Semi-Quantum Money

TL;DR

This paper introduces semi-quantum money, enabling quantum money transactions with purely classical communication and a classical bank, by combining classical minting and verification methods.

Contribution

It presents the first semi-quantum money schemes with classical communication, including both public and private variants, and proves a perfect parallel repetition theorem for NTCF.

Findings

First semi-quantum money schemes with classical communication

Construction based on Zhandry and Coladangelo's work for public scheme

Private scheme based on Noisy Trapdoor Claw Free Functions (NTCF)

Abstract

Quantum money allows a bank to mint quantum money states that can later be verified and cannot be forged. Usually, this requires a quantum communication infrastructure to transfer quantum states between the user and the bank. Gavinsky (CCC 2012) introduced the notion of classically verifiable quantum money, which allows verification through classical communication. In this work we introduce the notion of classical minting, and combine it with classical verification to introduce semi-quantum money. Semi-quantum money is the first type of quantum money to allow transactions with completely classical communication and an entirely classical bank. This work features constructions for both a public memory-dependent semi-quantum money scheme and a private memoryless semi-quantum money scheme. The public construction is based on the works of Zhandry and Coladangelo, and the private construction is based on the notion of Noisy Trapdoor Claw Free Functions (NTCF) introduced by Brakerski et al. (FOCS 2018). In terms of technique, our main contribution is a perfect parallel repetition theorem for NTCF.