← Latest papers
⚛️ quantum physics

A Note on Publicly Verifiable Quantum Money with Low Quantum Computational Resources

This paper presents a publicly verifiable quantum money protocol that requires minimal quantum computational resources by leveraging one-time memories and conjugate coding to prevent double spending while also enabling quantum tokens for digital signatures.

Original authors: Fabrizio Genovese, Lev Stambler

Published 2026-03-16
📖 6 min read🧠 Deep dive

Original authors: Fabrizio Genovese, Lev Stambler

Original paper licensed under CC BY 4.0 (http://creativecommons.org/licenses/by/4.0/). This is an AI-generated explanation of the paper below. It is not written or endorsed by the authors. For technical accuracy, refer to the original paper. Read full disclaimer

The Big Idea: Digital Cash That Can't Be Copied

Imagine you have a magical banknote. In the real world, if you try to photocopy a $20 bill, the machine jams or the copy looks fake. In the digital world, copying a file is as easy as pressing "Ctrl+C" and "Ctrl+V." This is why digital money usually needs a central bank (like a server) to check if you've spent it twice.

Quantum money solves this using the laws of physics. It relies on a rule called the No-Cloning Theorem: You cannot make a perfect copy of a mysterious quantum object. If you try to look at it too closely to copy it, you accidentally break it.

This paper introduces a new way to make this quantum money that is:

  1. Publicly Verifiable: Anyone can check if it's real (like checking a serial number), not just the bank.
  2. Low-Tech: It doesn't need a super-powerful quantum computer. It only needs simple equipment similar to what is already used for secure internet connections (Quantum Key Distribution).

The Core Ingredients

To build this money, the authors use three main tools:

1. The "Conjugate Coding" (The Two-Faced Coin)

Imagine a special coin that can be either Heads/Tails (Z-basis) or Red/Blue (X-basis).

  • If you know the coin is "Heads/Tails," you can check it easily.
  • If you check a "Red/Blue" coin using a "Heads/Tails" detector, you get a random result (50/50 chance).
  • The Magic: You cannot know both the Heads/Tails state and the Red/Blue state at the same time. If you try to measure one, you destroy the information about the other.

2. The "One-Time Memory" (The Tamper-Proof Box)

This is a small, secure hardware device (like a high-tech safe or a specialized chip).

  • Inside the box, the bank stores two secret passwords: Password A and Password B.
  • The box has a rule: You can ask for either A or B, but never both.
  • Once you ask for A, the box "forgets" B forever. It's a one-time use.
  • Note: The paper assumes these boxes are physically secure (like a bank vault) so no one can break them open to steal both passwords.

3. The "Hash Function" (The Digital Fingerprint)

This is a mathematical machine that turns a long, complex password into a short, unique code (like a fingerprint).

  • It is easy to turn a password into a fingerprint.
  • It is impossible to turn the fingerprint back into the password.

How the Money Works (The Recipe)

Step 1: Minting (Creating the Bill)

The Bank creates a quantum banknote. It's not just a piece of paper; it's a bundle of:

  • Classical Data: A list of "fingerprints" (hashes) of two secret passwords for every single "One-Time Memory" (OTM) on the bill. The bank signs this list to prove it's real.
  • Quantum Data: A series of quantum states (the "magic coins") sent to the OTMs. These states are linked to the passwords.

Think of the banknote as a lucky draw ticket with 100 little boxes (OTMs) attached to it. Each box contains a secret, and the bank has printed the "fingerprint" of what's inside on the back of the ticket.

Step 2: Spending (Transferring the Bill)

You want to buy a coffee. You hand the banknote to the shop.

  • You send the classical data (the fingerprints) to the shop.
  • You send the quantum data (the magic coins/OTMs) to the shop via a quantum channel.
  • Crucial Point: Because of the "No-Cloning" rule, you cannot keep a copy of the quantum data. Once you send it, you lose it. You can't spend the same bill twice.

Step 3: Verification (Checking the Bill)

The shop doesn't trust you. They need to check if the bill is real. They can't check everything (because that would destroy the bill), so they play a game of "Cut and Choose":

  1. The shop picks a random handful of the 100 boxes (OTMs) to open.
  2. They ask the box: "Give me the password for option A (or B)."
  3. The box gives them the password.
  4. The shop takes that password, runs it through the "Fingerprint Machine" (Hash), and checks if it matches the fingerprint printed on the back of the bill.
  5. If it matches: The bill is likely real.
  6. If it doesn't match: The bill is fake.

Why is this safe?
If a hacker tried to fake the bill, they would need to know both passwords for the boxes they didn't open. But because of the "One-Time Memory" rule and the laws of quantum physics, they can only get one password per box. To fake the bill, they would have to guess the missing passwords. Since the passwords are long and complex, guessing them is like winning the lottery every single time—it's statistically impossible.

The "Consumable" Nature of the Bill

Here is the catch: Every time you verify the bill, you use up a few of the boxes.

  • If you check 10 boxes, those 10 boxes are now "used."
  • The bill still works, but it has fewer boxes left for future checks.
  • Eventually, the bill runs out of boxes. At that point, you take the "used" bill back to the bank. The bank sees the remaining fingerprints, verifies them, and gives you a brand new bill with fresh boxes.

This is similar to how physical cash gets worn out. You can't use a shredded $20 bill, so you take it to the bank to get a new one.

Why is this a Big Deal?

  1. No Central Server Needed: Unlike Bitcoin, which needs a massive network of computers to agree on who owns what, this money works peer-to-peer. You and the shop can verify it instantly without asking the bank.
  2. Privacy: Since there is no central ledger, no one can track your spending history. It's as private as handing cash to a friend.
  3. Realistic Tech: Previous ideas for quantum money required giant, futuristic quantum computers. This paper says, "We can do this with simple, existing quantum tech (like fiber optics for secure internet) and a secure hardware chip."

Summary Analogy

Imagine a Magic Ticket with 100 sealed envelopes attached to it.

  • The Bank writes a secret code inside each envelope.
  • The Bank prints the scrambled version of the code on the outside of the ticket.
  • To verify the ticket, the shop tears open 5 random envelopes, checks if the code inside matches the scrambled version outside, and then throws those envelopes away.
  • If the codes match, the ticket is real.
  • Because of physics, a forger cannot peek inside all the envelopes without destroying the ticket.
  • Once you've checked enough envelopes, the ticket is "spent," and you trade it in for a fresh one.

This paper proves that we can build this system today using technology that is just around the corner, making "un-copyable" digital cash a reality.

Drowning in papers in your field?

Get daily digests of the most novel papers matching your research keywords — with technical summaries, in your language.

Try Digest →