Universal one-way hash functions and their cryptographic applications
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
One-way functions are necessary and sufficient for secure signatures
STOC '90 Proceedings of the twenty-second annual ACM symposium on Theory of computing
A fast quantum mechanical algorithm for database search
STOC '96 Proceedings of the twenty-eighth annual ACM symposium on Theory of computing
Strengths and Weaknesses of Quantum Computing
SIAM Journal on Computing
Finding a large hidden clique in a random graph
Proceedings of the ninth annual ACM-SIAM symposium on Discrete algorithms
Quantum lower bounds by polynomials
Journal of the ACM (JACM)
Quantum lower bound for the collision problem
STOC '02 Proceedings of the thiry-fourth annual ACM symposium on Theory of computing
Quantum computation and quantum information
Quantum computation and quantum information
On the (Im)possibility of Obfuscating Programs
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Quantum lower bounds by quantum arguments
Journal of Computer and System Sciences - Special issue on STOC 2000
ACM SIGACT News - A special issue on cryptography
On lattices, learning with errors, random linear codes, and cryptography
Proceedings of the thirty-seventh annual ACM symposium on Theory of computing
Quantum Copy-Protection and Quantum Money
CCC '09 Proceedings of the 2009 24th Annual IEEE Conference on Computational Complexity
PKC'11 Proceedings of the 14th international conference on Practice and theory in public key cryptography conference on Public key cryptography
A new algorithm for fixed point quantum search
Quantum Information & Computation
Symmetry-Assisted Adversaries for Quantum State Generation
CCC '11 Proceedings of the 2011 IEEE 26th Annual Conference on Computational Complexity
Cold boot key recovery by solving polynomial systems with noise
ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
Quantum Query Complexity of State Conversion
FOCS '11 Proceedings of the 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science
Proceedings of the 3rd Innovations in Theoretical Computer Science Conference
Bounds for error reduction with few quantum queries
APPROX'05/RANDOM'05 Proceedings of the 8th international workshop on Approximation, Randomization and Combinatorial Optimization Problems, and Proceedings of the 9th international conference on Randamization and Computation: algorithms and techniques
Random oracles in a quantum world
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
Hi-index | 0.00 |
Forty years ago, Wiesner pointed out that quantum mechanics raises the striking possibility of money that cannot be counterfeited according to the laws of physics. We propose the first quantum money scheme that is (1) public-key---meaning that anyone can verify a banknote as genuine, not only the bank that printed it, and (2) cryptographically secure, under a "classical" hardness assumption that has nothing to do with quantum money. Our scheme is based on hidden subspaces, encoded as the zero-sets of random multivariate polynomials. A main technical advance is to show that the "black-box" version of our scheme, where the polynomials are replaced by classical oracles, is unconditionally secure. Previously, such a result had only been known relative to a quantum oracle (and even there, the proof was never published). Even in Wiesner's original setting---quantum money that can only be verified by the bank---we are able to use our techniques to patch a major security hole in Wiesner's scheme. We give the first private-key quantum money scheme that allows unlimited verifications and that remains unconditionally secure, even if the counterfeiter can interact adaptively with the bank. Our money scheme is simpler than previous public-key quantum money schemes, including a knot-based scheme of Farhi et al. The verifier needs to perform only two tests, one in the standard basis and one in the Hadamard basis---matching the original intuition for quantum money, based on the existence of complementary observables. Our security proofs use a new variant of Ambainis's quantum adversary method, and several other tools that might be of independent interest.