Are non-secret-based quantum money mini-schemes susceptable to Jogenfors' "reuse attack?"



Aaronson and Christiano call public-key or private-key quantum mini-schemes $\mathcal M$ secret-based if a mint works by first uniformly generating a secret random classical strings $r$, and then generating a banknote $\$:=(s_r,\rho_r)$, where $s_r$ is a (classical) serial number corresponding to the quantum state $\rho_r$.

They state:

Intuitively, in a secret-based scheme, the bank can generate many identical banknotes $s$ by simply reusing $r$, while in a non-secret-based scheme, not even the bank might be able to generate two identical banknotes. ´╝łemphasis in original).

In characterizing a putative distributed quantum currency based on Aaronson and Christiano's secret-based scheme, Jogenfors describes a "reuse attack." For example he colorfully envisions someone, say Alice, who has minted and distributed a coin $\$_r$, and learns that the coin is in possession of a political rival Bob; she uses her secret knowledge of $r$ to mint and distribute a large number of identical coins $\$_r$, thus devaluing the coins in Bob's possession. Jogenfors describes a novel approach to prevent this attack, for example as discussed here.

However, would the above attack even work with a non-secret-based scheme?

If not even Alice can produce copies of her own coins that she's minted, then she has no way devaluing any others that have been distributed.

Mark S

Posted 2018-07-24T00:11:30.247

Reputation: 4 273

No answers