Quantum no-cloning theorem gives rise to the intriguing possibility of quantum copy protection where we encode a program in a quantum state such that a user in possession of k such states cannot create k + 1 working copies. Introduced by Aaronson (CCC 09) over a decade ago, copy protection has proven to be notoriously hard to achieve. In this work, we construct public-key encryption and functional encryption schemes whose secret keys are copy-protected against unbounded collusions in the plain model (i.e. without any idealized oracles), assuming (post-quantum) subexponentially secure iO, one-way functions and LWE. This resolves a long-standing open question of constructing fully collusion-resistant copy-protected functionalities raised by multiple previous works. Prior to our work, copy-protected functionalities were known only in restricted collusion models where either an a-priori bound on the collusion size was needed, in the plain model with the same assumptions as ours (Liu, Liu, Qian, Zhandry [TCC 22]), or adversary was only prevented from doubling their number of working programs, in a structured quantum oracle model (Aaronson [CCC 09]). We obtain our results through a novel technique which uses identity-based encryption to construct unbounded collusion resistant copy-protection schemes from 1-to-2 secure schemes. This is analogous to the technique of using digital signatures to construct full-fledged quantum money from single banknote schemes1 (Lutomirski et al. [ICS 09], Farhi et al. [ITCS 12], Aaronson and Christiano [STOC 12]). We believe our technique is of independent interest. Along the way, we also construct a puncturable functional encryption scheme whose master secret key can be punctured at all functions f such that f (m0) != f (m1). This might also be of independent interest.

翻译：量子不可克隆定理催生了量子复制保护的可能性，其中我们将程序编码为量子态，使得拥有k个此类态的用户无法创建出k+1个可工作副本。自十多年前Aaronson（CCC 09）提出以来，复制保护已被证明极难实现。在本工作中，我们构建了公钥加密和功能加密方案，其秘密密钥在普通模型（即无需任何理想化预言机）下针对无界共谋具有复制保护能力，前提假设是（后量子）次指数安全的iO、单向函数和LWE。这解决了先前多个工作提出的一个长期未决问题：构造完全抗共谋的复制保护功能。在我们之前，复制保护功能仅在受限共谋模型中可知——要么需要对共谋规模施加先验上界（在采用与本文相同假设的普通模型下，Liu, Liu, Qian, Zhandry [TCC 22]），要么仅能阻止对手将工作程序数量翻倍（在结构化量子预言机模型下，Aaronson [CCC 09]）。我们通过一种新颖技术获得成果：利用基于身份的加密，从1对2安全方案构造出无界共谋抗性复制保护方案。这类似于利用数字签名从单钞票方案构造完整量子货币的技术（Lutomirski等 [ICS 09], Farhi等 [ITCS 12], Aaronson和Christiano [STOC 12]）。我们相信该技术具有独立价值。在此过程中，我们还构建了一种可穿刺功能加密方案，其主密钥可在所有满足f(m0)≠f(m1)的函数f处被穿刺。这也可能具有独立价值。