Contributed Talk 3a (original 2c)

Abstract: Quantum information allows us to build quantum money schemes, where a bank can issue banknotes in the form of authenticatable quantum states that cannot be cloned or counterfeited: a user in possession of k banknotes cannot produce k + 1 banknotes. Similar to paper banknotes, in existing quantum money schemes, a banknote consists of an unclonable quantum state and a classical serial number, signed by the bank. Thus, they lack one of the most fundamental properties cryptographers look for in a currency scheme: privacy/anonymity. In this work, we construct the first public-key quantum coin scheme, that is, a money scheme where all banknotes are identical. Assuming existence of subspace-hiding obfuscation, we construct a public-key quantum coin scheme. Further, we show that quantum coins do not necessarily provide privacy against all adversaries. Therefore, we develop formal definitions of privacy for quantum money schemes. Then, we construct the first public-key quantum money schemes that satisfy these security notions. Namely, assuming existence of indistinguishability obfuscation (iO) and hardness of Learning with Errors (LWE), we construct a public-key quantum money scheme with anonymity against users and traceability by authorities. a public-key quantum money scheme with untraceability (i.e. not even the bank/authorities can track banknotes). As another application, we show that the no-cloning principle allows us to construct schemes, with advanced security guarantees that are classically impossible, for a seemingly unrelated application: voting! Assuming existence of iO and hardness of LWE, we construct a universally verifiable quantum voting scheme with classical votes. Finally, to achieve our results, we develop a variety of technical tools, which we believe might be of independent interest. We show a new result called quantum-state read-once small-range distributions, which shows how to simulate superposition query access to an exponential size oracle with quantum-state outputs using single copy each of polynomially many state samples. We construct a deterministic classical signature scheme secure against quantum-query access to the signing oracle. We construct publicly rerandomizable encryption with strong correctness from LWE, where no adversary is able to produce a malicious ciphertext and a malicious random tape such that the ciphertext before and after rerandomization (with the malicious tape) decrypts to different values.

Abstract: Random numbers are used in a wide range of sciences. In many applications, generating unpredictable private random numbers is indispensable. Device-independent quantum random number generation is a framework that makes use of the intrinsic randomness of quantum processes to generate numbers that are fundamentally unpredictable according to our current understanding of physics. While device-independent quantum random number generation is an exceptional theoretical feat, the difficulty of controlling quantum systems makes it challenging to carry out in practice. It is therefore desirable to harness the full power of the quantum degrees of freedom (the dimension) that one can control. It is known that no more than 2log(d) bits of private device-independent randomness can be extracted from a quantum system of local dimension d. In this paper we demonstrate that this bound can be achieved for all dimensions d by providing a family of explicit protocols. In order to obtain our result, we develop new certification techniques that can be of wider interest in device-independent applications for scenarios in which complete certification ('self-testing') is impossible or impractical. With our C*-algebra representation tools, we are able to device-independently certify non-projective measurements for the purpose of randomness generation. Our protocols use a class of measurements we call "balanced informationally complete" (BIC) POVMs, which we anticipate to be useful in scenarios where normally symmetric informationally complete (SIC) POVMs are useful. Moreover, we explicitly construct BIC-POVMs in every dimension, circumventing the problem with SIC-POVMs which are only conjectured to exist in every dimension.

Abstract: Quantum no-cloning theorem gives rise to the intriguing possibility of quantum copy protection where we encode a program or functionality in a quantum state such that a user in possession of k copies cannot create k + 1 copies, for any k. Introduced by Aaronson (CCC’09) over a decade ago, copy protection has proven to be notoriously hard to achieve. Previous work has been able to achieve copy-protection for various functionalities only in restricted models: (i) in the bounded collusion setting where k → k + 1 security is achieved for a-priori fixed collusion bound k (in the plain model with the same computational assumptions as ours, by Liu, Liu, Qian, Zhandry [TCC’22]), or, (ii) only k → 2k security is achieved (relative to a structured quantum oracle, by Aaronson [CCC’09]). In this work, we give the first unbounded collusion-resistant (i.e. multiple-copy secure) copy protection schemes, answering the long-standing open question of constructing such schemes, raised by multiple previous works starting with Aaronson (CCC’09). More specifically, we obtain the following results. We construct (i) public-key encryption, (ii) public-key functional encryption, (iii) signature and (iv) pseudorandom function schemes whose keys are copy-protected against unbounded collusions in the plain model (i.e. without any idealized oracles), assuming (post-quantum) subexponentially secure iO and LWE. We show that any unlearnable functionality can be copy-protected against unbounded collusions, relative to a classical oracle. As a corollary of our results, we rule out the existence of hyperefficient quantum shadow tomography, – even given non-black-box access to the measurements, assuming subexponentially secure iO and LWE, or, – unconditionally relative to a quantumly accessible classical oracle, and hence answer an open question by Aaronson (STOC’18). We obtain our results through a novel technique which uses identity-based encryption to construct multiple copy secure copy-protection schemes from 1-copy → 2-copy secure schemes. We believe our technique is of independent interest. Along the way, we also obtain the following results. We define and prove the security of new collusion-resistant monogamy-of-entanglement games for coset states. We construct a classical puncturable functional encryption scheme whose master secret key can be punctured at all functions f such that f(m0) ̸= f(m1).

Abstract: We present the strategic framework and technical foundations behind the development of the National Quantum-Safe Network (NQSN) in Singapore—a resilient, fully interoperable quantum-safe network. The testbed features a star-topology architecture built on production-grade fiber infrastructure, supporting multi-protocol quantum key distribution (QKD) and diverse applications from multiple vendors. A centralised key and network management system underpins its interoperability, enabling seamless integration across technologies. We further explore a range of quantum-secured use cases, including data center connectivity, edge computing, hybrid QKD–post-quantum cryptography (PQC) encryption, and multi-layer integration within the OSI stack. These technical insights demonstrate the feasibility and flexibility of deploying quantum-safe capabilities in a multi-input, multi-output network environment.