# Quantum Dollars use Uncertainty to Create Certainty

By Eric Wolff | December 13, 2010 4:29 am

Without getting into the ethics of WikiLeak’s activities, I’m disturbed that Visa, MasterCard and PayPal have all seen fit to police the organization by refusing to act as a middleman for donations.  The whole affair drives home how dependent we are on a few corporations to make e-commerce function, and how little those corporations guarantee us anything in the way of rights.

In the short term, we may be stuck, but in the longer term, quantum money could help solve the problems by providing a secure currency that can be used without resort to a broker.

Physicist Steve Wiesner first proposed the concept of quantum money in 1969. He realized that since quantum states can’t be copied, their existence opens the door to unforgeable money.

Here’s how MIT computer scientist Scott Aaronson explained the principles:

Heisenberg’s famous Uncertainty Principle says you can either measure the position of a particle or its momentum, but not both to unlimited accuracy. One consequence of the Uncertainty Principle is the so-called No-Cloning Theorem: there can be no “subatomic Xerox machine” that takes an unknown particle, and spits out two particles with exactly the same position and momentum as the original one (except, say, that one particle is two inches to the left). For if such a machine existed, then we could determine both the position and momentum of the original particle—by measuring the position of one “Xerox copy” and the momentum of the other copy. But that would violate the Uncertainty Principle.

…Besides an ordinary serial number, each dollar bill would contain (say) a few hundred photons, which the central bank “polarized” in random directions when it issued the bill. (Let’s leave the engineering details to later!) The bank, in a massive database, remembers the polarization of every photon on every bill ever issued. If you ever want to verify that a bill is genuine, you just take it to the bank”

At this point I should mention that this stuff is all bark and no bite —- theory has vastly exceeded the actual engineering of quantum computers or quantum much of anything engineered, so when I said long term, I meant decades, at least.

But that doesn’t make it any less interesting to ponder. So, Aaronson’s description of quantum money leaves us with same middleman problem. We need a way to check the bill’s authenticity without having to bring it to the bank or any other central institution, and yet still have it be difficult to forge.

As it happens, we have a solution to a version of this problem in today’s secure online transactions. In principle we rely on the difficulty of factoring. It’s easy to multiply two numbers and get a third number. If the third number is really large, it’s computationally time consuming to factor it and find the original two numbers — unless you already have one of the numbers. Using prime numbers as public and private keys, we can send secure transactions all over the Internet, and as long as our computational power does grow exponentially, we can feel relatively secure.

Quantum computing uses a similarly computationally difficult trick, thanks to knot theory. Edward Farhi, David Gosset, Avinatan Hassidim, Andrew Lutomirski, and Peter Shor* published a paper on this technique in 2009, and Technology Review summarized it well:

“Their quantum cash is based on a new kind of asymmetry: that two identical knots can look entirely different. So while it may be easy to make either knot, it is hard to find a way to transform one into the other.”

(Paper authors) Farhi and co. say: “The purported security of our quantum money scheme is based on the assumption that given two different looking but equivalent knots, it is difficult to explicitly find a transformation that takes one to the other.”

Under the proposal, a bank could mint money with a serial number and a partially recorded quantum state. A merchant with a quantum computer could check the money by applying an algorithm using knot theory that went looking for a mathematically identical knot. If the states and the knots match, the money can be accepted.

A friend of mine, who happens to be a knot theory mathematician and who sent me the Farhi paper in the first place, made a good point over email that the authors don’t discuss exactly how we’re going to pass this quantum money around. They mention that paper money could be minted, but how will we pay quantum money over the quantum Internet?  Well, a question for future research, I imagine.

For whatever reason, few sci-fi creators have much to say on the subject of money in the future. Usually they’ve gone to a paperless currency (which does seem like the end point of current trends), and they have some kind of charge card or an account that can be accessed with a biometric security protocol. Beyond that, money is just assumed.  But this always left me unnerved because it left control of money in the Visas and MasterCards of the world.

But with quantum money? We take back our dollars.

*Shor is well known for Shor’s Algorithm, which showed that a quantum computer could factor numbers much faster than a classical computer.

CATEGORIZED UNDER: Computers, Electronics

1. At this point I should mention that this stuff is all bark and no bite —- theory has vastly exceeded the actual engineering of quantum computers or quantum much of anything engineered, so when I said long term, I meant decades, at least.

Some are hopeful…

2. Terry

I’m disturbed that Visa, MasterCard and PayPal have all seen fit to police the organization by refusing to act as a middleman for donations.

I’m no more disturbed by this than I am by the actions of Wikileaks itself. Wikileaks is a private organization that has taken upon itself to attack the actions of a public institution. Visa, Mastercard, and Paypal are all private organizations that have taken upon themselves to attack the actions of another private organization. Ultimately, the same rights that Wikileaks lives by are now driving the actions of other private organizations.

Otherwise, I did love the concepts of the article. I do wish that we could move further forward in quantum computing.

3. Nullius in Verba

There’s a perfectly feasible (if convoluted) way of implementing anonymous digital money without requiring any science-fiction quantum technology. It’s based on blind signatures.

A blind signature is a way to digitally sign an encrypted message in such a way that it can be decrypted while retaining the signature. Think of it as a carbon-paper envelope. You put your message on a slip of paper, put it inside the envelope, and seal it. You give it to somebody else and they sign the outside of the envelope. Anybody can check that the signature is valid. When you get it back, you unseal the envelope and find the slip of paper inside has also been signed, because of the carbon paper. Any crypto guru will be able to tell you how to implement it.

So for the basic payment scheme, one party – let’s call her Alice – creates some unsigned paper in her own name. Each slip of paper says “Pay Alice \$1” and has a long random serial number. She blinds them (puts them in envelopes) and puts the ‘money blanks’ up on her public website.

