Why Quantum Money Could Replace Blockchain-Based Cryptocurrencies

Quantum money is a form of currency that employs the strange laws of quantum mechanics to ensure that it cannot be copied but at the same time can be easily verified. These properties make it an ideal medium of exchange, just like ordinary cash, but without any risk of counterfeiting.

The idea was first developed by the physicist Stephen Wiesner in 1970 using the notion that any attempt to measure an unknown quantum state inevitably destroys it. By comparison, the process of measuring a known quantum state preserves it.

Wiesner realized that if the details of the quantum state were kept secret, by a central bank for example, this property could be used to guarantee the veracity of quantum money while ensuring it could never be copied.

Since then, the idea of quantum money has become hugely influential, forming the basis of numerous experiments and quantum cryptographic techniques that have become routine.

Quantum Disadvantage

However, Wiesner’s quantum money formulation has one drawback. The verification process can only be performed by a trusted authority, like a central bank, which otherwise keeps the details of the quantum states secret.

But the emergence of decentralized currencies like Bitcoin and Ether have focused attention of monetary systems that require no centralized control.

Now Andrey Khesin and Peter Shor at the Massachusetts Institute of Technology and Jonathan Lu at Harvard University, both in Cambridge, have found a way to create quantum money that anybody can verify, making it entirely decentralized without needing a blockchain to securely record transactions.

The new approach gets its security from a form of post-quantum encryption that is resistant to attack by quantum computers. The key to post-quantum encryption is to find problems that even a quantum computer finds difficult to solve.

One of the most promising involves the mathematical idea of a lattice, a kind of multidimensional grid formed by a set of vectors. The points in this grid are connected by vectors of various lengths which are straightforward to calculate. However, the problem of finding the shortest vectors in the lattice turns out to be hard, particularly when the lattice is random.

One approach is to calculate the distance between all the points in a random lattice, which will eventually find the shortest. But as the grid becomes larger or includes more dimensions, this problem becomes mind-bogglingly difficult, even for a quantum computer.

The approach that Khesin and co have come up with is to encode the random lattice into the quantum properties of a unit of quantum money, perhaps as an atomic array. Anyone wanting to copy this money must reproduce this random lattice. But this can only be done if the shortest vectors are known, a task that will defeat even a quantum computer.

That guarantees the security of the money. It is also easily verifiable since the quantum state of the lattice has specific properties that any user can test for.

The result is a physical system that cannot be copied but is easily checked. “Since our money states are physical, they can serve as tangible yet unforgeable bills, but they could also be transferred through quantum channels as digital money,” say Khesin and co.

And all this is done by the buyer and seller without any need for a record of transactions, just as ordinary cash is used today. “Verification of ownership can be done locally and offline, having no need for global synchronization through such mechanisms as blockchains,” say the team.

Blockchain Bust

That’s interesting work with significant implications. One of the disadvantages of decentralized cryptocurrencies is the huge energy cost required to encrypt and maintain the blockchain. For Bitcoin, this is currently thought to be more power than the entire country of Argentina consumes and is clearly unsustainable in the long term.

Quantum money has the potential to work without this overhead. It is also naturally anonymous, just like cash, which will be a popular property. “Our quantum money also offers advantages unachievable by classical cryptocurrencies or physical bills,” say the researchers.
But it will only become possible to use when the infrastructure exists to send quantum information easily and cheaply. In other words, quantum money first requires a full quantum internet, a technology that is emerging surely but slowly.

There could be another application likely to come to fruition first. Khesin and co raise the possibility that the same technique could also provide copy protection in the quantum world.

And they have plans in this direction. “A next step is to adapt the quantum money algorithm to an antipiracy protocol that protects quantum computations (i.e. a circuit) from duplication.”

Watch this space—quantum copy protection, if not quantum money, could soon be a reality.


Ref: Publicly Verifiable Quantum Money From Random Lattices : arxiv.org/abs/2207.13135