Quantum Copy-Protection from Hidden Subspaces

Quantum copy-protection is an innovative idea that uses the no-cloning property of quantum information to copy-protect programs and was first put forward by [Aar09]. The general goal is that a program distributor can distribute a quantum state $|\Psi\rangle$, whose classical description is secret to the users; a user can use this state to run the program P on his own input, but not be able to pirate this program P or create another state with the same functionality. In the copy-protection with oracle setting, the user has access to a public oracle and can use the given quantum state and the oracle to compute on his/her own input for polynomially many times. However, the user is not able to produce an additional program(quantum or classical) that computes the same as P on almost all inputs. We present a first quantum copy protection scheme with a classical oracle for any unlearnable function families. The construction is based on membership oracles for hidden subspaces in $\mathbb{F}_2^n$, an idea derived from the public key quantum money scheme in[Aar12]. We prove the security of the scheme relative to a classical oracle, namely, the subspace membership oracle with the functionality of computing the secret function we want to copy-protect. The security proof builds on the quantum lower bound for the Direct-Product problem ([Aar12],[BDS16]) and the unlearnability of the copy-protected functions. We also show that existence of quantum copy protection and the quantum hardness of Learning-with-Errors (LWE) will imply publicly verifiable quantum money.