Title:Quantum Copy-Protection from Hidden Subspaces

Abstract:Quantum copy-protection is an innovative idea that uses the no-cloning property of quantum information to copy-protect programs and was first put forward by \cite{aaronson2009quantum}. The general goal is that a program distributor can distribute a quantum state $|\Psi\rangle$, whose classical description is secret to the users; a user can use this state to run the program P on his own input, but not be able to pirate this program P or create another state with the same functionality. In the copy-protection with oracle setting, the user has access to a public oracle and can use the given quantum state and the oracle to compute on his/her own input for polynomially many times. However, the user is not able to produce an additional program(quantum or classical) that computes the same as P on almost all inputs.
We present a first quantum copy protection scheme with a classical oracle for any unlearnable function families. The construction is based on membership oracles for hidden subspaces in $\mathbb{F}_2^n$, an idea derived from the public key quantum money scheme in \cite{aaronson2012quantum}. We prove the security of the scheme relative to a classical oracle, namely, the subspace membership oracle with the functionality of computing the secret function we want to copy-protect. The security proof builds on the quantum lower bound for the Direct-Product problem (\cite{aaronson2012quantum,ben2016quantum}) and the quantumly unlearnability of the copy-protected functions.
We also show that existence of quantum copy protection and the quantum hardness of Learning-with-Errors (LWE) will imply publicly verifiable quantum money.