Papers
Topics
Authors
Recent
Search
2000 character limit reached

Quantum Tokens: Cryptographic Security Primitives

Updated 4 July 2026
  • Quantum tokens are cryptographic primitives that encode bearer authority in non-orthogonal quantum states, ensuring unforgeability via the no-cloning theorem.
  • Various protocol families—such as qtickets, tokenized signatures, and spacetime tokens—employ tailored verification procedures to support secure payments and digital signatures.
  • Quantum tokens facilitate secure electronic transactions and one-time computational controls, bridging advanced hardware architectures with practical cryptographic applications.

Quantum tokens are cryptographic or payment primitives in which the bearer’s authority is encoded in quantum states rather than in duplicable classical data. In the contemporary literature, the term encompasses quantum banknotes, quantum money, quantum coins, tokenized signatures, S-money, semi-quantum currencies, and one-time program tokens. Across these variants, the central mechanism is the same: a token is associated with non-orthogonal quantum states whose unauthorized copying is limited by the no-cloning theorem and by measurement disturbance, while acceptance is defined by verification procedures with explicit completeness, robustness, and soundness or unforgeability parameters (Kukharchyk et al., 11 Feb 2026). Since Wiesner’s 1983 proposal, the area has expanded from abstract money schemes to noise-tolerant tickets, signing tokens, relativistic spacetime tokens, digital-payment cryptograms, hardware-specific architectures in diamond and superconducting platforms, and verification models that eliminate or reduce classical side information (Pastawski et al., 2011).

1. Definition and security model

A general formulation treats a token as a serial-numbered quantum object prepared from a secret code-book. In the perspective formulation, a bank samples a private ensemble of NN states {ψib}i=1N\{\ket{\psi_i^b}\}_{i=1}^N and issues

ρb=i=1Nψib ⁣ψib,\rho^b=\bigotimes_{i=1}^N \ket{\psi_i^b}\!\bra{\psi_i^b},

or, in noisy settings, a mixed-state density operator on HN\mathcal{H}^{\otimes N} (Kukharchyk et al., 11 Feb 2026). In tokenized-signature language, the primitive is a four-algorithm scheme

$(\mpk,\msk)\xleftarrow{\KeyGen}(1^\lambda),\quad (\pk,\tau)\xleftarrow{\TokenGen}(\msk),\quad \sigma\xleftarrow{\Sign}(\tau,m),\quad b=\Verify(\mpk,\pk,m,\sigma),$

where the signing token τ\tau is consumed during $\Sign$ (Sattath, 2022).

The core security notions are closely aligned across money, authentication, and signing variants. Correctness or completeness requires an honestly issued token to be accepted with high probability. Soundness or unforgeability requires that an adversary cannot obtain two valid presentations, two valid signatures, or more valid redemptions than the number of tokens held, except with negligible probability. For qtickets, acceptance is threshold-based: if bib_i indicates whether qubit ii was measured in the correct eigenstate, then the token is accepted iff

b1FtolN|\mathbf b|_1 \ge F_{\rm tol}N

for a chosen tolerance fidelity {ψib}i=1N\{\ket{\psi_i^b}\}_{i=1}^N0 (Pastawski et al., 2011). In relativistic and payment settings, further notions appear, including user privacy, near-instant validation, robustness against losses, and history-dependent classical verification (Jiang et al., 2024).

The no-cloning theorem is necessary but not sufficient as a stand-alone security statement. Practical security is always mediated by explicit thresholds, challenge structures, or oracle models. This is evident in schemes that quantify honest acceptance by channel fidelities, bound forgery by optimal cloning fidelities, or require basis-matching statistics and reporting rules to control loss-dependent attacks (Pastawski et al., 2011).

2. Canonical protocol families

The modern literature contains several distinct protocol families that share the quantum-token label but differ in state structure, verification mode, and intended functionality.

Family Token resource Verification mode
Qtickets / cv-qtickets Product states over single-qubit alphabets or paired-qubit blocks Trusted physical deposit or classical challenge-response
Tokenized signatures / TMAC Single-use signing states such as hidden-subspace states or BB84 states Classical signature or MAC verification
Spacetime and payment tokens Measured BB84 data retained as private classical information Local classical validation at a chosen spacetime point
Hardware and vault tokens Spin, photonic, ensemble, or paired-copy states Platform-specific threshold tests, Bell/SWAP tests, or population statistics

The earliest practically oriented noise-tolerant family is the qticket/cv-qticket framework. A qticket consists of

{ψib}i=1N\{\ket{\psi_i^b}\}_{i=1}^N1

while a cv-qticket is built from blocks of qubit pairs chosen from

{ψib}i=1N\{\ket{\psi_i^b}\}_{i=1}^N2

and is verified through classical basis challenges rather than by returning the token itself (Pastawski et al., 2011). This family established explicit tolerable-noise thresholds and exponentially decaying forging probabilities.

