Will Quantum Money replace cryptocurrency? (Part 2)
An idea from four decades ago might provide a green alternative to Bitcoin. This is part 2 in a series of articles on Quantum Money. Read part 1 here.
In part 1 of this series, we learned about some basic concepts in quantum computing that are needed for designing quantum money, including qubits and quantum superposition. In this article, we will use these concepts to describe Stephen Wiesner’s famous quantum money scheme, which harnesses the principles of quantum computing to define a system of currency that is guaranteed by the laws of quantum physics to be forgery-proof.
After reading this article, you will understand the idea behind Wiesner’s proposal for Quantum Money. In particular, we will see how one of the most mysterious phenomena in quantum mechanics — wave function collapse–makes it possible to create quantum banknotes that are forgery-proof. We will also discuss how this is fundamentally different from digital cryptocurrencies such as Bitcoin, which do not have the same type of security guarantee.
Although Wiesner’s scheme dates back to the early 80’s, a formal, mathematical proof of its validity was only published in 2013. [1] [2] After reading this article, you will understand the intuition behind Wiesner’s proposal for quantum money.
To witness the birth of quantum money, we will need to travel back in time more than four decades. As professor Scott Aaronson narrates in his blog “shtetl-optimized”, the main character of this story was Stephen Wiesner, a colorful figure who discovered many of the key ideas in quantum information theory while still a graduate student at Columbia university in the ‘60s and ‘70s, before leaving academia and eventually becoming a devoutly Orthodox Jewish construction laborer in Jerusalem.
During his graduate studies, Wiesner wrote a paper entitled “Conjugate Coding”. The paper was rejected once remained unpublished until 1983, although its insights already attracted interest and made an impact on groundbreaking research in the field.
Wiesner’s key idea that enables quantum money is that quantum states are altered by observation–an observer cannot determine the state of a system with certainty without irreversibly altering the information that it contains. This can be used to create currency which uses a quantum state as a unique identifier. This identifier cannot be forged by an attacker without changing its contents, and the forgery will not pass verification at the bank.
Let’s now take a closer look at exactly how this would work.
First, consider physical currency and its limitations. A (classical) banknote is a physical document issued by a bank or monetary authority. It usually serves as legal tender, meaning that it is legally required to be accepted as payment of debts.
Banknotes have a unique serial number which identifies them, as seen above (0000000).
The problem is that a malicious actor could forge (counterfeit) banknotes by physically copying them:
As long as the banknote looks legitimate and the serial number is valid, the banknote will be accepted as payment. Classical banknotes use anti-counterfeiting measures such as holographic printing to make them physically difficult to copy. This leads to a cat-and-mouse game between monetary authorities and forgers.
Digital currency replaces physical banknotes with assets stored on computer systems. These have many advantages due to not being tied to any physical form. But how can we prevent them from being forged?
Now let’s consider how quantum computing could help solve this problem. Recall from part 1 that quantum computers store quantum states as collections of qubits. A qubit could be a particle in a state such as |ψ⟩=α|0⟩+β|1⟩, a superposition of the classical (bit) states |0⟩ and |1⟩. The state of a multi-qubit system can also be written using the notation |ψ⟩, and it might consist of many qubits in superposition or even entangled with each other. But don’t worry about quantum entanglement — we won’t need to discuss it in this article. For now, imagine a collection of many qubits with states like the ones we discussed before.
Wiesner’s quantum money scheme uses the following idea: A quantum banknote consists of a quantum state issued by a bank along with a unique serial number:
This is a form of digital currency because these would both be stored in a quantum computer. [3]
Just like a serial number needs to contain many digits in order to be secure, the quantum state |ψ⟩ must contain many qubits. We will say that it is made up of n qubits, and we will soon see how large n must be for our quantum banknote to be secure. In Wiesner’s scheme, each of these n qubits is in one of four possible quantum states: |0⟩, |1⟩, |+⟩, or |–⟩.
What does this mean exactly? We saw in part 1 that a qubit could be implemented with a photon, a single particle of light, and its state is the light’s polarization. |0⟩ and |1⟩ represent horizontal and vertical polarization. Light polarized at 45° and -45° angles have the respective quantum states
In other words, each qubit could be implemented as a photon with 0°, 90°, 45°, or -45° polarization.
