{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,21]],"date-time":"2026-03-21T19:48:28Z","timestamp":1774122508637,"version":"3.50.1"},"reference-count":49,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Cryptol"],"published-print":{"date-parts":[[2021,1]]},"DOI":"10.1007\/s00145-020-09372-x","type":"journal-article","created":{"date-parts":[[2021,1,6]],"date-time":"2021-01-06T02:02:59Z","timestamp":1609898579000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":33,"title":["Quantum Lightning Never Strikes the Same State Twice. Or: Quantum Money from Cryptographic Assumptions"],"prefix":"10.1007","volume":"34","author":[{"given":"Mark","family":"Zhandry","sequence":"first","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,1,6]]},"reference":[{"key":"9372_CR1","unstructured":"S. Aaronson, Limitations of quantum advice and one-way communication, in Proceedings. 19th IEEE Annual Conference on Computational Complexity, 2004. (IEEE, 2004), pp. 320\u2013332."},{"key":"9372_CR2","doi-asserted-by":"crossref","unstructured":"S. Aaronson, Quantum copy-protection and quantum money, in Proceedings of the 2009 24th Annual IEEE Conference on Computational Complexity, CCC \u201909 (IEEE Computer Society, Washington, DC, 2009) pp. 229\u2013242.","DOI":"10.1109\/CCC.2009.42"},{"key":"9372_CR3","doi-asserted-by":"crossref","unstructured":"M.R. Albrecht, S. Bai, L. Ducas, A subfield lattice attack on overstretched NTRU assumptions - cryptanalysis of some FHE and graded encoding schemes, in M. Robshaw, J. Katz (eds.) Advances in Cryptology\u2014CRYPTO\u00a02016, Part\u00a0I, volume 9814 of Lecture Notes in Computer Science, Santa Barbara, CA, USA, August\u00a014\u201318, 2016 (Springer, Heidelberg, 2016), pp. 153\u2013178","DOI":"10.1007\/978-3-662-53018-4_6"},{"key":"9372_CR4","doi-asserted-by":"crossref","unstructured":"S. Aaronson, P. Christiano, Quantum money from hidden subspaces, in H.J. Karloff, T. Pitassi (eds.) 44th Annual ACM Symposium on Theory of Computing, New York, NY, USA, May\u00a019\u201322, 2012 (ACM Press, New York), pp. 41\u201360","DOI":"10.1145\/2213977.2213983"},{"key":"9372_CR5","doi-asserted-by":"crossref","unstructured":"R. Amos, M. Georgiou, A. Kiayias, M. Zhandry, One-shot signatures and applications to hybrid quantum\/classical authentication, in Proceedings of STOC 2020 (2020)","DOI":"10.1145\/3357713.3384304"},{"key":"9372_CR6","unstructured":"B. Applebaum, N. Haramaty, Y. Ishai, E. Kushilevitz, V. Vaikuntanathan, Low-complexity cryptographic hash functions, in C.H. Papadimitriou (ed.) ITCS 2017: 8th Innovations in Theoretical Computer Science Conference, Berkeley, CA, USA, January\u00a09\u201311, 2017, vol. 4266 (LIPIcs, 2017), pp. 7:1\u20137:31"},{"key":"9372_CR7","doi-asserted-by":"crossref","unstructured":"G. Alagic, C. Majenz, A. Russell, F. Song, Quantum-access-secure message authentication via blind-unforgeability, in A. Canteaut, Y. Ishai (eds.) Advances in Cryptology\u2014EUROCRYPT\u00a02020, Part\u00a0III, volume 12107 of Lecture Notes in Computer Science, Zagreb, Croatia, May\u00a010\u201314, 2020 (Springer, Heidelberg, 2020), pp. 788\u2013817","DOI":"10.1007\/978-3-030-45727-3_27"},{"key":"9372_CR8","doi-asserted-by":"crossref","unstructured":"A. Ambainis, A. Rosmanis, D. Unruh, Quantum attacks on classical proof systems: the hardness of quantum rewinding, in 55th Annual Symposium on Foundations of Computer Science, Philadelphia, PA, USA, October\u00a018\u201321, 2014 (IEEE Computer Society Press, Washington, DC, 2014), pp. 