Impersonating Quantum Secrets over Classical Channels

TL;DR

This paper demonstrates that classical communication between entangled quantum parties can be exploited by eavesdroppers to impersonate parties, impacting the security of quantum money schemes and linking the existence of one-way puzzles to authentication protocols.

Contribution

It establishes a connection between impersonation attacks over classical channels and the non-existence of one-way puzzles, extending the understanding of quantum money verification limitations.

Findings

Eavesdroppers can impersonate quantum parties over classical channels.

Quantum money schemes verified only through classical queries are not information-theoretically secure.

Reusability of authentication schemes implies the existence of one-way puzzles.

Abstract

We show that a simple eavesdropper listening in on classical communication between potentially entangled quantum parties will eventually be able to impersonate any of the parties. Furthermore, the attack is efficient if one-way puzzles do not exist. As a direct consequence, one-way puzzles are implied by reusable authentication schemes over classical channels with quantum pre-shared secrets that are potentially evolving. As an additional application, we show that any quantum money scheme that can be verified through only classical queries to any oracle cannot be information-theoretically secure. This significantly generalizes the prior work by Ananth, Hu, and Yuen (ASIACRYPT'23) where they showed the same but only for the specific case of random oracles. Therefore, verifying black-box constructions of quantum money inherently requires coherently evaluating the underlying cryptographic tools, which may be difficult for near-term quantum devices.