TY - JOUR
T1 - Quantum Tokens for Digital Signatures
AU - Ben-David, Shalev
AU - Sattath, Or
N1 - Funding Information:
We thank Scott Aaronson, Dorit Aharonov, Nir Bitansky, Zvika Brakerski, Aram Harrow, Robin Kothari, Gil Segev and Vinod Vaikuntanathan for valuable discussions. We thank Paul Christiano for reporting to us the attack described in Section B.2, and for his other comments. We also thank the anonymous referees for their comments. Most of this work was done while S.B.D. was at MIT and O.S. was at the Hebrew University and MIT. This work was partially supported by NSF grant no. 2745557, and ERC Grant 030-8301, the Israel Science Foundation (ISF) grant No. 682/18 and 2137/19, and by the Cyber Security Research Center at Ben-Gurion University. The authors acknowledge the hospitality of the Center for Theoretical Physics at MIT. The icon was downloaded from http://icons8.com, and is licensed under Creative Commons Attribution-NoDerivs 3.0 Unported. This work has received funding from the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation pro-gramme (grant agreement No 756482).
Funding Information:
This work was partially supported by NSF grant no. 2745557, and ERC Grant 030-8301, the Israel Science Foundation (ISF) grant No. 682/18 and 2137/19, and by the Cyber Security Research Center at Ben-Gurion University. The authors acknowledge the hospitality of the Center for Theoretical Physics at MIT. The icon was downloaded from http://icons8.com, and is licensed under Creative Commons Attribution-NoDerivs 3.0 Unported. This work has received funding from the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation programme (grant agreement No 756482).
Publisher Copyright:
© 2023 Verein zur Forderung des Open Access Publizierens in den Quantenwissenschaften. All Rights Reserved.
PY - 2023/1/1
Y1 - 2023/1/1
N2 - The fisherman caught a quantum fish. Fisherman, please let me go, begged the fish, and I will grant you three wishes. The fisherman agreed. The fish gave the fisherman a quantum computer, three quantum signing tokens and his classical public key. The fish explained: to sign your three wishes, use the tokenized signature scheme on this quantum computer, then show your valid signature to the king who owes me a favor. The fisherman used one of the signing tokens to sign the document “give me a castle!” and rushed to the palace. The king executed the classical verification algorithm using the fish’s public key, and since it was valid, the king complied. The fisherman’s wife wanted to sign ten wishes using their two remaining signing tokens. The fisherman did not want to cheat, and secretly sailed to meet the fish. Fish, my wife wants to sign ten more wishes. But the fish was not worried: I have learned quantum cryptography following the previous story1. These quantum tokens are consumed during the signing. Your polynomial wife cannot even sign four wishes using the three signing tokens I gave you. How does it work? wondered the fisherman. Have you heard of quantum money? These are quantum states which can be easily verified but are hard to copy. This tokenized quantum signature scheme extends Aaronson and Christiano’s quantum money scheme [AC13], which is why the signing tokens cannot be copied. Does your scheme have additional fancy properties? asked the fisherman. Yes, the scheme has other security guarantees: revocability, testability and everlasting revocability. Furthermore, if you’re at sea and your quantum phone has only classical reception, you can use this scheme to transfer the value of the quantum money to shore, said the fish, and swam away.
AB - The fisherman caught a quantum fish. Fisherman, please let me go, begged the fish, and I will grant you three wishes. The fisherman agreed. The fish gave the fisherman a quantum computer, three quantum signing tokens and his classical public key. The fish explained: to sign your three wishes, use the tokenized signature scheme on this quantum computer, then show your valid signature to the king who owes me a favor. The fisherman used one of the signing tokens to sign the document “give me a castle!” and rushed to the palace. The king executed the classical verification algorithm using the fish’s public key, and since it was valid, the king complied. The fisherman’s wife wanted to sign ten wishes using their two remaining signing tokens. The fisherman did not want to cheat, and secretly sailed to meet the fish. Fish, my wife wants to sign ten more wishes. But the fish was not worried: I have learned quantum cryptography following the previous story1. These quantum tokens are consumed during the signing. Your polynomial wife cannot even sign four wishes using the three signing tokens I gave you. How does it work? wondered the fisherman. Have you heard of quantum money? These are quantum states which can be easily verified but are hard to copy. This tokenized quantum signature scheme extends Aaronson and Christiano’s quantum money scheme [AC13], which is why the signing tokens cannot be copied. Does your scheme have additional fancy properties? asked the fisherman. Yes, the scheme has other security guarantees: revocability, testability and everlasting revocability. Furthermore, if you’re at sea and your quantum phone has only classical reception, you can use this scheme to transfer the value of the quantum money to shore, said the fish, and swam away.
UR - http://www.scopus.com/inward/record.url?scp=85148719715&partnerID=8YFLogxK
U2 - 10.22331/q-2023-01-19-901
DO - 10.22331/q-2023-01-19-901
M3 - Article
AN - SCOPUS:85148719715
SN - 2521-327X
VL - 7
JO - Quantum
JF - Quantum
M1 - 901
ER -