Quantum Money and Evasive Obfuscation: Solving Digital Currency Challenges

on quantum money and evasive obfuscation n.w
1 / 27
Embed
Share

Explore the world of quantum money and evasive obfuscation techniques presented by Mark Zhandry from NTT Research. Delve into the intricacies of the double-spend problem with digital currency, classical solutions, and the revolutionary potential of quantum solutions. Discover the complexities of secret key quantum money, public key quantum money according to Aaronson, and the challenges associated with PK Quantum Money in various quantum protocols.

  • Quantum Money
  • Evasive Obfuscation
  • Digital Currency
  • Mark Zhandry
  • PK Quantum Money
rayaanacharya
portilla_n Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. On Quantum Money and Evasive Obfuscation Mark Zhandry (NTT Research)

  2. The Double-Spend Problem with Digital Currency

  3. The Double-Spend Problem with Digital Currency Any classical solution needs some coordination between Alice and Bob (possibly involving third party)

  4. Enter quantum

  5. Quantum no-cloning [Park 70, Wooters-Zurek 82, Dieks 82]

  6. Secret key Quantum Money [Wiesner 70] = Unfortunately, mint required to verify money, so still need coordination

  7. Public Key Quantum Money [Aaronson 09]

  8. Public Key Quantum Money [Aaronson 09]

  9. Public Key Quantum Money [Aaronson 09]

  10. Public Key Quantum Money [Aaronson 09]

  11. Public Key Quantum Money [Aaronson 09]

  12. Public Key Quantum Money [Aaronson 09] PK Quantum money is a central object in the study of quantum protocols

  13. PK Quantum Money is Notoriously Difficult! [Aaronson 09]: random stabilizer states [Lutomirski-Aaronson-Farhi- Gosset-Hassidim-Kelner-Shor 10] [Aaronson-Christiano 12]: polynomials hiding subspaces [Pena-Fauge re-Perret 14, Christiano-Sattath 16] [Farhi-Gosset-Hassidim-Lutomirski-Shor 10]: knots [Kane 18, Kane-Sharif-Silverberg 21]: quaternion algebras [Z 19]: quadratic systems of equations [Z 19]: indistinguishability obfuscation [Roberts 21] [Khesin-Lu-Shor 22]: lattices [Liu-Montgomery-Z 23] [Liu-Montgomery-Z 23]: Walkable invariants [Bostanci-Nehoran-Z 24]: non-abelian group actions [Z 24]: abelian group actions

  14. PK Quantum Money is Notoriously Difficult! Only scheme with provable [Aaronson 09]: random stabilizer states [Lutomirski-Aaronson-Farhi- Gosset-Hassidim-Kelner-Shor 10] security under assumptions studied by wider crypto community. But use of iO is undesirable [Aaronson-Christiano 12]: polynomials hiding subspaces [Pena-Fauge re-Perret 14, Christiano-Sattath 16] [Farhi-Gosset-Hassidim-Lutomirski-Shor 10]: knots [Kane 18, Kane-Sharif-Silverberg 21]: quaternion algebras [Z 19]: quadratic systems of equations [Z 19]: indistinguishability obfuscation [Roberts 21] [Khesin-Lu-Shor 22]: lattices [Liu-Montgomery-Z 23] [Liu-Montgomery-Z 23]: Walkable invariants [Bostanci-Nehoran-Z 24]: non-abelian group actions [Z 24]: abelian group actions

  15. Can Evasive Obfuscation Suffice? Evasive obfuscation =Secure as long as adversary can t find accepting input Thm [Goyal-Koppula-Waters 17, Wichs-Zirdelis 17]: LWE obfuscation for certain evasive functions In classical world, a number of results showing how to base iO applications on milder tools, especially LWE. Often (perhaps implicitly) go through route of obfuscating evasive functions

  16. Can Evasive Obfuscation Suffice? [Z 19] is almost evasive (building on [Aaronson-Christiano 12, Ben-David-Sattath 16]) On their own, evasive except for un-interesting point at origin Obfuscate random subspace , But allows adversary to find one input in either or