A second family replaces “money” by limited-use signing authority. In the hidden-subspace tokenized-signature construction, a random {ψib}i=1N\{\ket{\psi_i^b}\}_{i=1}^N3-dimensional subspace {ψib}i=1N\{\ket{\psi_i^b}\}_{i=1}^N4 defines the token {ψib}i=1N\{\ket{\psi_i^b}\}_{i=1}^N5, and signing consumes the token by measuring either in the computational basis or, after {ψib}i=1N\{\ket{\psi_i^b}\}_{i=1}^N6, in the dual basis (Ben-David et al., 2016). The same work gives a full syntax for public tokenized signatures, together with revocability, testability, and everlasting revocation, and estimates security growth as {ψib}i=1N\{\ket{\psi_i^b}\}_{i=1}^N7 with token size {ψib}i=1N\{\ket{\psi_i^b}\}_{i=1}^N8 qubits (Ben-David et al., 2016). In the symmetric-key setting, tokenized MACs instantiate single-use delegated signing with BB84 states and tolerate up to {ψib}i=1N\{\ket{\psi_i^b}\}_{i=1}^N9 noise; the construction is existentially unforgeable against adversaries with signing and verification oracles, assuming post-quantum one-way functions exist (Behera et al., 2021).

A broader abstraction is the quantum one-time token for arbitrary randomized classical computation. In that construction, a fixed-size unclonable token authorizes exactly one evaluation of a randomized function ρb=i=1Nψib ⁣ψib,\rho^b=\bigotimes_{i=1}^N \ket{\psi_i^b}\!\bra{\psi_i^b},0. The quantum resource depends on the security parameter rather than on the size of ρb=i=1Nψib ⁣ψib,\rho^b=\bigotimes_{i=1}^N \ket{\psi_i^b}\!\bra{\psi_i^b},1, while the classical protected program is supplied as an obfuscated circuit ρb=i=1Nψib ⁣ψib,\rho^b=\bigotimes_{i=1}^N \ket{\psi_i^b}\!\bra{\psi_i^b},2 (Gunn et al., 2024). This extends the token concept beyond payments and signatures to one-time controlled execution of randomized algorithms.

Classically verified single-use tokens form another branch. In a repetitive anonymous-token construction, all tokens minted under the same secret are identical pure states

ρb=i=1Nψib ⁣ψib,\rho^b=\bigotimes_{i=1}^N \ket{\psi_i^b}\!\bra{\psi_i^b},3

the holder measures a token in the computational basis to obtain a pair ρb=i=1Nψib ⁣ψib,\rho^b=\bigotimes_{i=1}^N \ket{\psi_i^b}\!\bra{\psi_i^b},4, and the bank accepts iff ρb=i=1Nψib ⁣ψib,\rho^b=\bigotimes_{i=1}^N \ket{\psi_i^b}\!\bra{\psi_i^b},5 and ρb=i=1Nψib ⁣ψib,\rho^b=\bigotimes_{i=1}^N \ket{\psi_i^b}\!\bra{\psi_i^b},6 is not already present in the redemption history (Gavinsky et al., 7 Oct 2025). The significance is that quantum issuance can be followed by entirely classical redemption.

3. Tokens without long-lived quantum memory

A common misconception is that quantum tokens necessarily require long-term quantum memories and long-distance quantum communication. That description is accurate for many Wiesner-style schemes, but it does not apply to S-money and related spacetime-token protocols (Kent et al., 2021). In the two-stage S-money framework, the issuer first sends BB84 states

ρb=i=1Nψib ⁣ψib,\rho^b=\bigotimes_{i=1}^N \ket{\psi_i^b}\!\bra{\psi_i^b},7

to the user, who measures immediately in randomly chosen bases and stores only classical outcomes. At a later decision point ρb=i=1Nψib ⁣ψib,\rho^b=\bigotimes_{i=1}^N \ket{\psi_i^b}\!\bra{\psi_i^b},8, the user chooses the presentation point ρb=i=1Nψib ⁣ψib,\rho^b=\bigotimes_{i=1}^N \ket{\psi_i^b}\!\bra{\psi_i^b},9, computes

HN\mathcal{H}^{\otimes N}0

and later unveils HN\mathcal{H}^{\otimes N}1 only at HN\mathcal{H}^{\otimes N}2, where the verifier checks both the BB84 consistency condition and HN\mathcal{H}^{\otimes N}3 (Kent et al., 2019). In the idealized security analysis, the commitment message is statistically independent of the presentation choice, summarized as HN\mathcal{H}^{\otimes N}4 (Kent et al., 2019).