We can write the state of a collection of qubits with the tensor product symbol ⊗. For example, suppose we have a collection of qubits where the first qubit has state |+⟩, the second has state |0⟩, and the third has state |1⟩. Then the state of the entire system is |ψ⟩ = |+⟩ ⊗ |0⟩ ⊗ |1⟩. The tensor product has a precise mathematical meaning, but for now you can treat it as a symbol that combines separate quantum states. [4]
Now returning to quantum banknotes: The banknote holder receives a serial number and a quantum state |ψ⟩, sent as a collection of n qubits. The bank created this state and it keeps a record of the state issued for each serial number. The banknote holder receives |ψ⟩, but cannot know exactly what this state is without performing a measurement on it.
The security of this quantum banknote lies in a fundamental fact of quantum mechanics: measuring a system changes it irreversibly. The banknote holder can use the banknote and the bank can compare it to the state on record, but the banknote holder would need to measure the quantum state to know exactly which qubits were combined to make it. If the holder tries to forge the banknote, this measurement may change the states of the qubits in the note. With high probability, the forged banknote will no longer pass verification when used since its state has changed.
In quantum mechanics, this fact about measurement is due to wave function collapse. In quantum information theory, this is the basis for the no-cloning theorem, which asserts that quantum states cannot be copied without destroying some of the information in the original state.
You may be wondering how this is different from cryptocurrencies such as Bitcoin. What is the fundamental advantage of quantum money?
Cryptocurrencies use digital cryptography to protect information such as ownership of currency. For example, Bitcoin uses elliptic-curve cryptography. The basic idea of these methods is that breaking the encryption would require performing calculations which are believed to be difficult for any computer to perform in a reasonable amount of time. Although this has been practically effective, it relies on unproven assumptions about the difficulty of certain problems. Some methods such as RSA could be broken by quantum computers, but even quantum-resistant cryptosystems rely on the famous unsolved P versus NP problem.
On the other hand, quantum money is guaranteed to be secure against forgery because of the laws of quantum physics. Although it is challenging to build quantum computers with enough qubits to implement it in practice, Wiesner’s quantum money scheme does not rely on unproven computational assumptions, but only on properties of the universe.
Another advantage of quantum money is that cryptocurrencies have a huge energy cost. According to Jeremy Hinsdale from Columbia’s Climate School, Bitcoin currently (as of 2022) consumes more energy each year than the entire country of Argentina. This rising and unsustainable thirst for energy is due to the nature of how cryptocurrencies keep track of ownership on the blockchain. By contrast, quantum money allows easy and efficient minting of currency and verification of ownership, without this rising energy cost.
One disadvantage of Wiesner’s original quantum money scheme is that it is centralized, unlike Bitcoin and other cryptocurrencies. We saw that the system relies on a central bank which issues quantum states and serial numbers, and is responsible for verifying these quantum banknotes. There is ongoing research into decentralized quantum money that any user could verify without needing either a central bank or a blockchain. For cutting-edge research from this year on the topic, see [5] [6].
This was part 2 in a multi-article series on quantum money. See part 1 for background information.
Footnotes and References
[1] Wiesner, Stephen. “Conjugate coding.” ACM Sigact News 15.1 (1983): 78–88. Available at https://dl.acm.org/doi/pdf/10.1145/1008908.1008920
[2] Molina, Abel, Thomas Vidick, and John Watrous. “Optimal counterfeiting attacks and generalizations for Wiesner’s quantum money.” Conference on Quantum Computation, Communication, and Cryptography. Springer, Berlin, Heidelberg, 2012. Available at https://arxiv.org/pdf/1202.4010.pdf
[3] However, maybe some day it will become possible to embed quantum memory in a physical slip of paper. If so, we might circle back to physical money with quantum security!
[4] This also means that the states are not entangled with each other. Quantum states with entanglement might not be separable, meaning they might not be expressible as the tensor product of smaller states.
[5] Khesin, Andrey Boris, Jonathan Z. Lu, and Peter W. Shor. “Publicly verifiable quantum money from random lattices.” arXiv preprint arXiv:2207.13135 (2022). Available at https://arxiv.org/abs/2207.13135
[6] A news article describing this research is available on the Physics arXiv blog: Why Quantum Money Could Replace Blockchain-Based Cryptocurrencies (2022)
Morris Alper is a data scientist located in Tel Aviv, Israel. He is the Data Science Lead and Lecturer at Israel Tech Challenge and a current MSc student in Computer Science at Tel Aviv University. For more information and contact details, see https://morrisalp.github.io/.
