How does this contribution differentiate from https://arxiv.org/abs/1604.01383? This work just seems way too early + applying quantum-safe crypto to existing Bitcoin ECDSA seems like an easier and more practical solution.
Meant to add the 'your' as a way to generalize the statement. It's fine if English is not his first language, that's why you have others proof read before publishing. If there wasn't much effort to edit, I tend to presume there wasn't much effort put into it more generally.
What an exciting proposition— if you can use quantum teleportation to solve double-spending, then you don't need mining at all! You don't even need proof-of-stake.
It's unclear to me why one might want to use quantum blockchain-based money when there are reasonable proposals for blockchain-free quantum money, e.g. [1].
In any event, I didn't bother reading most of the qBitcoin paper because of things like this:
> First of all, we need to consider how to transmit a coin made of quantum information. The best way, at the present, will be to employ quantum teleportation [2, 3], which succeeds in transforming quantum information to remote places. Great benefit to use the quantum teleportation is that the quantum information cannot remain the original place, in other words, it is impossible for a transmitter to keep the original quantum data once if the quantum information is sent.
This is nonsense. It's like saying that you can transmit a file by mailing a USB stick, which absolutely guarantees that you, the sender, no longer have the original file. That's wrong -- all that mailing a USB stick guarantees is that you don't have the USB stick any more, not that you didn't keep a copy of the contents. Similarly, quantum teleportation eats the input state but says nothing about any other copies of the input state that may exist.
I think the author was talking about the no cloning theorem. It is true. If you have a few qubits (representing money) and you don't know their state then you can't send the coin and retain a copy.
That's only a little bit true. You need a much stricter condition to adequately describe "don't know the state". In any event, this has nothing to do with teleportation.
> That's wrong -- all that mailing a USB stick guarantees is that you don't have the USB stick any more, not that you didn't keep a copy of the contents.
On paper, no-cloning theorem means you aren't able to make a copy of the contents. However, the obvious downside of this scheme is that it requires all coins to always remain as a qubit when stored -- otherwise you can re-generate the coin. Also you can't have more than one photon to contain said signal (maybe there's some coherence trick you can pull, but I've read several papers that have found that most quantum cryptography has been broken -- especially cryptography that depends on being able to detect measurement and no-cloning theorem).
I'm generally skeptical of quantum cryptography when it depends on physical properties of qubits to provide its security, simply because previous research has shown that claims of security are broken very soon afterwards.
> However, the obvious downside of this scheme is that it requires all coins to always remain as a qubit when stored
It requires a lot more than that. Among other things, it requires that you be unable to convert your coin to and from some classical representation.
> I'm generally skeptical of quantum cryptography when it depends on physical properties of qubits to provide its security, simply because previous research has shown that claims of security are broken very soon afterwards.
What do you mean by "physical properties of quits"? There are a lot of breaks of QKD, but they're breaking the implementation, not the underlying concept.
What's needed is a real quantum computer that can process its incoming signal in such a way that it guarantees that the incoming qubit is really a qubit and not, say, a bright flash of light.
> It's unclear to me why one might want to use quantum blockchain-based money when there are reasonable proposals for blockchain-free quantum money, e.g. [1].
I haven't had a chance to read through your paper in full yet, but by the looks of it your proposed protocol appears to require the user of the currency to trust the mint. Please correct me if I'm wrong.
In this protocol, the mint produces a list of valid serial numbers of coins, and the mint can't make more than one coin per serial number. The upshot is that you don't really have to trust the mint.
P.S. They describe a property where the money can't be cloned which seems to be further explored in this paper which the author has commented on this thread (see amluto).
42 comments
[ 3.2 ms ] story [ 102 ms ] threadTo the moon.
[1] https://en.wikipedia.org/wiki/Fsn_(file_manager)#/media/File...
A typo in the abstract makes it pretty unlikely that I'll read your proposal.
Glass houses, and all that sort of stuff.
In any event, I didn't bother reading most of the qBitcoin paper because of things like this:
> First of all, we need to consider how to transmit a coin made of quantum information. The best way, at the present, will be to employ quantum teleportation [2, 3], which succeeds in transforming quantum information to remote places. Great benefit to use the quantum teleportation is that the quantum information cannot remain the original place, in other words, it is impossible for a transmitter to keep the original quantum data once if the quantum information is sent.
This is nonsense. It's like saying that you can transmit a file by mailing a USB stick, which absolutely guarantees that you, the sender, no longer have the original file. That's wrong -- all that mailing a USB stick guarantees is that you don't have the USB stick any more, not that you didn't keep a copy of the contents. Similarly, quantum teleportation eats the input state but says nothing about any other copies of the input state that may exist.
[1] https://arxiv.org/abs/1004.5127 (disclaimer: I'm an author)
On paper, no-cloning theorem means you aren't able to make a copy of the contents. However, the obvious downside of this scheme is that it requires all coins to always remain as a qubit when stored -- otherwise you can re-generate the coin. Also you can't have more than one photon to contain said signal (maybe there's some coherence trick you can pull, but I've read several papers that have found that most quantum cryptography has been broken -- especially cryptography that depends on being able to detect measurement and no-cloning theorem).
I'm generally skeptical of quantum cryptography when it depends on physical properties of qubits to provide its security, simply because previous research has shown that claims of security are broken very soon afterwards.
It requires a lot more than that. Among other things, it requires that you be unable to convert your coin to and from some classical representation.
> I'm generally skeptical of quantum cryptography when it depends on physical properties of qubits to provide its security, simply because previous research has shown that claims of security are broken very soon afterwards.
What do you mean by "physical properties of quits"? There are a lot of breaks of QKD, but they're breaking the implementation, not the underlying concept.
What's needed is a real quantum computer that can process its incoming signal in such a way that it guarantees that the incoming qubit is really a qubit and not, say, a bright flash of light.
I haven't had a chance to read through your paper in full yet, but by the looks of it your proposed protocol appears to require the user of the currency to trust the mint. Please correct me if I'm wrong.
Is using quantum token signature, i'm not sure how different this is from ellcrys.
In practice they aren't.
See
http://www.qudev.ethz.ch/content/QSIT15/Q_Cryptography_Q_Hac...
https://phys.org/news/2015-12-quantum-cryptography-vulnerabl...
P.S. They describe a property where the money can't be cloned which seems to be further explored in this paper which the author has commented on this thread (see amluto).
https://arxiv.org/pdf/1004.5127.pdf (Quantum Money from Knots) .