Almost Public Quantum Coins
This work addresses the privacy and verification challenges in quantum money for users and cryptographic applications, representing a significant advancement rather than an incremental improvement.
The paper tackles the problem of creating a public quantum coin scheme, which allows anyone to verify quantum money states without compromising user privacy, by lifting any private quantum coin scheme to one that closely resembles a public scheme, achieving provable security based on standard assumptions and providing the first construction close to an inefficient unconditionally secure public quantum money scheme.
In a quantum money scheme, a bank can issue money that users cannot counterfeit. Similar to bills of paper money, most quantum money schemes assign a unique serial number to each money state, thus potentially compromising the privacy of the users of quantum money. However in a quantum coins scheme, just like the traditional currency coin scheme, all the money states are exact copies of each other, providing a better level of privacy for the users. A quantum money scheme can be private, i.e., only the bank can verify the money states, or public, meaning anyone can verify. In this work, we propose a way to lift any private quantum coin scheme -- which is known to exist based on the existence of one-way functions, due to Ji, Liu, and Song (CRYPTO'18) -- to a scheme that closely resembles a public quantum coin scheme. Verification of a new coin is done by comparing it to the coins the user already possesses, by using a projector on to the symmetric subspace. No public coin scheme was known prior to this work. It is also the first construction that is very close to a public quantum money scheme and is provably secure based on standard assumptions. Finally, the lifting technique, when instantiated with the private quantum coins scheme~\cite{MS10}, gives rise to the first construction that is close to an inefficient unconditionally secure public quantum money scheme.