474\u2013483","DOI":"10.1109\/FOCS.2014.57"},{"issue":"4","key":"9372_CR9","doi-asserted-by":"publisher","first-page":"51","DOI":"10.1145\/36068.36070","volume":"18","author":"CH Bennett","year":"1987","unstructured":"C.H. Bennett, G. Brassard, Quantum public key distribution reinvented. SIGACT News 18(4), 51\u201353 (1987)","journal-title":"SIGACT News"},{"issue":"5","key":"9372_CR10","doi-asserted-by":"publisher","first-page":"1510","DOI":"10.1137\/S0097539796300933","volume":"26","author":"CH Bennett","year":"1997","unstructured":"C.H. Bennett, E. Bernstein, G. Brassard, U. Vazirani, Strengths and weaknesses of quantum computing. SIAM J. Comput. 26(5), 1510\u20131523 (1997)","journal-title":"SIAM J. Comput."},{"key":"9372_CR11","doi-asserted-by":"crossref","unstructured":"Z. Brakerski, P. Christiano, U. Mahadev, U.V. Vazirani, T. Vidick, A cryptographic test of quantumness and certifiable randomness from a single quantum device, in M. Thorup (ed.) 59th Annual Symposium on Foundations of Computer Science, Paris, France, October\u00a07\u20139, 2018 (IEEE Computer Society Press, Washington, DC), pp. 320\u2013331","DOI":"10.1109\/FOCS.2018.00038"},{"key":"9372_CR12","unstructured":"E. Boyle, K.-M. Chung, R. Pass, On extractability obfuscation, in Y. Lindell (ed.) TCC\u00a02014: 11th Theory of Cryptography Conference, volume 8349 of Lecture Notes in Computer Science, San Diego, CA, USA, February\u00a024\u201326, 2014 (Springer, Heidelberg, 2014), pp. 52\u201373"},{"key":"9372_CR13","unstructured":"S. Ben-David, O. Sattath, Quantum tokens for digital signatures (2016)"},{"key":"9372_CR14","doi-asserted-by":"crossref","unstructured":"B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S.P. Vadhan, K. Yang, On the (im)possibility of obfuscating programs, in J. Kilian (ed.) Advances in Cryptology\u2014CRYPTO\u00a02001, volume 2139 of Lecture Notes in Computer Science, Santa Barbara, CA, USA, August\u00a019\u201323, 2001 (Springer, Heidelberg, 2001), pp. 1\u201318","DOI":"10.1007\/3-540-44647-8_1"},{"key":"9372_CR15","unstructured":"J. Bartusek, J. Guan, F. Ma, M. Zhandry, Return of GGH15: provable security against zeroizing attacks, in A. Beimel, S. Dziembowski (eds.) TCC\u00a02018: 16th Theory of Cryptography Conference, Part\u00a0II, volume 11240 of Lecture Notes in Computer Science, Panaji, India, November\u00a011\u201314, 2018 (Springer, Heidelberg, 2018), pp. 544\u2013574"},{"key":"9372_CR16","doi-asserted-by":"crossref","unstructured":"Z. Brakerski, V. Vaikuntanathan, H. Wee, D. Wichs, Obfuscating conjunctions under entropic ring LWE, in M. Sudan (ed.) ITCS 2016: 7th Conference on Innovations in Theoretical Computer Science, Cambridge, MA, USA, January\u00a014\u201316, 2016 (Association for Computing Machinery), pp. 147\u2013156","DOI":"10.1145\/2840728.2840764"},{"key":"9372_CR17","doi-asserted-by":"crossref","unstructured":"D. Boneh, M. Zhandry, Quantum-secure message authentication codes, in T. Johansson, P.Q. Nguyen (eds,) Advances in Cryptology\u2014EUROCRYPT\u00a02013, volume 7881 of Lecture Notes in Computer Science, Athens, Greece, May\u00a026\u201330, 2013 (Springer, Heidelberg, 2013), pp. 592\u2013608","DOI":"10.1007\/978-3-642-38348-9_35"},{"key":"9372_CR18","doi-asserted-by":"crossref","unstructured":"D. Boneh, M. Zhandry, Secure signatures and chosen ciphertext security in a quantum computing world, in R. Canetti, J.A. Garay (eds.) Advances in Cryptology\u2014CRYPTO\u00a02013, Part\u00a0II, volume 8043 of Lecture Notes in Computer Science, Santa Barbara, CA, USA, August\u00a018\u201322, 2013 (Springer, Heidelberg, 2013), pp. 361\u2013379","DOI":"10.1007\/978-3-642-40084-1_21"},{"key":"9372_CR19","doi-asserted-by":"crossref","unstructured":"R. Cramer, L. Ducas, C. Peikert, O. Regev, Recovering short generators of principal ideals in cyclotomic rings, in M. Fischlin, J.