Less is More: How One Copy Can Be Enough to Secure the Quantum Future

Imagine you are trying to protect a secret recipe. In the classical world, if you give a thief a photocopy of the recipe, they can make a million more copies. But in the quantum world, there is a fundamental law called the No-Cloning Theorem. It says you cannot make a perfect copy of a mysterious quantum object. If you try, you ruin it.

This paper tackles a tricky problem in quantum cryptography: How many copies of a secret quantum state can we safely give to a hacker before the whole system breaks?

The Problem: The "Copy" Confusion

In quantum security, definitions matter a lot.

Scenario A (One Copy): You give the hacker one quantum coin. They try to copy it. They fail. The system is secure.
Scenario B (Many Copies): You give the hacker ten, a hundred, or a thousand copies of that same coin. Suddenly, the hacker might be able to use "shadow tomography" (a fancy way of looking at the coin from many angles) to figure out how to fake it.

For years, cryptographers worried that if a system was safe with one copy, it might be totally useless if the hacker got many copies. This made designing secure quantum money or copy-protected software very difficult.

The Big Discovery: "The Magic Purification"

The authors of this paper, Prabhanjan Ananth and Eli Goldin, found a clever trick. They proved that if a system is secure against one copy, it is automatically secure against many copies (up to a reasonable number), provided you use a specific "magic" construction.

They call this a "Purification Compiler."

The Analogy: The Secret Recipe and the "Ghost" Ingredients

Imagine you have a secret recipe (the Mixed State).

The Problem: If you give the recipe to a chef (the hacker) as a blurry photocopy (a mixed state), and they get 100 blurry photocopies, they might be able to piece together the original ingredients.
The Solution: Instead of giving them the blurry photocopy, you give them a perfect, high-definition original (a Pure State) that looks exactly like the blurry photocopy when you squint at it.

Here is the magic:

You create a special "master version" of the recipe that includes some hidden, random "ghost ingredients" (ancilla registers) that the hacker can't see.
When the hacker looks at this master version, it looks exactly like the blurry photocopy.
The Twist: Even if the hacker gets 100 copies of this master version, they still can't figure out the secret recipe. Why? Because the "ghost ingredients" are randomized in a way that scrambles the information across all 100 copies.

The authors proved mathematically that giving the hacker 100 copies of the "master version" is no better for them than giving them 100 copies of the original "blurry photocopy."

If the blurry photocopy was secure against 100 copies, then the master version is also secure.

What This Means for Real Life

This discovery is a game-changer because it allows us to build stronger quantum tools using weaker, easier-to-build foundations.

1. Quantum Money (The Unfakeable Bill)

Old Problem: We could make quantum bills that were hard to fake if the bank only gave you one. But if a criminal got a stack of 100 bills, they might be able to forge a new one.
New Result: Using this paper's method, we can now build Public-Key Quantum Money that is secure even if the criminal has a truckload of identical bills. The "ghost ingredients" ensure that having more bills doesn't help the criminal.

2. Copy Protection (The Un-copyable Software)

Old Problem: Imagine you buy a video game on a quantum chip. If the game is "copy-protected," you can play it, but you can't share it. But what if the hacker gets 10 copies of the game chip? Maybe they can combine them to make a 11th copy.
New Result: The authors show how to take a game that is safe against 1 copy and turn it into a game that is safe against 100 copies. The hacker can't combine the copies to break the protection.

3. Pseudorandomness (The Fake Randomness)

Old Problem: Cryptographers use "fake random" numbers (pseudorandomness) to hide data. Some generators were only safe if you used them once.
New Result: Now, we can take a generator that is safe for one use and "stretch" it to be safe for thousands of uses without making the keys any bigger or the math any harder.

The "Less is More" Takeaway

The title of the paper, "Less is More," is a bit ironic. Usually, having more copies of a secret makes it less secure.

But this paper shows that if you design your system correctly (using their "Purification Compiler"), having more copies of the new version doesn't help the hacker at all. You can start with a simple, "one-copy" secure system and magically upgrade it to be "many-copy" secure.

