Unclonable Cryptography in Linear Quantum Memory (2511.04633v1)

Published 6 Nov 2025 in quant-ph and cs.CR

Abstract: Quantum cryptography is a rapidly-developing area which leverages quantum information to accomplish classically-impossible tasks. In many of these protocols, quantum states are used as long-term cryptographic keys. Typically, this is to ensure the keys cannot be copied by an adversary, owing to the quantum no-cloning theorem. Unfortunately, due to quantum state's tendency to decohere, persistent quantum memory will likely be one of the most challenging resources for quantum computers. As such, it will be important to minimize persistent memory in quantum protocols. In this work, we consider the case of one-shot signatures (OSS), and more general quantum signing tokens. These are important unclonable primitives, where quantum signing keys allow for signing a single message but not two. Naturally, these quantum signing keys would require storage in long-term quantum memory. Very recently, the first OSS was constructed in a classical oracle model and also in the standard model, but we observe that the quantum memory required for these protocols is quite large. In this work, we significantly decrease the quantum secret key size, in some cases achieving asymptotically optimal size. To do so, we develop novel techniques for proving the security of cryptosystems using coset states, which are one of the main tools used in unclonable cryptography.

Summary

The paper presents a quantum signing algorithm that reduces key size from quadratic to linear scaling through parallel measurement and error correction with coset states.
It employs folding techniques for coset partition functions to compress input sizes, achieving optimal quantum key sizes under both oracle and standard model assumptions.
The work lowers quantum memory requirements for one-shot signatures, paving the way for practical applications in quantum copy protection and one-time programs.

Unclonable Cryptography in Linear Quantum Memory: Technical Overview and Results

Introduction

This work addresses the quantum resource requirements for unclonable cryptographic primitives, focusing on one-shot signatures (OSS) and signing tokens. Unclonable cryptography is predicated on the quantum no-cloning theorem, which enables primitives such as quantum software copy protection and one-time programs that are unattainable classically. However, a critical challenge in practical deployment is persistent quantum memory—quantum states require isolation to prevent decoherence, a significant hurdle for scalable cryptographic systems. Thus, reducing the quantum state size, specifically, the long-term quantum memory footprint, directly impacts the feasibility of quantum cryptographic protocols.

Prior constructions, notably those for OSS and quantum signature tokens, have incurred quantum key sizes at least quadratic (or worse) in the security parameter ( $\lambda$ ). This work confronts this quadratic scaling barrier, achieving asymptotically optimal quantum key sizes— $O(\lambda)$ in the classical oracle setting and $O(\lambda^2)$ or $O(\lambda)$ in the standard model under different sets of cryptographic assumptions.

Technical Contributions

1. Quantum Signing Algorithm for Parallel Multi-Bit Signing

Previous OSS constructions resorted to bitwise signing, where each message bit required a distinct quantum state and correspondingly entangled qubits. This inherently led to $O(\lambda^2)$ scaling for signing $\lambda$ -bit messages. The present work devises a signing algorithm that utilizes a single quantum state to sign multi-bit messages—reducing the memory footprint by a factor of $\lambda$ .

The novel algorithm proceeds iteratively, measuring substrings of the quantum signing state and correcting the positions that do not match the target message codeword using dual subspace oracles. The correction procedure exploits the structure of coset states and dual subspaces such that the algorithm can "re-entropize" incorrect positions with constant expected trials per bit. By embedding error-correcting codes into the signing process, the algorithm can, after a constant number of parallel rounds, correct all but a negligible fraction of bits. The verification step accepts signatures within a fixed Hamming distance of a valid codeword, leveraging the minimum distance of random linear codes for collision-resistance.