-S. Coron (eds.) Advances in Cryptology\u2014EUROCRYPT\u00a02016, Part\u00a0II, volume 9666 of Lecture Notes in Computer Science, Vienna, Austria, May\u00a08\u201312, 2016 (Springer, Heidelberg, 2016), pp. 559\u2013585","DOI":"10.1007\/978-3-662-49896-5_20"},{"key":"9372_CR20","doi-asserted-by":"crossref","unstructured":"Y. Chen, C. Gentry, S. Halevi, Cryptanalyses of candidate branching program obfuscators, in J.-S. Coron, J.B. Nielsen (eds.) Advances in Cryptology\u2014EUROCRYPT\u00a02017, Part\u00a0III, volume 10212 of Lecture Notes in Computer Science, Paris, France, April\u00a030\u2013May\u00a04, 2017 (Springer, Heidelberg, 2017), pp. 278\u2013307","DOI":"10.1007\/978-3-319-56617-7_10"},{"key":"9372_CR21","doi-asserted-by":"crossref","unstructured":"J.H. Cheon, J. Jeong, C. Lee, An algorithm for CSPR problems and cryptanalysis of the GGH multilinear map without an encoding of zero. Technical report, Cryptology ePrint Archive, Report 2016\/139 (2016)","DOI":"10.1112\/S1461157016000371"},{"key":"9372_CR22","doi-asserted-by":"crossref","unstructured":"J.-S. Coron, T. Lepoint, M. Tibouchi, Practical multilinear maps over the integers, in R. Canetti, J.A. Garay (eds) Advances in Cryptology\u2014CRYPTO\u00a02013, Part\u00a0I, volume 8042 of Lecture Notes in Computer Science, Santa Barbara, CA, USA, August\u00a018\u201322, 2013 (Springer, Heidelberg, 2013), pp. 476\u2013493","DOI":"10.1007\/978-3-642-40041-4_26"},{"key":"9372_CR23","unstructured":"R. Colbeck, Quantum and relativistic protocols for secure multi-party computation (2009)"},{"key":"9372_CR24","doi-asserted-by":"publisher","first-page":"297","DOI":"10.22331\/q-2020-07-16-297","volume":"4","author":"A Coladangelo","year":"2020","unstructured":"A. Coladangelo, O. Sattath, A quantum money solution to the blockchain scalability problem, Quantum 4, 297 (2020)","journal-title":"Quantum"},{"key":"9372_CR25","doi-asserted-by":"crossref","unstructured":"I. Damg\u00e5rd, J. Funder, J.B. Nielsen, L. Salvail, Superposition attacks on cryptographic protocols, in C. Padr\u00f3 (ed.) ICITS 13: 7th International Conference on Information Theoretic Security, volume 8317 of Lecture Notes in Computer Science, Singapore, 2014 (Springer, Heidelberg, 2014), pp. 142\u2013161","DOI":"10.1007\/978-3-319-04268-8_9"},{"key":"9372_CR26","first-page":"358","volume-title":"Multivariates Polynomials for Hashing","author":"J Ding","year":"2008","unstructured":"J. Ding, B.-Y. Yang, Multivariates Polynomials for Hashing (Springer, Berlin, 2008), pp. 358\u2013371"},{"issue":"19","key":"9372_CR27","doi-asserted-by":"publisher","first-page":"190503","DOI":"10.1103\/PhysRevLett.105.190503","volume":"105","author":"E Farhi","year":"2010","unstructured":"E. Farhi, D. Gosset, A. Hassidim, A. Lutomirski, D. Nagaj, P. Shor, Quantum state restoration and single-copy tomography for ground states of hamiltonians, Phys. Rev. Lett. 105(19), 190503 (2010)","journal-title":"Phys. Rev. Lett."