In short: You don't need to invent a whole new type of quantum lock to stop hackers with a warehouse full of copies. You just need to wrap your existing lock in a special quantum "scrambler" that makes having extra copies useless.

This bridges the gap between theoretical security and practical reality, paving the way for unbreakable quantum money and un-copyable software in the future.

Here is a detailed technical summary of the paper "Less is More: On Copy Complexity in Quantum Cryptography" by Prabhanjan Ananth and Eli Goldin.

1. Problem Statement

Quantum cryptographic definitions are uniquely sensitive to the copy complexity of the cryptographic states revealed to an adversary. Unlike classical cryptography, where providing multiple copies of a secret usually does not change the security landscape (unless the secret is a one-time pad), quantum mechanics imposes the No-Cloning Theorem. Consequently, security definitions must specify whether an adversary receives:

One copy (or a bounded number of copies).
Multiple independent (i.i.d.) copies of mixed states.
Multiple identical copies of pure states.

The paper highlights that these distinctions are not merely semantic but have drastic implications for computational hardness and feasibility. For instance:

Pseudorandom States (PRSGs): Single-copy "stretch" PRSGs (where key length < state length) are believed to be strictly weaker than multi-copy PRSGs. Some primitives (like quantum pseudo one-time pads) are known to be constructible from multi-copy secure PRSGs but not from stretch PRSGs.
Unclonable Cryptography: Many constructions (e.g., quantum money, copy-protection) are secure against adversaries with one copy but are easily broken if the adversary receives multiple copies (via shadow tomography or cloning attacks).

The Core Question: Under what conditions does single-copy security imply multi-copy security? Can we construct schemes that remain secure even when the adversary receives $t$ copies (for any polynomial $t$ ) starting from schemes that are only known to be secure against one copy?

2. Methodology: The "Purification Compiler"

The authors introduce a generic technique to boost security from single-copy (or i.i.d.-copy) settings to multi-copy (identical-copy) settings. The core of their approach is a simulation theorem that allows one to simulate a family of pure states (which are hard to clone) using a family of mixed states (which are easier to generate but less secure against cloning).

Key Technical Insight

The authors leverage the Compressed Oracle framework and Quantum One-Time Pads.

The Setup: Consider a family of mixed states $\{\sigma_i\}$ . Let $\{|\phi_i\rangle_{AB}\}$ be their corresponding purifications, where register $A$ is the system of interest and $B$ is the purifying register.
The Construction: They construct a new family of pure states $\{|\psi_k\rangle\}$ parameterized by random functions $f_1, f_2, f_3, f_4$ . The state is defined as a superposition over the original family, with random phases and controlled quantum one-time pads applied to the purifying register $B$ :
$|\psi_{f_1, f_2, f_3, f_4}\rangle = \sum_i \frac{\omega^{f_1(i)}}{\sqrt{N}} (I_A \otimes X^{f_2(i)} Z^{f_3(i)}) |\phi_{f_4(i)}\rangle_{AB} |i\rangle_C$
The Simulation Theorem (Main Theorem): They prove that for any polynomial $t$ $t$ , $t$ $t$ copies of a random sample from this new pure state family ( $|\psi_k\rangle^{\otimes t}$ $∣ ψ_{k} ⟩^{\otimes t}$ ) can be efficiently simulated by an adversary given $t$ $t$ independent copies of the original mixed states ( $\sigma_{i_1} \otimes \dots \otimes \sigma_{i_t}$ $σ_{i_{1}} \otimes \dots \otimes σ_{i_{t}}$ ).
- Intuition: The random phases and one-time pads effectively "scramble" the correlations between the copies. When the adversary holds $t$ copies of the mixed state, they can use a simulator to generate a state indistinguishable from $t$ copies of the pure state.
- Conversely: If the original mixed state family is secure against $t$ independent copies (i.i.d. security), then the constructed pure state family is secure against $t$ identical copies.

3. Key Contributions and Results

The paper applies this generic theorem to three major areas of quantum cryptography, yielding the first constructions of identical-copy secure primitives in several settings.