2. Security Reductions and Coset Partition Functions

The security proofs hinge on demonstrating strong unforgeability—adversaries cannot produce multiple signatures for the same public key. This is formally reduced to the collision-resistance of non-collapsing hash functions and coset partition functions (CPF). Prior work required a CPF with preimage sets of size $2^\lambda$ and input size $\lambda^2$ , resulting in quadratic key scaling. This work introduces "folding" techniques for CPF, whereby input vectors are mapped to compressed representations (folded cosets) of size $O(\lambda)$ bits with reversible mappings. This enables the construction of affine subspaces compatible with efficient signing and secure reductions, mitigating the input size bottleneck.

Security analyses further generalize subspace-hiding obfuscation to subspace-hiding functions, proving that adversaries with polynomial quantum queries cannot distinguish between oracles for specific subspaces and random superspaces, except with negligible probability. Information-theoretic and computational lower bounds are developed that quantify these indistinguishabilities.

3. Standard Model Constructions Under Cryptographic Assumptions

Optimal quantum key scaling in the standard model is somewhat orthogonal to unconstrained oracle models, as practical hardness assumptions must defend against exponential-time quantum adversaries. The work analyzes three distinct instantiations:

Quasi-Linear Quantum Keys ( $O(\lambda \log\lambda)$ or $O(\lambda^2)$ ): Attainable under sub-exponentially secure indistinguishability obfuscation (iO), exponentially secure one-way functions, and "optimally-secure" learning with errors (LWE). Here, limitations arise in standard LWE-based two-to-one functions due to their noise-modulus ratios and dimensional scaling relative to $\lambda$ .
Linear Quantum Keys ( $O(\lambda)$ ): Achievable when further assuming the existence of exponentially secure decomposable trapdoor two-to-one functions and exponentially secure lossy functions. If these assumptions can be met (e.g., obfuscated permutable PRPs acting as ideal trapdoors), the memory footprint can be reduced to linear.
Explicit Trade-offs: The work comprehensively tracks the impact of parameter selection on attack complexity, success probabilities, key size, and computational feasibility, ensuring clear quantification for provable security against $2^\lambda$ -time adversaries.

Performance Metrics and Implementation Considerations

Quantum Key Size: The dominant result is that the quantum signing key size can match the security parameter, $O(\lambda)$ , in the oracle setting and, under conjectured trapdoor primitives, in the standard model.
Signature Generation: The parallel signing algorithm's expected rounds scale as $O(1)$ due to error-correcting coding, and the measurements/corrections for each bit are independent, enabling full parallelization.
Security Losses: The work's security reduction achieves collision-resistance bounds of $O(poly(T)/2^\lambda)$ for adversaries making $T$ quantum queries—exponential hardness in $\lambda$ .
Computational Assumptions: For standard model deployments, instantiating the necessary trapdoor functions and lossy functions outside the random oracle framework remains an open problem but is plausible using obfuscated PRPs and the heuristic assumption of ideal obfuscators.

Implications and Future Directions

The methods herein substantially lower the quantum resources required for unclonable primitives, expanding their potential practicality as quantum memory technology evolves. This applies not only to OSS and signature tokens but also to broader primitives leveraging coset states (e.g., quantum copy protection, one-time programs, and quantum obfuscation). Additionally, the folding techniques and security analyses for subspace-hiding functions offer tools transferable to other quantum cryptographic constructions where dimensionality bottlenecks and collision-resistance reductions are key issues.

Critical open challenges include explicit realization of exponentially secure decomposable trapdoor functions fitting the necessary criteria in the standard model and extending parallel signing techniques to achieve perfect correctness. Furthermore, any advances in physical quantum memory stability will immediately benefit from the lowered memory requirements these constructions afford.

Conclusion

"Unclonable Cryptography in Linear Quantum Memory" provides explicit constructions and supporting proofs that break the quadratic barrier for persistent quantum memory in unclonable cryptographic primitives. By introducing parallel, multi-bit quantum signing algorithms and folding coset partition functions, the work achieves optimal or near-optimal quantum key sizes under precise threat models and cryptographic assumptions. These advances significantly reduce the resource overhead for quantum cryptography, making unclonable primitives more amenable to real-world implementation and fostering further research into efficient quantum memory utilization for advanced cryptographic tasks.