},{"key":"9372_CR28","doi-asserted-by":"crossref","unstructured":"E. Farhi, D. Gosset, A. Hassidim, A. Lutomirski, P.W. Shor, Quantum money from knots, in S. Goldwasser (ed.), ITCS 2012: 3rd Innovations in Theoretical Computer Science, Cambridge, MA, USA, January\u00a08\u201310, 2012 (Association for Computing Machinery, 2012), pp. 276\u2013289","DOI":"10.1145\/2090236.2090260"},{"key":"9372_CR29","doi-asserted-by":"crossref","unstructured":"D. Gavinsky, Quantum money with classical verification (2011)","DOI":"10.1109\/CCC.2012.10"},{"key":"9372_CR30","doi-asserted-by":"crossref","unstructured":"S. Garg, C. Gentry, S. Halevi, Candidate multilinear maps from ideal lattices, in T. Johansson, P.Q. Nguyen (eds.) Advances in Cryptology\u2014EUROCRYPT\u00a02013, volume 7881 of Lecture Notes in Computer Science, Athens, Greece, May\u00a026\u201330, 2013 (Springer, Heidelberg, 2013), pp. 1\u201317","DOI":"10.1007\/978-3-642-38348-9_1"},{"key":"9372_CR31","doi-asserted-by":"crossref","unstructured":"S. Garg, C. Gentry, S. Halevi, M. Raykova, A. Sahai, B. Waters, Candidate indistinguishability obfuscation and functional encryption for all circuits, in 54th Annual Symposium on Foundations of Computer Science, Berkeley, CA, USA, October\u00a026\u201329, 2013 (IEEE Computer Society Press, Washington, DC), pp. 40\u201349","DOI":"10.1109\/FOCS.2013.13"},{"key":"9372_CR32","doi-asserted-by":"crossref","unstructured":"C. Gentry, S. Gorbunov, S. Halevi, Graph-induced multilinear maps from lattices, in Y. Dodis, J.B. Nielsen (eds.) TCC\u00a02015: 12th Theory of Cryptography Conference, Part\u00a0II, volume 9015 of Lecture Notes in Computer Science, Warsaw, Poland, March\u00a023\u201325, 2015 (Springer, Heidelberg, 2015), pp. 498\u2013527","DOI":"10.1007\/978-3-662-46497-7_20"},{"key":"9372_CR33","unstructured":"R. Goyal, V. Koppula, B. Waters, Lockable obfuscation. Cryptology ePrint Archive, Report 2017\/274 (2017). http:\/\/eprint.iacr.org\/2017\/274."},{"key":"9372_CR34","doi-asserted-by":"crossref","unstructured":"S. Garg, H. Yuen, M. Zhandry, New security notions and feasibility results for authentication of quantum data, in J. Katz, H. Shacham (eds.) Advances in Cryptology\u2014CRYPTO\u00a02017, Part\u00a0II, volume 10402 of Lecture Notes in Computer Science, Santa Barbara, CA, USA, August\u00a020\u201324, 2017 (Springer, Heidelberg), pp. 342\u2013371","DOI":"10.1007\/978-3-319-63715-0_12"},{"key":"9372_CR35","unstructured":"M. Hayashi, Optimal sequence of povms in the sense of stein\u2019s lemma in quantum hypothesis testing. arXiv preprint quant-ph\/0107004 (2001)"},{"key":"9372_CR36","unstructured":"A. Lutomirski, S. Aaronson, E. Farhi, D. Gosset, J.A. Kelner, A. Hassidim, P.W. Shor, Breaking and making quantum money: toward a new quantum cryptographic protocol, in A.C.-C. Yao (ed.) ICS 2010: 1st Innovations in Computer Science, Tsinghua University, Beijing, China, January\u00a05\u20137, 2010 (Tsinghua University Press, Beijing, 2010), pp. 20\u201331"},{"key":"9372_CR37","unstructured":"A. Lutomirski, An online attack against wiesner\u2019s quantum money (2010)"},{"key":"9372_CR38","doi-asserted-by":"crossref","unstructured":"Q. Liu, M. Zhandry, Revisiting post-quantum Fiat-Shamir, in A. Boldyreva, D. Micciancio (eds.) Advances in Cryptology\u2014CRYPTO\u00a02019, Part\u00a0II, volume 11693 of Lecture Notes in Computer Science, Santa Barbara, CA, USA, August\u00a018\u201322, 2019 (Springer, Heidelberg, 2019), pp. 326\u2013355","DOI":"10.1007\/978-3-030-26951-7_12"},{"issue":"1","key":"9372_CR39","doi-asserted-by":"publisher","first-page":"267","DOI":"10.1137\/S0097539705447360","volume":"37","author":"D Micciancio","year":"2007","unstructured":"D. Micciancio, O. Regev, Worst-case to average-case reductions based on gaussian measures. SIAM J. Comput. 37(1), 267\u2013302 (2007)","journal-title":"SIAM J. Comput."},{"key":"9372_CR40","unstructured":"M. Mosca, D. Stebila, Quantum coins. 523, 35\u201347 (2010)"},{"key":"9372_CR41","unstructured":"M.C. Pena, J.