Whenever somebody wants to pay Alice some money – Bob, for example – he takes one of Alice’s money blanks from her website (marks it so nobody else will take the same one), and blinds it again by putting it in his own envelope. He then takes it to the bank, and says “Sign this, in exchange for a dollar from my account”. The bank checks Bob’s balance, subtracts \$1 from it, and signs Bob’s envelope. Bob now has a signed envelope, and he (or anybody else) can check the signature on it to see that it is valid. He removes his own envelope, and offers it to Alice in exchange for the goods.

Alice can check the bank’s signature on the envelope, and check it against the list of money blanks on her website, to see that it is valid money made out to her. At any time convenient to her, she can take it to the bank, who will check the signature, check the serial number to see it hasn’t been submitted before, and give her the money. Transaction complete.

The bank has absolutely no way to tell who either Bob or Alice is doing business with. Neither Alice nor Bob have any need – nor any way to determine – each other’s true identity. The bank signs doubly-encrypted envelopes in exchange for ‘real’ money, and pays ‘real’ money for signed money slips. Bob picks up an opaque money blank off some website and gets it signed. Alice gets a signed money slip anonymously across the internet (or in her shop, from a wifi-capable phone). Nobody needs to know who anybody else really is.

Not only that, but the protocol can be chained. Meet Carol. She plans on some later date to do business with Alice, so she takes some of the money blanks from Alice’s website, puts them in her own envelope, and then puts them up as money blanks on her own website. Bob now engages in a transaction with Carol, getting one of these money slips signed and sending it to Carol. She can of course check the bank’s signature on the envelope, and be sure the money has been paid. Later, she can use the endorsed money slip in a separate transaction with Alice.

The bank has absolutely no interaction with Carol, and neither Alice nor Bob need know who she is!

What’s more, anybody can act as a bank, so long as they are willing to give and take commodities of independent value (such as ‘real’ money issued by another bank) on account with lots of people.

Of course, governments regulate the whole banking business to stop people setting up their own independent currencies without their beneficent oversight, so all of the above is totally illegal. Don’t do it. Really.

Now on to our prize quiz question this week: so do you think banks should be more tightly regulated by the government?
Answers in a signed, sealed envelope to…

4. Matt B.

I feel sorry for Ted, being left out of Nullius’ story.

My idea for futuristic money is to have electronic transactions transfer identifiable currency, not just transfer amounts. So each penny would be, say an 800-bit number (so a million dollars would take only 10 GB of memory space). The first 50 digits would be enough to identify a penny while including a simple check algorithm. (This would allow a business to catch any dumbass counterfeiter on the spot.) The other 750 digits ensure that anyone generating a huge list of counterfeit pennies would have approximately zero hits out of every trillion dollars they generate when the pennies are thoroughly checked by the bank. Tracking numbers that identify who has had that penny could aid the police in finding attempted counterfeiters. Banks can erase the tracking tags after the thorough check, so only if currency is passed person to person (through a serialized person payment device that adds a tag) do the tags add up to a significant share of memory storage.

5. Nullius in Verba

#4,

Why would you want the currency identifiable? My proposal above provides the sort of check against counterfeiting you propose, without it being traceable. Counterfeiting would be impossible. There would be no counterfeiters for the police to catch.

The big problem with digital money is not counterfeiting, but double payment. Given a genuine piece of digital money, what is to stop you using the same money to pay lots of different people? Every one of them will pass the check algorithm, because every one of them will be genuine – the same genuine money.

6. Matt B.

#5.

You also said it’s illegal, and as far as I can tell it required physical objects.

In answer to the second part, probably some sort of record of whether a penny has been used twice in one day. But usually, the use of money wouldn’t be by sending from your e-wallet to someone else’s e-wallet, but rather an authorization for the transfer of funds from your bank account to the other person’s, just as it’s done now, only with ID’d currency.

7. Nullius in Verba

#6,

Ah. Understood. Perhaps I didn’t make that clear.

It doesn’t require physical objects. The ‘envelopes’ are just an analogy for people unfamiliar with strange encryption systems. The maths is all a bit abstruse and mind-boggling, and it’s easier to comprehend what’s going on if it’s expressed in terms of more intuitively familiar objects. Everything is digital data.

The illegality is not associated with this particular system, it applies to any alternative currency, not licensed by the governments of the world. Your proposal would be illegal too, without a licence which you’d be unlikely to get. My point was that we have the technology to do this today – any programmer could sit down and write code to implement it, and people could just start using it – and nobody would have to invent any cooled atom traps to store quantum qubits for months or years to act as money. That’s pure science fiction, at the moment. But having just shown that it was perfectly feasible to do it today, I didn’t want some smart reader thinking it was a great idea and just going off and doing it, and potentially getting into trouble.

If you don’t mind it being traced by the government (and shut down if the government don’t like you), you can do it even more simply. Email a message to the bank saying “Pay \$x to account number y, valid on date z” and sign it with a digital signature.

8. Matt B.

The electronic pennies would actually be “minted” by the government, making it more legal than having cash printed by the Fed. The main problem would be bankers getting involved in money laundering and embezzlement. But at least they’re far fewer than the whole population.

As to your last paragraph, that’s basically what we do now when we slide a card at a store or restaurant. It bugs me that they run your card and then you finish determining the amount by writing in the tip. It seems like abuse would be easy, though I’m not sure my system could do any better.

9. Vikram Teva Raj

#2,

Your view goes a long way towards helping me understand why I have to keep telling people that government is feasible.

NEW ON DISCOVER
OPEN
CITIZEN SCIENCE