Paper 2020/452

Almost Public Quantum Coins

Amit Behera and Or Sattath


In a quantum money scheme, a bank can issue money that users cannot counterfeit. Similar to bills of paper money, most quantum money schemes assign a unique serial number to each money state, thus potentially compromising the privacy of the users of quantum money. However in a quantum coins scheme, just like the traditional currency coin scheme, all the money states are exact copies of each other, providing a better level of privacy for the users. A quantum money scheme can be private, i.e., only the bank can verify the money states, or public, meaning anyone can verify. In this work, we propose a way to lift any private quantum coin scheme -- which is known to exist based on the existence of one-way functions, due to Ji, Liu, and Song (CRYPTO'18) -- to a scheme that closely resembles a public quantum coin scheme. Verification of a new coin is done by comparing it to the coins the user already possesses, by using a projector on to the symmetric subspace. No public coin scheme was known prior to this work. It is also the first construction that is very close to a public quantum money scheme and is provably secure based on standard assumptions. The lifting technique when instantiated with the private quantum coins scheme, due to Mosca and Stebila 2010, gives rise to the first construction that is very close to an inefficient unconditionally secure public quantum money scheme.

Available format(s)
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Quantum moneyQuantum CoinsPublic Quantum Money
Contact author(s)
behera @ post bgu ac il
sattath @ post bgu ac il
2020-06-13: revised
2020-04-20: received
See all versions
Short URL
Creative Commons Attribution


      author = {Amit Behera and Or Sattath},
      title = {Almost Public Quantum Coins},
      howpublished = {Cryptology ePrint Archive, Paper 2020/452},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.