International Association for Cryptologic Research

International Association
for Cryptologic Research


Another Round of Breaking and Making Quantum Money: How to Not Build It from Lattices, and More

Jiahui Liu , University of Texas at Austin
Hart Montgomery , Linux Foundation & Fujitsu Labs
Mark Zhandry , NTT Research & Princeton University
DOI: 10.1007/978-3-031-30545-0_21 (login may be required)
Search ePrint
Search Google
Presentation: Slides
Conference: EUROCRYPT 2023
Abstract: This work provides both negative and positive results for publicly verifiable quantum money. ** In the first part, we give a general theorem, showing that a certain natural class of quantum money schemes from lattices cannot be secure. We use this theorem to break the recent quantum money proposal of Khesin, Lu, and Shor. ** In the second part, we propose a framework for building quantum money and quantum lightning we call invariant money which abstracts and formalizes some ideas of quantum money from knots by Farhi et al.(ITCS'12) and its precedent work by Lutomirski et al.(ICS'10). In addition to formalizing this framework, we provide concrete hard computational problems loosely inspired by classical knowledge-of-exponent assumptions, whose hardness would imply the security of *quantum lightning*, a strengthening of quantum money where not even the bank can duplicate banknotes. ** We discuss potential instantiations of our framework, including an oracle construction using cryptographic group actions and instantiations from rerandomizable functional encryption, isogenies over elliptic curves, and knots.
  title={Another Round of Breaking and Making Quantum Money: How to Not Build It from Lattices, and More},
  author={Jiahui Liu and Hart Montgomery and Mark Zhandry},