Publicly-verifiable quantum money has been a central and challenging goal in quantum cryptography. To this day, no constructions exist based on standard assumptions. In this study, we propose an alternative notion called quantum cheques (QCs) that is more attainable and technologically feasible. A quantum cheque can be verified using a public-key but only by a single user. Specifically, the payer signs the quantum cheque for a particular recipient using their ID, and the recipient can validate it without the assistance of the bank, ensuring that the payer cannot assign the same cheque to another user with a different ID. Unlike quantum money, QCs only necessitate quantum communication when a cheque is issued by the bank, meaning all payments and deposits are entirely classical! We demonstrate how to construct QCs based on the well-studied learning-with-errors (LWE) assumption. In the process, we build two novel primitives which are of independent interest. Firstly, we construct signatures with publicly-verifiable deletion under LWE. This primitive enables the signing of a message $m$ such that the recipient can produce a classical string that publicly proves the inability to reproduce a signature of $m$. We then demonstrate how this primitive can be used to construct 2-message signature tokens. This primitive enables the production of a token that can be used to sign a single bit and then self-destructs. Finally, we show that 2-message signature tokens can be used to construct QCs.

翻译：公开可验证的量子货币一直是量子密码学中核心且具有挑战性的目标。迄今为止，尚无基于标准假设的构造方案。在本研究中，我们提出了一种更易实现且技术可行的替代概念——量子支票（QCs）。量子支票可使用公钥验证，但仅限单一用户。具体而言，付款方使用接收方的ID为量子支票签名，接收方无需银行协助即可验证该支票，从而确保付款方无法将同一张支票分配给具有不同ID的其他用户。与量子货币不同，QCs仅在银行签发支票时需要量子通信，这意味着所有支付和存款过程完全基于经典通信！我们展示了如何基于经过充分研究的带错误学习（LWE）假设来构造QCs。在此过程中，我们构建了两个具有独立价值的新型原语。首先，我们基于LWE构造了具有公开可验证删除功能的签名。该原语允许对消息$m$进行签名，使接收方能够生成一个经典字符串，公开证明其无法复现$m$的签名。随后，我们展示了如何利用该原语构造两轮消息签名令牌。该原语可生成一个令牌，用于签名单个比特后自行销毁。最后，我们证明两轮消息签名令牌可用于构造QCs。