The uncloneable bit exists

TL;DR

No coordinated strategy beats random guessing of the encrypted bit, establishing unconditional uncloneability and reveals the existence of an uncloneable bit in Nature and delineates a fundamental, physically enforced cryptographic primitive unavailable in classical settings.

Abstract

We establish quantum uncloneable encryption with unconditional security, preventing two non-communicating adversaries from simultaneously decrypting a single ciphertext $-$ even when both are given the key. Our construction achieves security that approaches the ideal limit at a rate that is exponentially small in the security parameter, without employing any assumptions. Our proof invokes quantum information principles in the fully quantum realm, in a novel setting of cryptography. A decoupling step certifies the statistical independence needed for randomness extraction, and monogamy of entanglement, formalised via strong subadditivity, rules out the sender being highly correlated with two non-communicating adversaries at once. Consequently, no coordinated strategy beats random guessing of the encrypted bit, establishing unconditional uncloneability. This reveals the existence of an uncloneable bit in Nature and delineates a fundamental, physically enforced cryptographic primitive unavailable in classical settings.

Figures (3)

• Figure 1: Classical and quantum cloning. (a) shows a classical bit can be perfectly copied. (b) depicts that it is impossible to clone a quantum bit perfectly. The quantum bit undergoing a copying operation similar to its classical counterpart, outputs two residual objects that are no longer true copies of the original input. This highlights a fundamental distinction between classical and quantum information.
• Figure 2: Uncloneable encryption. (a) depicts an uncloneable encryption scheme abstractly. $A$ samples a random key $k$ and a bit message $m \in \{0, 1\}$ uniformly and prepares the ciphertext $\sigma_m^k$, which is then subjected to a cloning attack represented by the box: $\Phi$ is an adversarially-chosen pirate channel through which $\sigma_m^k$ passes, outputting an entangled state in the system of the adversaries, $B$ and $C$. $A$ informs $B$ and $C$ of the key, $k$. Without communicating, $B$ and $C$ both try to guess $m.$ If $m_B = m_C = m$, the cloning attack succeeds, and the cloning probability is said to be high. This is known as the prepare-and-measure picture. (b) shows a picture dual to (a) that is entanglement-based, and is described by a monogamy-of-entanglement game. $B$ and $C$ prepare an entangled state $\phi_{ABC}$ (the Choi state of the pirate channel, $\Phi$ in the dual picture) and share it with the honest referee, $A$ after which they can no longer communicate. $A$ samples a question $U_c$ and informs $B$ and $C$. $A$ makes a measurement specified by $U_c$ to get answer $x.$ Then, $B$ and $C$ measure their parts of the state and attempt to guess $x$. The players $B$ and $C$ win if both their guesses are correct, i.e., $x_B = x_C = x.$ The scheme we show security for is a Clifford $2$-design, and is dual to the six-state game. Here, $U_c$ depicts a Clifford unitary. The uncloneable security we show is that, in the limit of large dimension, the success probability of a cloning attack on the Clifford $2$-design encryption must tend to $\frac{1}{2}$, exponentially in the size of the encoding ($\exp(-\lambda)$ in $\lambda$, the security parameter). This is equivalent to showing that $B$ and $C$ cannot do better than a coordinated random guess of the encoded bit in the six-state game.
• Figure 3: Security proof of uncloneable encryption. The proof starts by converting the input state, $\phi_{ABC}$ to a permutation invariant state, after which the analysis of one-shot to asymptotic information processing is construed to establish security.

Theorems & Definitions (30)

• Definition 1: Scheme
• Theorem 1: Security
• Lemma 2
• proof
• Lemma 3
• proof
• Lemma 4: Ren05
• Lemma 5: Tom12 Remark 5.6
• Lemma 6
• proof