  17. Our Result Very natural restrictions that capture essentially all known applications of obfuscation to quantum protocols Thm [this work]: PK Quantum Money cannot be black- box based on evasive obfuscation, supposing: Mint only makes classical obfuscation queries Verifier makes no obfuscation queries (but possibly makes quantum evaluation queries) Rough dual to [Ananth-Hu-Yuen 23], who prove impossibility when the verifier makes classical queries Cor [this work] (informal): PK Quantum Money cannot be black-box based on one-way functions, supposing the mint only makes classical queries to the OWF and the verifier is natural

  18. Step 1: Oracles for evasive obfuscation Ensures obfuscation is totally broken if any accepting input is known maps circuits to bit-strings, represents obfuscator Ignore computation, only count queries Lem [this work] (informal): Any reasonable notion of evasive obfuscation is captured by this oracle

  19. Step 2: Use Oracle To Break Quantum Money

  20. Step 2: Use Oracle To Break Quantum Money Can assume wlog that only queries to verifier were responses from prior obfuscation queries

  21. Step 2: Use Oracle To Break Quantum Money Verifiers queries can be quantum Observation: If adversary can compute all , scheme broken

  22. Step 2: Use Oracle To Break Quantum Money The attack idea: or

  23. Step 2: Use Oracle To Break Quantum Money Assume for now a single Case 1: Measuring query gives with non-negl prob. scheme broken Case 1: Measuring query gives with overwhelming prob. Can answer queries for ourselves (just output ) Oracle useless, so scheme broken

  24. Step 2: Use Oracle To Break Quantum Money The attack idea (many ): or or Hope: eventually pick up all or queries useless

  25. Step 2: Use Oracle To Break Quantum Money Measurement Principle: measuring a quantum state changes it Might not be a valid money state, so not guaranteed to get anything useful on subsequent verifications

  26. Step 2: Use Oracle To Break Quantum Money State Repair Theorem [Chiesa-Ma-Spooner-Z 21]: Under some conditions, can repair post-measurement quantum states Valid (but potentially different) money state

  27. Main open question: separate PK quantum money from OWFs without any restrictions We need classical mint queries for two reasons: 1. If learn all queries, can clone money 2. Poly-many obfuscated programs poly-many measurement outcomes employ state repair [Ananth-Hu-Yuen 23] need classical verifier queries so that they can look at the queries without perturbing the state

Related


Visual Presentation Slides from Griffin & Pustay on International Business

Visual Presentation Slides from Griffin & Pustay on International Business

langston
Tentative Timeline for Submission Process and Visual Slides

Tentative Timeline for Submission Process and Visual Slides

severin
Visual Presentation Slides for Webinar

Visual Presentation Slides for Webinar

adelheid
ARGOS Inventory by Fund Queries Presentation Slides

ARGOS Inventory by Fund Queries Presentation Slides

fionn
Slides Gallery for Presentation

Slides Gallery for Presentation

arav
Beautiful Slides Showcase

Beautiful Slides Showcase

emilie
Collection of Beautiful Slides for Presentation

Collection of Beautiful Slides for Presentation

delphi
Instructions for Using These Slides

Instructions for Using These Slides

mars
Physics Presentation Slides on Rotational Motion, Thermodynamics, and Data-Based Questions

Physics Presentation Slides on Rotational Motion, Thermodynamics, and Data-Based Questions

laila
Visual Presentation Slides Showcase

Visual Presentation Slides Showcase

luella
Collection of Slides with Descriptions

Collection of Slides with Descriptions

astraea
Visual Presentation Slides Collection

Visual Presentation Slides Collection

xochitl
Guidelines for Using UPMC PowerPoint Template

Guidelines for Using UPMC PowerPoint Template

zayd
Visual Presentation Slides Collection

Visual Presentation Slides Collection

tansy
Beautiful Presentation Slides Showcase

Beautiful Presentation Slides Showcase

asta
Visual Drill and Alphabet Presentation Slides Collection

Visual Drill and Alphabet Presentation Slides Collection

dulcie
Analysis of 'The Scholarship Jacket' by Marta Salinas

Analysis of 'The Scholarship Jacket' by Marta Salinas

absalom
Visual Presentation Slides Collection

Visual Presentation Slides Collection

talullah
Presentation Slides Showcase

Presentation Slides Showcase

aoife
Collection of Slides for Presentation

Collection of Slides for Presentation

imelda
Visual Highlights from OP-ED Slides

Visual Highlights from OP-ED Slides

numair
Efficient Method for Importing Slides into a New Presentation

Efficient Method for Importing Slides into a New Presentation

arno

More Related Content