Breaking and making quantum money: toward a new quantum cryptographic protocol[From [0912.3825] Breaking and making quantum money: toward a new quantum cryptographic protocol]
I was reminded of this paper by the article about quantum cash in last week’s New Scientist. Having read the article two or three times to try and understand it (bear in mind that I actually have a degree in Physics) i decided that it probably wasn’t ready for the short-term roadmaps of our customers.
To physicists, quantum cash is a toy problem, a sort of test case with which to study the strange properties of quantum mechanics.[From Schrödinger’s cash: Minting quantum money – physics-math – 20 April 2010 – New Scientist]
Well, it may be a toy problem, but it’s a tough problem. In the original conception of quantum cash, where the authenticity of the banknote depends on the polarisation of a number of photons, you could only use the note once (because measuring the polarisation of the photons would change them) and only the issuing bank could tell you whether the polarisations were correct or not. This isn’t much like a banknote, where you or a shopkeeper can self assay. The New Scientist article discusses a new idea, a hybrid between quantum and public key cryptography.
In Aaronson’s scheme, so-called “public key quantum money” is always issued in two parts. The first is the quantum state. This might belong to a group of photons with a particular set of polarisations, which the issuing bank keeps secret. The second part is a circuit (or the plans for such a circuit) that verifies whether the secret set of polarisations is present in something purporting to be quantum cash. Such a circuit would be to quantum transactions what an ultraviolet light is to today’s banknotes.[From Schrödinger’s cash: Minting quantum money – physics-math – 20 April 2010 – New Scientist]
There’s another problem, which is that even if you can make money that can be verified by anyone and not counterfeited, how do you stop the bank from creating clones and putting them into circulation? This is entirely hypothetical, of course, and I’m not for one moment suggesting that banks would create financial instruments with a face value that exceeded the value of the assets behind them many times over. But just hypothetically? The authors have come up with a solution, which is to use a state for the quantum money that is constructed in a way that is known but not replicable.
This state is a superposition of an exponentially large number of unrelated terms each of which is created by the measurement of an equally exponential superposition. Incorporating this quantum measurement into the process of creating the quantum money ensures that a bank cannot reproduce this state, even though it knows how the initial superposition was created. At least, the bank cannot do this in any reasonable amount of time.[From Technology Review: Blogs: arXiv blog: Unexpected Problems For Quantum Money]
A few years ago I wrote an article for The Guardian called “Schroedinger’s Cash” — yes, I had the idea before New Scientist — and in the article (which, by the way, included my favourite subhead of all time, “The cheque may or may not be in the post”) I was talking about the potential impact of quantum computing and quantum cryptography on the financial services world. I said that
Just as one of the first uses of the modern computer (the Bletchley Park Bombe) was to break the symmetric key cryptography used by the Nazi military (Enigma and all that), so one of the first uses of a quantum computer will be to break the public key cryptography used by the military, government, bank, pharmaceutical and other systems in place today. But note the implication: breaking the codes will not simply mean that banks won’t be able to use it to exchange messages in confidence but that all data encrypted using public key cryptography since it was invented (in the 1970s) will become visible.
Someone, somewhere is presumably archiving all of (for example) the SWIFT messages ever sent, so they will make for interesting reading one day. But never mind breaking boring old public key cryptography, by the way, researchers are already looking into ways to break unbreakable quantum cryptography, and at least on successful attack has already been found.
A vulnerability has been found in which these detectors can be temporarily blinded and then forced to produce a click. An attack exploiting this vulnerability against a free-space polarization based quantum cryptosystem is feasible.[From 26C3: How you can build an eavesdropper for a quantum cryptosystem]
OK so it doesn’t break the quantum cryptography but instead relies on weaknesses in the implementation, but hey, look how much money criminals made by not breaking EMV cryptography but instead breaking the POS terminals.
These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]