Practical versions of S-money were implemented with off-the-shelf QKD technology. In QTHN\mathcal{H}^{\otimes N}5/QTHN\mathcal{H}^{\otimes N}6-type schemes, Bob sends BB84 pulses, Alice measures them immediately, reports the detected index set, and later uses masked classical data to enable near-instant validation at one chosen location (Kent et al., 2021). The 2024 full experimental demonstration of quantum S-tokens explicitly removed the need for quantum memories and long-distance quantum channels while preserving unforgeability, user privacy, and instant validation. The implementation used a heralded single-photon source with system efficiency HN\mathcal{H}^{\otimes N}7, measured an overall error rate HN\mathcal{H}^{\otimes N}8, chose HN\mathcal{H}^{\otimes N}9 and $(\mpk,\msk)\xleftarrow{\KeyGen}(1^\lambda),\quad (\pk,\tau)\xleftarrow{\TokenGen}(\msk),\quad \sigma\xleftarrow{\Sign}(\tau,m),\quad b=\Verify(\mpk,\pk,m,\sigma),$0, and obtained $(\mpk,\msk)\xleftarrow{\KeyGen}(1^\lambda),\quad (\pk,\tau)\xleftarrow{\TokenGen}(\msk),\quad \sigma\xleftarrow{\Sign}(\tau,m),\quad b=\Verify(\mpk,\pk,m,\sigma),$1 (Jiang et al., 2024). It further demonstrated a transaction time advantage over an intra-city $(\mpk,\msk)\xleftarrow{\KeyGen}(1^\lambda),\quad (\pk,\tau)\xleftarrow{\TokenGen}(\msk),\quad \sigma\xleftarrow{\Sign}(\tau,m),\quad b=\Verify(\mpk,\pk,m,\sigma),$2 km optical-fiber network and an inter-city $(\mpk,\msk)\xleftarrow{\KeyGen}(1^\lambda),\quad (\pk,\tau)\xleftarrow{\TokenGen}(\msk),\quad \sigma\xleftarrow{\Sign}(\tau,m),\quad b=\Verify(\mpk,\pk,m,\sigma),$3 km field-deployed fiber network, with measured advantages $(\mpk,\msk)\xleftarrow{\KeyGen}(1^\lambda),\quad (\pk,\tau)\xleftarrow{\TokenGen}(\msk),\quad \sigma\xleftarrow{\Sign}(\tau,m),\quad b=\Verify(\mpk,\pk,m,\sigma),$4 and $(\mpk,\msk)\xleftarrow{\KeyGen}(1^\lambda),\quad (\pk,\tau)\xleftarrow{\TokenGen}(\msk),\quad \sigma\xleftarrow{\Sign}(\tau,m),\quad b=\Verify(\mpk,\pk,m,\sigma),$5, respectively (Jiang et al., 2024).

Quantum-digital payment protocols similarly eliminate long-term storage by replacing a classical EMV-style token with a BB84 string

$(\mpk,\msk)\xleftarrow{\KeyGen}(1^\lambda),\quad (\pk,\tau)\xleftarrow{\TokenGen}(\msk),\quad \sigma\xleftarrow{\Sign}(\tau,m),\quad b=\Verify(\mpk,\pk,m,\sigma),$6

which the client measures on the fly in merchant-dependent bases derived from $(\mpk,\msk)\xleftarrow{\KeyGen}(1^\lambda),\quad (\pk,\tau)\xleftarrow{\TokenGen}(\msk),\quad \sigma\xleftarrow{\Sign}(\tau,m),\quad b=\Verify(\mpk,\pk,m,\sigma),$7 (Schiansky et al., 2023). Verification tests only those positions where the client’s measurement basis matches the issuer’s preparation basis, with explicit error and loss thresholds. The reported metropolitan-fiber demonstration used a $(\mpk,\msk)\xleftarrow{\KeyGen}(1^\lambda),\quad (\pk,\tau)\xleftarrow{\TokenGen}(\msk),\quad \sigma\xleftarrow{\Sign}(\tau,m),\quad b=\Verify(\mpk,\pk,m,\sigma),$8 m deployed link, measured loss $(\mpk,\msk)\xleftarrow{\KeyGen}(1^\lambda),\quad (\pk,\tau)\xleftarrow{\TokenGen}(\msk),\quad \sigma\xleftarrow{\Sign}(\tau,m),\quad b=\Verify(\mpk,\pk,m,\sigma),$9, error rates τ\tau0 in the HV basis and τ\tau1 in the DA basis, and placed the operating point inside the SDP-derived secure region (Schiansky et al., 2023).

