An adaptive attack on Wiesner's quantum money

Unlike classical money, which is hard to forge for practical reasons (e.g. producing paper with a certain property), quantum money is attractive because its security might be based on the no-cloning theorem. The first quantum money scheme was introduced by Wiesner circa 1970. Although more sophisticated quantum money schemes were proposed, Wiesner’s scheme remained appealing because it is both conceptually clean as well as relatively easy to implement. We show efficient adaptive attacks on Wiesner’s quantum money scheme [Wie83] (and its variant by Bennett et al. [BBBW83]), when valid money is accepted and passed on, while invalid money is destroyed. We propose two attacks, the first is inspired by the Elitzur-Vaidman bomb testing problem [EV93, KWH95], while the second is based on the idea of protective measurements [AAV93]. It allows us to break Wiesner’s scheme with 4 possible states per qubit, and generalizations which use more than 4 states per qubit. The attack shows that Wiesner’s scheme can only be safe if the bank replaces valid notes after validation.