Abstract
Quantum tokenized signature schemes (Ben-David and Sattath, QCrypt 2017) allow a sender to generate and distribute quantum unclonable states which grant their holder a one-time permission to sign in the name of the sender. Such schemes are a strengthening of public-key quantum money schemes, as they imply public-key quantum money where some channels of communication in the system can be made classical.
An even stronger primitive is semi-quantum tokenized signatures, where the sender is classical and can delegate the generation of the token to a (possibly malicious) quantum receiver. Semi-quantum tokenized signature schemes imply a powerful version of public-key quantum money satisfying two key features:
-
The bank is classical and the scheme can execute on a completely classical communication network. In addition, the bank is stateless and after the creation of a banknote, does not hold any information nor trapdoors except the balance of accounts in the system. Such quantum money scheme solves the main open problem presented by Radian and Sattath (AFT 2019).
-
Furthermore, the classical-communication transactions between users in the system are direct and do not need to go through the bank. This enables the transactions to be both classical and private.
While fully-quantum tokenized signatures (where the sender is quantum and generates the token by itself) are known based on quantum-secure indistinguishability obfuscation and injective one-way functions, the semi-quantum version is not known under any computational assumption. In this work we construct a semi-quantum tokenized signature scheme based on quantum-secure indistinguishability obfuscation and the sub-exponential hardness of the Learning with Errors problem. In the process, we show new properties of quantum coset states and a new hardness result on indistinguishability obfuscation of classical subspace membership circuits.
The full version of this work can be found at https://eprint.iacr.org/2022/228.
O. Shmueli—Supported by ISF grants 18/484 and 19/2137, by Len Blavatnik and the Blavatnik Family Foundation, by the European Union Horizon 2020 Research and Innovation Program via ERC Project REACT (Grant 756482), and by the Clore Israel Foundation.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Note that quantum teleportation is a known technique to transfer quantum information using classical communication channels. However, assuming no available quantum channel, physical contact is required to distribute the entangled EPR pairs that are used for teleporting the quantum data.
- 2.
e.g. classical information is more stable and classical communication is likely to be more efficient, as a consequence of the better algorithmic efficiency and lower rate of classical error correcting codes, compared to their quantum counterparts.
- 3.
A nice property of a semi-quantum CCD tokens scheme is in-direct classical-communication transactions from user to user: A user can return a token to the bank, and then the bank can classically send a newly-generated token with the same value to the recipient user of that transaction. Observe, however, that such in-direct transactions are always known by the bank and thus are not private, which is one of the fundamental problems that quantum money is intended to solve.
- 4.
Note that this assumption is weaker than assuming that Decisional LWE is hard for sub-exponential time quantum algorithms, which is considered a standard cryptographic assumption.
- 5.
A hybrid QFHE scheme is one where every encryption of a quantum state \(|{\psi }\rangle \) is of the form \(\left( |{\psi }\rangle ^{x, z}, \textsf{ct}_{(x, z)} \right) \), where \(|{\psi }\rangle ^{x, z}\) is a quantum OTP encryption of \(|{\psi }\rangle \) with keys \(x, z \in \{0, 1\}^{\lambda }\), and \(\textsf{ct}_{(x, z)}\) is a classical FHE encryption of the keys.
- 6.
For any constant \(\delta \in (0, 1]\), the indistinguishability holds for dimension bounded by \(\lambda - \lambda ^\delta \).
- 7.
The sub-exponential security says that there exists some constant \(\delta ' \in (0, 1]\) such that it is impossible for any quantum polynomial-time attacker to distinguish encryptions of differing plaintexts with advantage greater than \(2^{-\lambda ^{\delta '}}\).
References
Aaronson, S.: Quantum copy-protection and quantum money. In: 2009 24th Annual IEEE Conference on Computational Complexity, pp. 229–242. IEEE (2009)
Aaronson, S., Christiano, P.: Quantum money from hidden subspaces. In: Proceedings of the Forty-Fourth Annual ACM Symposium on Theory of Computing, pp. 41–60 (2012)
Ben-David, S., Sattath, O.: Quantum tokens for digital signatures. arXiv preprint arXiv:1609.09047 (2016)
Coladangelo, A., Liu, J., Liu, Q., Zhandry, M.: Hidden cosets and applications to unclonable cryptography. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12825, pp. 556–584. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84242-0_20
Radian, R.: Semi-quantum money. In: Proceedings of the 1st ACM Conference on Advances in Financial Technologies, pp. 132–146 (2019)
Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. J. ACM (JACM) 56(6), 1–40 (2009)
Shmueli, O.: Public-key quantum money with a classical bank. Cryptology ePrint Archive (2021)
Zhandry, M.: Quantum lightning never strikes the same state twice. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11478, pp. 408–438. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17659-4_14
Acknowledgements
We are grateful to Tamer Mour, for helpful discussions during the writing of this work.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 International Association for Cryptologic Research
About this paper
Cite this paper
Shmueli, O. (2022). Semi-quantum Tokenized Signatures. In: Dodis, Y., Shrimpton, T. (eds) Advances in Cryptology – CRYPTO 2022. CRYPTO 2022. Lecture Notes in Computer Science, vol 13507. Springer, Cham. https://doi.org/10.1007/978-3-031-15802-5_11
Download citation
DOI: https://doi.org/10.1007/978-3-031-15802-5_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-15801-8
Online ISBN: 978-3-031-15802-5
eBook Packages: Computer ScienceComputer Science (R0)