Publicly-verifiable quantum money has been a central focus in quantum cryptography. To date, no constructions for this primitive exist based on standard assumptions. In this study, we propose an alternative notion which we refer to as $\textit{quantum cheques}$ (QCs). A quantum cheque can be verified using a public-key but only by a single user. Specifically, the payer signs the quantum cheque for a particular recipient using their ID, and the recipient can validate it without the assistance of the bank, ensuring that the payer cannot assign the same cheque to another user with a different ID. Unlike quantum money, QCs only necessitate quantum communication when a cheque is issued by the bank, meaning all payments and deposits are entirely classical! We demonstrate how to construct QCs based on the well-studied learning-with-errors (LWE) assumption. In the process, we build two novel primitives which are of independent interest. Firstly, we construct $\textit{signatures with publicly-verifiable deletion}$ under LWE. This primitive enables the signing of a message $m$ such that the recipient can produce a classical string that publicly proves the inability to reproduce a signature of $m$. We then demonstrate how this primitive can be used to construct $\textit{2-message signature tokens}$. This primitive enables the production of a token that can be used to sign a single bit and then self-destructs. Finally, we show that 2-message signature tokens can be used to construct QCs.

翻译：公开可验证的量子货币一直是量子密码学的核心关注点。迄今为止，基于标准假设尚不存在该原语的任何构造。在本研究中，我们提出了一种替代概念，称为$\textit{量子支票}$（QCs）。量子支票可以使用公钥进行验证，但仅限单一用户使用。具体而言，付款方使用接收方的ID对量子支票进行签名，接收方无需银行协助即可验证支票，确保付款方不能将同一张支票分配给具有不同ID的其他用户。与量子货币不同，QCs仅在银行签发支票时需要量子通信，这意味着所有支付和存款过程完全是经典的！我们展示了如何基于研究成熟的学习与错误（LWE）假设构造QCs。在此过程中，我们构建了两个具有独立价值的新原语。首先，我们基于LWE构造了$\textit{具有公开可验证删除功能的签名}$。该原语允许对消息$m$进行签名，使得接收方能够生成一个经典字符串，公开证明其无法再生成$m$的签名。接着，我们演示了如何利用该原语构造$\textit{2消息签名令牌}$。该原语可生成一个令牌，用于对单个比特进行签名后自动销毁。最后，我们证明2消息签名令牌可用于构造QCs。