A. Pseudorandomness

Result: One-copy stretch Pseudorandom State Generators (PRSGs) imply the existence of $t$ -copy stretch PRSGs.
Condition: The original PRSG must have a bounded-size ancilla register.
Significance: This resolves a gap in "microcrypt" (primitives believed to exist even without one-way functions). It shows that the weaker "stretch" definition (often easier to construct) is sufficient to build stronger multi-copy secure versions, provided the ancilla is small.
Extension: Similar results are shown for Pseudorandom Unitaries (PRUs). One-query short-key PRUs imply $t$ -query non-adaptively secure PRUs.

B. Unclonable Cryptography: Public-Key Quantum Money

Problem: Existing public-key quantum money schemes are typically "i.i.d. secure" (secure against independent copies) but not "identical-copy secure" (secure against multiple copies of the same state).
Result: Assuming the existence of post-quantum secure Pseudorandom Functions (PRFs) and a standard (i.i.d. secure) public-key quantum money scheme, the authors construct a multi-copy secure public-key quantum money scheme.
Significance: This provides the first construction of identical-copy secure public-key quantum money. This is crucial for scenarios involving noisy quantum systems (where more copies might be needed for verification) and untraceability (where all banknotes must be indistinguishable).

C. Unclonable Cryptography: Copy-Protection

Problem: Copy-protection schemes usually guarantee that an adversary cannot split a program into two parts that both compute the function. Previous works focused on i.i.d. security.
Result: Assuming post-quantum PRFs and an i.i.d.-copy secure copy-protection scheme, the authors construct a scheme satisfying identical-copy security.
Significance: This is the first construction of copy-protection that remains secure even if the adversary receives $t$ identical copies of the protected program, rather than just independent samples.

4. Technical Overview of the Proof Strategy

Simulator Construction: The authors define a simulator Sim that takes $t$ copies of a mixed state $\sigma^{\otimes t}$ and outputs a state indistinguishable from $t$ copies of the purified state $|\psi\rangle^{\otimes t}$ .
Hybrid Arguments:
- For States: They use a hybrid argument replacing the random functions in the construction with truly random functions, then replacing the underlying PRSG with Haar random states. They show that the simulator's output on Haar random states is statistically close to $t$ copies of a Haar random state.
- For Unitaries: They extend the technique to unitaries using a "path-recording" method (from [MH24]) to handle adaptive queries. They show that a parallel query to the constructed unitary family can be simulated by querying distinct random unitaries from the base family.
Error Analysis: The trace distance between the simulated state and the target state is bounded by $O(t^2 / 2^n)$ , which is negligible for polynomial $t$ and sufficiently large $n$ .

5. Significance and Impact

Unification of Security Models: The paper demonstrates that for many cryptographic primitives, the distinction between "single-copy" and "multi-copy" security is not a fundamental barrier but a constructible property. It bridges the gap between weaker, more feasible assumptions (like stretch PRSGs) and stronger security guarantees.
New Constructions: It provides the first concrete constructions for identical-copy secure quantum money and copy-protection, which were previously open problems or required stronger, less plausible assumptions.
Generic Framework: The "Purification Compiler" (the main theorem) is a versatile tool that can be applied to any cryptographic primitive where the output is a mixed state derived from a pure state family. It suggests a new paradigm for designing quantum cryptographic schemes: design for i.i.d. security first, then apply the compiler to achieve identical-copy security.
Relation to Concurrent Work: The paper acknowledges concurrent work by [C¸GK+25] and [TWZ25] which also explore purification channels. The authors distinguish their work by providing a more generic construction that does not require specific structural properties of the underlying protocol (unlike [C¸GK+25]) and offers a simpler analysis without heavy representation theory (unlike [TWZ25]), albeit with slightly different error bounds.

In summary, "Less is More" establishes that in the quantum realm, having fewer copies (in the definition) does not necessarily mean weaker security; with the right construction, single-copy security can be "boosted" to multi-copy security, unlocking new possibilities for robust quantum cryptographic primitives.

Less is More: On Copy Complexity in Quantum Cryptography