These schemes show that the token concept bifurcates into at least two operational regimes: stored-state tokens, which preserve a quantum state until redemption, and measure-immediately tokens, in which quantum information is converted into private classical data constrained by relativistic or protocol-level structure. A plausible implication is that “quantum token” is best understood as a security principle rather than as a single storage model.

4. Physical realizations and hardware architectures

Recent work has shifted from abstract security proofs to concrete device architectures. One line uses color centers in diamond and nanophotonic cavities. In a Wiesner-style token scheme based on time-bin photonic qubits, the issuer prepares

τ\tau2

with each photonic qubit encoded as

τ\tau3

At the user side, a heralded spin-photon controlled-phase gate implemented by state-dependent reflection in a sawfish nanophotonic crystal cavity maps the photonic amplitudes into a spin register (Strocka et al., 6 Mar 2025). The proposal reports fractional optical gates with

τ\tau4

and microwave control with

τ\tau5

while a swap to a nearby nuclear spin gives τ\tau6 at the cost of an extra swap fidelity τ\tau7 and τ\tau8 (Strocka et al., 6 Mar 2025). The performance model predicts kHz token-acceptance rates under optimistic near-term improvements and, by multiplexing, potentially the MHz regime (Strocka et al., 6 Mar 2025).

A complementary architecture uses hybrid spin-photon interfaces in diamond. There, an NV-center electron spin, a nuclear-spin memory, and a time-bin photon are prepared in the tripartite entangled state

τ\tau9

followed by interferometric heralding, nuclear-spin storage, and Bell-state-measurement-based verification (Dasari et al., 10 Mar 2026). The bank records an issuance outcome $\Sign$0, later the verifier measures a teleported photonic state to obtain $\Sign$1, and acceptance is defined by

$\Sign$2

The average verification fidelity is modeled as

$\Sign$3

and with $\Sign$4, $\Sign$5, $\Sign$6, $\Sign$7, the representative value is $\Sign$8 (Dasari et al., 10 Mar 2026). The same analysis contrasts this with a purely photonic storage model yielding $\Sign$9 under identical phase noise (Dasari et al., 10 Mar 2026).

Superconducting-platform realizations have emphasized ensemble tokens and benchmarking rather than single-defect memories. In an ensemble-token protocol benchmarked on five IBM Eagle processors, the bank encodes each token as an ensemble of identical qubits rotated by

bib_i0

and authenticates by reapplying bib_i1 and thresholding the measured bib_i2 fraction (Tsunaki et al., 2024). The reported single-token forged acceptance probability is bib_i3, contrasted with bib_i4 for the bank’s own tokens, and with bib_i5 tokens even the worst tested IBMQ device gives forged acceptance below bib_i6 (Tsunaki et al., 2024).

A distinct architectural response to side-information leakage is the quantum vault. Instead of storing classical Bloch angles, the bank prepares two identical qubits in the same Haar-random state, hands one to the user, stores one in a quantum vault, and irreversibly discards the classical state description (Tsunaki et al., 5 May 2026). Authentication is performed by a consumptive SWAP test between the presented token and the vault copy. For a bill with bib_i7 token pairs and acceptance threshold bib_i8, the reported bounds are bib_i9 and ii0 even on the worst IBMQ device used in the study (Tsunaki et al., 5 May 2026).

5. Security thresholds, attack models, and limitations

Rigorous security analyses in this area are threshold-based rather than purely qualitative. In qtickets, forging two redeemable copies from one token becomes exponentially unlikely once the acceptance threshold satisfies

ii1

because the optimal universal symmetric ii2 qubit cloner has fidelity ii3 (Pastawski et al., 2011). For cv-qtickets, the complementary-basis challenge game yields the threshold

ii4

again producing exponentially small forging probability in the number of blocks (Pastawski et al., 2011). These results established a general design pattern: practical schemes require a separation

ii5

Attack models have become increasingly explicit. In ensemble-based quantum coins, a forger may split a token into subensembles, perform one-, two-, or three-measurement attacks, and optimize not for tomography fidelity but for bank acceptance probability (Bauerhenne et al., 2024). The reported simulations and IBMQ-based validation show that sophisticated attacks can substantially outperform naive estimation; for ii6, the optimal one-measurement attack gives ii7 on Osaka, the optimal two-measurement attack reaches ii8, and a fixed three-axis attack reaches ii9 (Bauerhenne et al., 2024). However, the same work proves that arbitrary security can be restored by composing many tokens into a coin, with b1FtolN|\mathbf b|_1 \ge F_{\rm tol}N0 already pushing coin-level forgery success below b1FtolN|\mathbf b|_1 \ge F_{\rm tol}N1 and b1FtolN|\mathbf b|_1 \ge F_{\rm tol}N2 giving b1FtolN|\mathbf b|_1 \ge F_{\rm tol}N3 (Bauerhenne et al., 2024).

