Quantum Software Copy-Protection Scott Aaronson (MIT) |

Slides:



Advertisements
Similar presentations
Quantum Money Scott Aaronson (MIT) Based partly on joint work with Ed Farhi, David Gosset, Avinatan Hassidim, Jon Kelner, Andy Lutomirski, and Peter Shor.
Advertisements

Closed Timelike Curves Make Quantum and Classical Computing Equivalent
Quantum Lower Bounds You probably Havent Seen Before (which doesnt imply that you dont know OF them) Scott Aaronson, UC Berkeley 9/24/2002.
Quantum Lower Bound for the Collision Problem Scott Aaronson 1/10/2002 quant-ph/ I was born at the Big Bang. Cool! We have the same birthday.
Quantum Lower Bounds The Polynomial and Adversary Methods Scott Aaronson September 14, 2001 Prelim Exam Talk.
How Much Information Is In Entangled Quantum States? Scott Aaronson MIT |
The Learnability of Quantum States Scott Aaronson University of Waterloo.
Quantum Versus Classical Proofs and Advice Scott Aaronson Waterloo MIT Greg Kuperberg UC Davis | x {0,1} n ?
Quantum Copy-Protection and Quantum Money Scott Aaronson (MIT) | | | Any humor in this talk is completely unintentional.
Hawking Quantum Wares at the Classical Complexity Bazaar Scott Aaronson (MIT)
The Future (and Past) of Quantum Lower Bounds by Polynomials Scott Aaronson UC Berkeley.
The Learnability of Quantum States Scott Aaronson University of Waterloo.
SPEED LIMIT n Quantum Lower Bounds Scott Aaronson (UC Berkeley) August 29, 2002.
The Power of Quantum Advice Scott Aaronson Andrew Drucker.
Lower Bounds for Local Search by Quantum Arguments Scott Aaronson.
Multilinear Formulas and Skepticism of Quantum Computing Scott Aaronson UC Berkeley IAS.
Limitations of Quantum Advice and One-Way Communication Scott Aaronson UC Berkeley IAS Useful?
How Much Information Is In A Quantum State? Scott Aaronson MIT |
Quantum Double Feature Scott Aaronson (MIT) The Learnability of Quantum States Quantum Software Copy-Protection.
Lower Bounds for Local Search by Quantum Arguments Scott Aaronson (UC Berkeley) August 14, 2003.
An Invitation to Quantum Complexity Theory The Study of What We Cant Do With Computers We Dont Have Scott Aaronson (MIT) QIP08, New Delhi BQP NP- complete.
Impagliazzos Worlds in Arithmetic Complexity: A Progress Report Scott Aaronson and Andrew Drucker MIT 100% QUANTUM-FREE TALK (FROM COWS NOT TREATED WITH.
A Full Characterization of Quantum Advice Scott Aaronson Andrew Drucker.
New Evidence That Quantum Mechanics Is Hard to Simulate on Classical Computers Scott Aaronson Parts based on joint work with Alex Arkhipov.
Pretty-Good Tomography Scott Aaronson MIT. Theres a problem… To do tomography on an entangled state of n qubits, we need exp(n) measurements Does this.
How to Solve Longstanding Open Problems In Quantum Computing Using Only Fourier Analysis Scott Aaronson (MIT) For those who hate quantum: The open problems.
Scott Aaronson Institut pour l'Étude Avançée Le Principe de la Postselection.
Arthur, Merlin, and Black-Box Groups in Quantum Computing Scott Aaronson (MIT) Or, How Laci Did Quantum Stuff Without Knowing It.
QMA/qpoly PSPACE/poly: De-Merlinizing Quantum Protocols Scott Aaronson University of Waterloo.
Oracles Are Subtle But Not Malicious Scott Aaronson University of Waterloo.
The Equivalence of Sampling and Searching Scott Aaronson MIT.
Quantum Money from Hidden Subspaces Scott Aaronson (MIT) Joint work with Paul Christiano A A.
Quantum Money from Hidden Subspaces Scott Aaronson (MIT) Joint work with Paul Christiano A A.
New Developments in Quantum Money and Copy-Protected Software Scott Aaronson (MIT) Joint work with Paul Christiano A A.
Scott Aaronson (MIT) Based on joint work with John Watrous (U. Waterloo) BQP PSPACE Quantum Computing With Closed Timelike Curves.
Private-Key Quantum Money Scott Aaronson (MIT). Ever since theres been money, thereve been people trying to counterfeit it Previous work on the physics.
Quantum Money from Hidden Subspaces Scott Aaronson and Paul Christiano.
Many-to-one Trapdoor Functions and their Relations to Public-key Cryptosystems M. Bellare S. Halevi A. Saha S. Vadhan.
Quantum Information and the PCP Theorem Ran Raz Weizmann Institute.
Spreading Alerts Quietly and the Subgroup Escape Problem Aleksandr Yampolskiy (Yale) Joint work with James Aspnes, Zoë Diamadi, Kristian Gjøsteen, and.
Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.
COMP 553: Algorithmic Game Theory Fall 2014 Yang Cai Lecture 21.
Scott Aaronson (MIT) Forrelation A problem admitting enormous quantum speedup, which I and others have studied under various names over the years, which.
Complexity 18-1 Complexity Andrei Bulatov Probabilistic Algorithms.
RELATIVIZATION CSE860 Vaishali Athale. Overview Introduction Idea behind “Relativization” Concept of “Oracle” Review of Diagonalization Proof Limits of.
1 Constructing Pseudo-Random Permutations with a Prescribed Structure Moni Naor Weizmann Institute Omer Reingold AT&T Research.
Quantum Algorithms II Andrew C. Yao Tsinghua University & Chinese U. of Hong Kong.
How to play ANY mental game
Quantum Computing MAS 725 Hartmut Klauck NTU TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: A A A A.
Algorithms Artur Ekert. Our golden sequence H H Circuit complexity n QUBITS B A A B B B B A # of gates (n) = size of the circuit (n) # of parallel units.
1 Information Security – Theory vs. Reality , Winter Lecture 10: Garbled circuits and obfuscation Eran Tromer Slides credit: Boaz.
Quantum algorithms vs. polynomials and the maximum quantum-classical gap in the query model.
Quantum Computing MAS 725 Hartmut Klauck NTU
Pseudo-random generators Talk for Amnon ’ s seminar.
An Introduction to Quantum Computation Sandy Irani Department of Computer Science University of California, Irvine.
多媒體網路安全實驗室 Variations of Diffie-Hellman Problem Proceedings of ICICS 2003, LNCS 2836, Springer-Verlag, 2003, pp. 301–312 Feng Bao, Robert H. Deng, Huafei.
Quantum Computing and the Limits of the Efficiently Computable Scott Aaronson (MIT) Papers & slides at
Theory of Computational Complexity Yusuke FURUKAWA Iwama Ito lab M1.
Complexity-Theoretic Foundations of Quantum Supremacy Experiments
Scott Aaronson (MIT) QIP08, New Delhi
A low cost quantum factoring algorithm
Topic 14: Random Oracle Model, Hashing Applications
NP-Completeness Yin Tat Lee
Black Holes, Firewalls, and the Complexity of States and Unitaries
Quantum Computing and the Quest for Quantum Computational Supremacy
On the Efficiency of 2 Generic Cryptographic Constructions
Indistinguishability by adaptive procedures with advice, and lower bounds on hardness amplification proofs Aryeh Grinberg, U. Haifa Ronen.
NP-Completeness Yin Tat Lee
Impossibility of SNARGs
Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Lecture 4 (2005) Richard Cleve DC 653
Presentation transcript:

