions (52)

• Definition 1: Shadow Overlap Protocol
• Conjecture 1: Computational no-learning from shadows
• Conjecture 2: Computational no-learning from states, Conjecture 1.1 of fefferman2025hardness
• Definition 2
• Theorem 1
• proof
• Lemma 1
• proof
• Lemma 2
• proof