A Note on Publicly Verifiable Quantum Money with Low Quantum Computational Resources (2512.21304v1)

Abstract: In this work we present a publicly verifiable quantum money protocol which assumes close to no quantum computational capabilities. We rely on one-time memories which in turn can be built from quantum conjugate coding and hardware-based assumptions. Specifically, our scheme allows for a limited number of verifications and also allows for quantum tokens for digital signatures. Double spending is prevented by the no-cloning principle of conjugate coding states. An implementation of the concepts presented in this work can be found at https://github.com/neverlocal/otm_billz.

• The paper introduces a quantum money protocol that leverages one-time memories and conjugate coding to enable publicly verifiable transactions.
• The scheme minimizes quantum resource requirements by using single-qubit preparations common in QKD systems, enhancing practical deployment.
• The design ensures formal unforgeability and extends to quantum tokens for digital signatures, paving the way for viable digital cash applications.

Publicly Verifiable Quantum Money with Minimal Quantum Resources

Introduction and Context

The paper "A Note on Publicly Verifiable Quantum Money with Low Quantum Computational Resources" (2512.21304) addresses persistent challenges in quantum money protocols, specifically the gap between private-key and public-key schemes and the impracticality of implementations requiring extensive quantum computational capabilities. The proposed approach leverages quantum one-time memories (OTMs), realized via conjugate coding and secure hardware, to enable publicly verifiable quantum money with bounded verification and low quantum resource requirements. Importantly, verification does not require sophisticated quantum processors, but merely the ability to prepare, transmit, and measure single-qubit states in orthogonal bases—a capability already common in QKD infrastructure. This significantly increases practicality relative to previous quantum money constructions requiring general-purpose quantum computation.

Technical Construction

Core Primitives and Conjugate Coding

The scheme exploits two quantum data encodings: the Z- and X-bases on the Bloch sphere, which are maximally unbiased. Single-qubit states are encoded using randomly chosen basis bits, such that proper measurement reveals the bit value with certainty, but measurement in the wrong basis yields uninformative noise. This property underlies conjugate coding, allowing the transmission of classical data in a manner that is fundamentally unclonable, enforced by the quantum no-cloning theorem.

One-Time Memories

OTMs are a pivotal cryptographic primitive: they encode two secret values such that only one can be accessed—chosen by the measurement basis—while the other remains inaccessible. In this work, OTMs are constructed using conjugate coding and stateless, tamper-resistant hardware (TEEs). The security of the overall approach hinges on both the integrity of the hardware and the quantum properties of the states involved. Compromise of hardware only affects specific OTMs, rather than systemic security.

Quantum Money Scheme

The quantum banknote construction bundles several OTMs with classical metadata: signed hashes of OTM pre-images, which serve as unforgeable tags. Each OTM encodes a pair of classical hash pre-images. Verification is performed via a cut-and-choose protocol: subsets of OTMs are randomly selected and challenged, requiring the reveal of pre-images that hash to signed values. Double spending is prevented both by the no-cloning principle (quantum states cannot be copied for reuse) and by the collision-resistance of the hash functions. The scheme supports up to $N$ verifications, where each round consumes a subset of OTMs, bounding the lifetime of the banknote.

Formal Unforgeability

Unforgeability relies on the hardness of producing both pre-images for the same OTM when challenged on different bases, which would require breaking simulation security of the OTM or hash collision resistance. Thus, a QPT adversary cannot double-spend with non-negligible probability.

Quantum Tokens for Digital Signatures

The scheme generalizes to quantum tokens for digital signatures (QTDS), enabling single-use quantum states for signing. This is achieved with negligible modification to the banknote construction: signing consumes a majority of unused OTMs, producing a signature verifiable using only classical means. Applications include notary proofs, auditable fund allocations, and betting schemes, where the quantum nature enforces single-use.

Practical Implications and Bottlenecks

Quantum memory remains the main bottleneck for real-world deployment, as coherence times for qubit states must match anticipated transaction frequencies under commercial conditions. Existing technologies support coherence slightly beyond milliseconds in non-extreme environments, sufficient for specialized scenarios like high-frequency trading. The required quantum internet infrastructure is advancing, as evidenced by ongoing national and continental-scale quantum network initiatives.

The scheme represents a significant reduction in requirements: only low-level quantum communication and storage are necessary, with all other operations remaining classical. This positions the protocol as a practical candidate for peer-to-peer, private, and consensus-free digital cash, and as an alternative to blockchain-based schemes.

Open Questions, Extensions, and Theoretical Impact

Several extensions are proposed:

• Pre-transfer Verification: A major open challenge is enabling recipients to verify quantum banknote authenticity before accepting transfer, which may require new interactive or commitment protocols.
• Resource Scaling: Current resource consumption scales linearly with verification count; reducing this to sub-linear scaling demands novel approaches.
• Infinite Verifiability: Extending the scheme to enable unlimited verifications, without increasing quantum resource requirements.
• Weaker Hardware Assumptions: Reducing or eliminating trust in hardware would broaden applicability, but remains technically challenging.
• Expanded Quantum Token Applications: Investigation into novel use cases for QTDS, including experimental implementation.

The theoretical implication is that verifiable quantum money requiring only rudimentary quantum capabilities is possible, bypassing prior reliance on full quantum computation. The approach recontextualizes quantum money as a near-term practical application for emerging quantum networks and memories.

Conclusion

This work presents a publicly verifiable quantum money protocol using low quantum computational resources, grounded in conjugate coding–based OTMs and classical cryptographic primitives. By reducing the required quantum capabilities to those within reach of current communication infrastructure, the protocol expands the feasibility and practicality of quantum currency systems. The bounded verification design and adaptation to quantum tokens for digital signatures further generalize the protocol. Outstanding engineering and foundational challenges concern quantum memory, scaling, verification, and hardware assumptions, forming a roadmap for future research and deployment. The work demonstrates that quantum money, and its derivative primitives, may soon become viable for mainstream adoption within quantum-enabled networks.