Why quantum money can replace blockchain-based cryptocurrencies
Quantum money is a form of currency that uses the strange laws of quantum mechanics to ensure that it cannot be copied, but at the same time is easily verified. These properties make it an ideal medium of exchange, just like regular cash, but without the risk of counterfeiting.
The idea was first developed by physicist Stephen Wiesner in 1970 using the notion that any attempt to measure an unknown quantum state inevitably destroys it. In comparison, the process of measuring a known quantum state preserves it.
Wiesner realized that if the details of the quantum state were kept secret, say by a central bank, this property could be used to guarantee the truth of quantum money while ensuring that it could never be copied.
Since then, the idea of quantum money has become hugely influential, forming the basis for a number of experiments and quantum cryptographic techniques that have become routine.
Quantum disadvantage
However, Wiesner’s quantum money formulation has one drawback. The verification process can only be performed by a trusted authority, such as a central bank, which otherwise keeps the details of the quantum states secret.
But the rise of decentralized currencies such as Bitcoin and Ether has turned attention to monetary systems that do not require centralized control.
Now, Andrey Khesin and Peter Shor of the Massachusetts Institute of Technology and Jonathan Lu of Harvard University, both in Cambridge, have found a way to create quantum money that anyone can verify, making it completely decentralized without needing a blockchain to record transactions in a secure manner.
The new approach derives its security from a form of post-quantum encryption that is resistant to attacks by quantum computers. The key to post-quantum cryptography is finding problems that even a quantum computer finds difficult to solve.
One of the most promising involves the mathematical idea of a lattice, a kind of multidimensional grid formed by a set of vectors. The points in this grid are connected by vectors of different lengths that are easy to calculate. However, the problem of finding the shortest vectors in the lattice turns out to be difficult, especially when the lattice is random.
One approach is to calculate the distance between all the points in a random lattice, which will eventually find the shortest one. But as the grid gets larger or includes more dimensions, this problem becomes unfathomably difficult, even for a quantum computer.
The approach that Khesin and co have come up with is to encode the random lattice into the quantum properties of a unit of quantum money, perhaps like an atomic array. Anyone who wants to copy this money must reproduce this random grid. But this can only be done if the shortest vectors are known, a task that would defeat even a quantum computer.
It guarantees the safety of the money. It is also easy to verify since the quantum state of the lattice has specific properties that any user can test for.
The result is a physical system that cannot be copied, but is easily controlled. “Since our money states are physical, they can serve as tangible but unforgettable bills, but they can also be transferred through quantum channels as digital money,” say Khesin and co.
And all of this is done by the buyer and seller without the need to register transactions, just as regular cash is used today. “Verification of ownership can be done locally and offline, without the need for global synchronization through such mechanisms as blockchains,” the team says.
Blockchain Bust
It is interesting work with significant implications. One of the disadvantages of decentralized cryptocurrencies is the huge energy costs required to encrypt and maintain the blockchain. For Bitcoin, this is currently believed to be more power than the entire country of Argentina consumes and is clearly unsustainable in the long term.
Quantum money has the potential to work without these overheads. It is also naturally anonymous, just like cash, which will be a popular property. “Our quantum money also offers advantages that cannot be achieved with classical cryptocurrencies or physical bills,” the researchers say. But it will only be possible to use it when the infrastructure exists to send quantum information easily and cheaply. In other words, quantum money first requires a full quantum internet, a technology that is surely but slowly emerging.
There may be another application that is likely to come to fruition first. Khesin and co raise the possibility that the same technique could also provide copy protection in the quantum world.
And they have plans in this direction. “A next step is to adapt the quantum money algorithm to an anti-piracy protocol that protects quantum computations (i.e. a circuit) from duplication.”
Watch this space – quantum copy protection, if not quantum money, may soon become a reality.
Ref: Publicly Verifiable Quantum Money from Random Grids: arxiv.org/abs/2207.13135