Quantum money is a form of currency that uses the strange laws of quantum mechanics to ensure that it cannot be copied, but at the same time can be easily verified. These properties make it an ideal medium of exchange, similar to regular cash, but without the risk of counterfeiting.

The idea was first developed by physicist Steven Wisner in 1970, using the idea that any attempt to measure an unknown quantum state inevitably destroys it. By comparison, the process of measuring a known quantum state preserves it.

Wisner realized that if the details of the quantum state were kept secret, for example by a central bank, this property could be used to guarantee the authenticity of quantum money while ensuring that it could never be copied.

Since then, the idea of quantum money has become extremely influential, forming the basis of numerous experiments and quantum cryptographic techniques that have become routine.

## Quantum flaw

However, Wiesner’s formulation of quantum money has one flaw. The verification process can only be performed by a trusted authority, such as a central bank, which otherwise keeps the details of quantum states secret.

But the emergence of decentralized currencies like Bitcoin and Ether has focused attention on monetary systems that do not require centralized control.

Now, Andrei Hessin and Peter Shor of MIT and Jonathan Lu of Harvard University, both in Cambridge, have found a way to create quantum money that anyone can verify, making it completely decentralized without the need for a blockchain for secure recording of transactions.

The new approach derives its security from a form of post-quantum encryption that is resistant to attacks by quantum computers. The key to post-quantum encryption is to find problems that even a quantum computer finds difficult to solve.

One of the most promising involves the mathematical idea of a lattice, a type of multidimensional network formed by a set of vectors. The points on this grid are connected by vectors of different lengths that are easy to calculate. However, the problem of finding the shortest vectors in the lattice turns out to be difficult, especially when the lattice is random.

One approach is to calculate the distance between all points in a random grid, which will eventually find the shortest one. But as the lattice gets larger or includes more dimensions, this problem becomes mind-bogglingly difficult even for a quantum computer.

The approach Khesin and co have come up with is to encode the random lattice into the quantum properties of a quantum vapor unit, perhaps like an atomic array. Anyone who wants to copy this money must reproduce this random grid. But this can only be done if the shortest vectors are known, a task that would defeat even a quantum computer.

This ensures the security of the money. It is also easily verifiable because the lattice quantum state has specific properties that any user can test.

The result is a physical system that cannot be copied but is easily verified. “Because our monetary states are physical, they can serve as tangible but unadulterated banknotes, but they can also be transferred through quantum channels as digital money,” Hessin and company say.

And all of this is done by the buyer and seller without the need to record the transactions, just like regular cash is used today. “Verification of ownership can be performed locally and offline without the need for global synchronization through mechanisms such as blockchains,” the team said.

## Blockchain bust

This is interesting work with significant implications. One of the disadvantages of decentralized cryptocurrencies is the huge energy expenditure required to encrypt and maintain the blockchain. Bitcoin is currently believed to be more energy than the entire country of Argentina consumes and is clearly unsustainable in the long term.

Quantum money has the potential to work without these overheads. It is also inherently anonymous, just like cash, which will be a popular property. “Our quantum money also offers advantages unattainable by classical cryptocurrencies or physical accounts,” the researchers say. But it will become possible to use it only when the infrastructure exists to send quantum information easily and cheaply. In other words, quantum money first requires a full quantum internet, a technology that is surely but slowly emerging.

There may be another application that is likely to take place first. Khesin and co raise the possibility that the same technique could provide copy protection in the quantum world.

And they have plans in that direction. “A next step is to adapt the quantum money algorithm to an anti-piracy protocol that protects the quantum computation (i.e. chain) from duplication.”

Watch this space – quantum copy protection, if not quantum money, could soon be a reality.

Ref: Publicly Verifiable Quantum Money from Arbitrary Lattices: arxiv.org/abs/2207.13135