Another limitation is that some public-key-style constructions rely on nonstandard assumptions. Hidden-subspace tokenized signatures were formulated via obfuscated subspace-membership tests, and the construction was described as relying on either a strong form of subspace-membership obfuscation in the standard model or in the oracle model, with standard-model realization left open (Ben-David et al., 2016). Quantum prudent contracts inherit this dependence when they use public tokenized-signature schemes as building blocks, while also emphasizing that one-shot signature constructions exist only in the oracle model or require non-collapsing hash functions (Sattath, 2022).

A further misconception is that the only relevant threat is direct quantum cloning. Several papers show that non-cloning alone does not protect against leakage of classical side information, bias in randomness, detector asymmetries, multi-photon loopholes, or history-dependent replay structure. S-money implementations state explicit assumptions on single-qubit preparation, factorization of preparation randomness, basis-choice independence, and detector symmetries (Kent et al., 2021). The quantum-vault model was proposed precisely because Wiesner-style schemes that retain classical descriptions can be broken by a “classical side-information attack” even without violating the no-cloning theorem (Tsunaki et al., 5 May 2026). Experimental S-token work likewise treats losses, errors, and multi-photon attacks as first-class security parameters rather than as mere engineering imperfections (Jiang et al., 2024).

6. Applications and research directions

Quantum tokens now support a broad application space extending well beyond “money.” In quantum payment schemes, a token acts as an electronic coin whose spending authority is consumed locally, eliminating blockchain consensus from the security core. Quantum prudent contracts use this property to implement restricted smart-contract functionality such as b1FtolN|\mathbf b|_1 \ge F_{\rm tol}N4-out-of-b1FtolN|\mathbf b|_1 \ge F_{\rm tol}N5 multi-signature wallets, restricted accounts that can send funds only to designated destinations, and colored coins representing tradable stocks with dividend rights (Sattath, 2022). Because each transfer consumes a quantum signing capability, these constructions aim for local verification, no mining, and unbounded throughput, while explicitly acknowledging the need for a universal large-scale quantum computer and long-term quantum memory in the most ambitious versions (Sattath, 2022).

Privacy-preserving variants extend the token model in a different direction. Anonymous quantum tokens with classical verification allow the issuing authority to mint many identical pure tokens and let users audit for hidden tracking information via swap tests before spending (Gavinsky et al., 7 Oct 2025). The same work sketches applications to anonymous one-time pads and voting (Gavinsky et al., 7 Oct 2025). Semi-quantum currency proposals similarly combine hidden-subspace-style quantum units with public oracles and smart-contract settlement, including token transfers and atomic swaps in which blockchain collateral reduces credit risk (Zhang et al., 25 Feb 2025).

One-time controlled computation is another emerging use. Quantum one-time tokens for randomized algorithms allow a holder to evaluate a randomized classical function exactly once, with a quantum token whose size is independent of the program being protected (Gunn et al., 2024). The paper explicitly identifies generative-AI-style samplers as candidate targets, provided their output distributions have sufficiently large min-entropy (Gunn et al., 2024). This suggests a convergence between tokenized cryptography and software or model access control.

From a systems perspective, current research points in two simultaneous directions. One is toward more realistic hardware: integrated memories, higher-efficiency spin-photon interfaces, spectral and spatial multiplexing, telecom conversion, and error-corrected long-lived registers (Strocka et al., 6 Mar 2025). The other is toward embedding quantum tokens within a larger information-security ecosystem, including post-quantum cryptography, classical verification, and quantum-network architectures (Kukharchyk et al., 11 Feb 2026). The central open tension is therefore not whether quantum tokens exist as a single primitive, but which combination of verification model, hardware assumption, privacy goal, and application domain yields the most credible path to deployment.

Topic to Video (Beta)

No one has generated a video about this topic yet.

Whiteboard

No one has generated a whiteboard explanation for this topic yet.

Follow Topic

Get notified by email when new papers are published related to Quantum Tokens.