-C. Faug\u00e8re, L. Perret, Algebraic cryptanalysis of a quantum money scheme: the noise-free case, in J. Katz (ed.) PKC\u00a02015: 18th International Conference on Theory and Practice of Public Key Cryptography, volume 9020 of Lecture Notes in Computer Science, Gaithersburg, MD, USA, March\u00a030\u2013April\u00a01, 2015 (Springer, Heidelberg, 2015), pp. 194\u2013213"},{"key":"9372_CR42","doi-asserted-by":"crossref","unstructured":"O. Regev, On lattices, learning with errors, random linear codes, and cryptography, in H.N. Gabow, R. Fagin (eds.) 37th Annual ACM Symposium on Theory of Computing, Baltimore, MA, USA, May\u00a022\u201324, 2005 (ACM Press, New York), pp. 84\u201393","DOI":"10.1145\/1060590.1060603"},{"key":"9372_CR43","unstructured":"S.R.R. Leander, F. Wiemer. Personal communication (2019)"},{"key":"9372_CR44","unstructured":"B. Roberts, Toward secure quantum money (2019)"},{"key":"9372_CR45","doi-asserted-by":"crossref","unstructured":"D. Unruh, Revocable quantum timed-release encryption, in P.Q. Nguyen, E. Oswald (eds.) Advances in Cryptology\u2014EUROCRYPT\u00a02014, volume 8441 of Lecture Notes in Computer Science, Copenhagen, Denmark, May\u00a011\u201315, 2014 (Springer, Heidelberg, 2014), pp. 129\u2013146","DOI":"10.1007\/978-3-642-55220-5_8"},{"key":"9372_CR46","doi-asserted-by":"crossref","unstructured":"Dominique Unruh. Computationally binding quantum commitments, in M. Fischlin, J.-S. Coron, (eds.) Advances in Cryptology\u2014EUROCRYPT\u00a02016, Part\u00a0II, volume 9666 of Lecture Notes in Computer Science, Vienna, Austria, May\u00a08\u201312, 2016 (Springer, Heidelberg, 2016), pp. 497\u2013527","DOI":"10.1007\/978-3-662-49896-5_18"},{"issue":"1","key":"9372_CR47","doi-asserted-by":"publisher","first-page":"78","DOI":"10.1145\/1008908.1008920","volume":"15","author":"S Wiesner","year":"1983","unstructured":"S. Wiesner, Conjugate coding. SIGACT News 15(1), 78\u201388 (1983)","journal-title":"SIGACT News"},{"issue":"7","key":"9372_CR48","doi-asserted-by":"publisher","first-page":"2481","DOI":"10.1109\/18.796385","volume":"45","author":"A Winter","year":"1999","unstructured":"A.\u00a0Winter, Coding theorem and strong converse for quantum channels. IEEE Trans. Inf. Theor. 45(7), 2481\u20132485 (1999)","journal-title":"IEEE Trans. Inf. Theor."},{"key":"9372_CR49","unstructured":"D. Wichs, G. Zirdelis, Obfuscating compute-and-compare programs under LWE. Cryptology ePrint Archive, Report 2017\/276 (2017). http:\/\/eprint.iacr.org\/2017\/276."}],"container-title":["Journal of Cryptology"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-020-09372-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s00145-020-09372-x\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-020-09372-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,12,10]],"date-time":"2022-12-10T18:04:21Z","timestamp":1670695461000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s00145-020-09372-x"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,1]]},"references-count":49,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2021,1]]}},"alternative-id":["9372"],"URL":"https:\/\/doi.org\/10.1007\/s00145-020-09372-x","relation":{},"ISSN":["0933-2790","1432-1378"],"issn-type":[{"value":"0933-2790","type":"print"},{"value":"1432-1378","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,1]]},"assertion":[{"value":"11 November 2019","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"25 November 2020","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"30 November 2020","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"6 January 2021","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}],"article-number":"6"}}