Ever since there's been money, there have been people trying to counterfeit it, and governments trying to stop them. In 1969, the physicist Stephen Wiesner raised the remarkable possibility of money whose authenticity would be guaranteed by the laws of quantum mechanics. However, the question of whether one can have secure quantum money that anyone (not only the bank) can verify has remained open for forty years. In this talk, I'll tell you about progress on the question over the last two years.
(1) I'll show that no publicly-verifiable quantum money scheme can have security based on quantum physics alone: like in most cryptography, one also needs a computational hardness assumption.
(2) I'll show that one can have quantum money that remains hard to counterfeit, even if a counterfeiter gains access to a "black box" for verifying the money.
(3) I'll describe a candidate quantum money scheme I proposed last spring, and how that scheme was recently broken by Lutomirski et al.
I'll also discuss a new class of schemes that might evade the existing attacks -- schemes with the bizarre property that not even the bank can prepare the same bill twice.
The talk is designed to be accessible to those without a quantum information background.
Reference for (1)-(2): S. Aaronson, "Quantum copy-protection and quantum money," in Proceedings of CCC'2009, http://www.scottaaronson.com/papers/noclone-ccc.pdf.
Reference for (3): A. Lutomirski, S. Aaronson, E. Farhi, D. Gosset, A.
Hassidim, J. Kelner, and P. Shor. Breaking and making quantum money:
toward a new quantum cryptographic protocol, Proceedings of Innovations in Computer Science (ICS), 2010.