Quantum Software Copy-Protection Scott Aaronson (MIT) |

Many people have a legitimate interest in keeping their intellectual property from being copied… But if quantum mechanics isnt physics in the usual senseif its not about matter, or energy, or waves then what is it about? Well, from my perspective, its about information, probabilities, and observables, and how they relate to each other.

Classically: Giving someone a program that they can use but not copy is fundamentally impossible (tell that to Sony/BMG…) Quantumly: Well, its called the No-Cloning Theorem for a reason… Question: Given a Boolean function f:{0,1} n {0,1}, can you give your customers a state | f that lets them evaluate f, but doesnt let them prepare more states from which f can be evaluated? Can they use the state more than once? Answer: Certainly, if they buy poly(n) copies of it Note: Were going to have to make computational assumptions

Example where quantum copy-protection seems possible Consider the class of point functions: f s (x)=1 if x=s, f s (x)=0 otherwise Encode s by a permutation such that 2 =e. Choose 1,…, k uniformly at random. Then give your customers the following state: Given any permutation, I claim one can use | to test whether = with error probability 2 -k On the other hand, | doesnt seem useful for preparing additional states with the same property Theorem: This scheme is provably secure, under the assumption that it cant be broken. (Assumption is related to, but stronger than, the hardness of the Hidden Subgroup Problem over S n )

Example where quantum copy- protection is not possible Let G be a finite group, for which we can efficiently prepare |G (a uniform superposition over the elements) Let H be a subgroup with |H| |G|/polylog|G| Given |H, Watrous showed one can efficiently decide membership in H Given an element x G, check whether H|Hx is 0 or 1 Furthermore: given a program to decide membership in H, one can efficiently prepare |H First prepare |G, then postselect on membership in H Conclusion: Any program to decide membership in H can be pirated! But apparently, only by a fully quantum pirate

Speculation: Every class of functions can be quantumly copy-protected, except the ones that cant for trivial reasons (i.e., the ones that are quantumly learnable from inputs and outputs) Main Result [A. 2034]: There exists a quantum oracle relative to which this speculation is correct Thus, even if it isnt, we wont be able to prove that by any quantumly relativizing technique Second application of my proof techniques [Mosca-Stebila]: Provably unforgeable quantum money (Provided theres a quantum oracle at the cash register)

For each circuit C, choose a meaningless quantum label | C uniformly at random Our quantum oracle will map | C |x |0 to | C |x |C(x) (and also |C |0 to |C | C ) Intuitively, then, having | C is just the same as having a black box for C Goal: Show that if C is not learnable, then | C cant be pirated To prove this, we need to construct a simulator, which takes any quantum algorithm that pirates | C, and converts it into an algorithm that learns C Handwaving Proof Idea

Ingredient #1 in the simulator construction: Complexity-Theoretic No-Cloning Theorem Theorem: Suppose a quantum algorithm is given an n- qubit state |, and can also access a quantum oracle U that recognizes | (i.e., U| = -| and U| = | for all | =0). Then the algorithm still needs ~2 n/2 queries to U to prepare any state having non-negligible overlap with | | Observation: Contains both the No-Cloning Theorem and the optimality of Grover search as special cases! Proof Idea: A new generalization of Ambainiss quantum adversary method, to the case where the starting state already has some information about the answer

Ingredient #2: Pseudorandom States Clearly the | p s can be prepared in polynomial time Lemma: If p is chosen uniformly at random, then | p looks like a completely random n-qubit state - Even if we get polynomially many copies of | p - Even if we query the quantum oracle, which depends on | p So the simulator can use | p s in place of | C s where p is a degree-d univariate polynomial over GF(2 n ) for some d=poly(n), and p 0 (x) is the leading bit of p(x)

Future Directions Get rid of the oracle! Clarify the relationship between copy-protection and obfuscation The constant error regime: what is information-theoretically possible? DUNCE DUNCE

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.