According to Notorious B.I.G., among other economists, mo’ money necessarily correlates with mo’ problems. However, a team of MIT and Harvard University researchers reports that quantum cash may solve at least some of those money problems, specifically counterfeiting, which costs the economy between $30 billion-$50 billion per year.
In a study published on ArXiv, the researchers suggest that the no-cloning theorem that rests at the heart of quantum mechanics can serve as part of a publicly verifiable quantum money protocol. The team of researchers includes Andrey Boris Khesin, Jonathan Z. Lu and Peter W. Shor, one of the pioneers of quantum computing algorithm design.
According to the researchers, a successful quantum money protocol would require three features: the efficient creation of money states, the efficient public authentication and unforgeability. This scheme would meet all three, they say. It includes the preparation of quantum states that can be efficiently authenticated by other parties — but would be impossible to counterfeit.
In the multiparty quantum cryptographic protocol, the mint can create quantum states which other participants in the system can verify but cannot duplicate. Specifically, the mint may generate the quantum money state associated with a serial number, which it releases publicly along with any other relevant information. Any party with the public information can then use a quantum computer to certify, the authenticity of the serial number without marginally changing the state.
This protocol is based on short-vector problem — SVP — on lattices. In other words, in order to counterfeit the state, the would-be hacker would have to solve the SVP, which is a well-studied problem in cryptographic circles.
According to the team: “In particular, our protocol uses a random lattice that contains one known short vector, and we show that anyone who can duplicate a quantum money state can find another, linearly independent, short vector in the lattice. This problem of finding a second short vector in a random lattice is equivalent to the short vector problem in a random lattice.”
The quantum money state, itself, is a superposition of Gaussian balls.
“Assuming the SVP is hard, it is impossible to create a specific superposition of Gaussian balls, but it is possible to create a random translate of a specific superposition,” the researchers write.
The team offers several advantages of the approach.
They write: “Aside from its remarkable physical implications— an explicit example of a provably uncloneable quantum state—our quantum money also offers advantages unachievable by classical cryptocurrencies or physical bills. Since our money states are physical, they can serve as tangible yet unforgeable bills, but they could also be transferred through quantum channels as digital money. Moreover, verification of ownership can be done locally and offline, having no need for global synchronization through such mechanisms as blockchains.”
Quantum money is just one of the outcomes of the protocol — there could be other uses. For example, the researchers said that it could lead to an antipiracy protocol that protects quantum computations — a circuit — from duplication.
They add: “One may also explore connections between quantum money and other branches of quantum cryptography, such as zero-knowledge proofs.”
ArXiv is a pre-print server, which means the research has not officially been peer reviewed, as yet.
The National Science Foundation, Department of Energy and NTT Research supported the work.