Uncloneable encryption, first introduced by Broadbent and Lord (TQC 2020) is
a quantum encryption scheme in which a quantum ciphertext cannot be distributed
between two non-communicating parties such that, given access to the decryption
key, both parties cannot learn the underlying plaintext. In this work, we
introduce a variant of uncloneable encryption in which several possible
decryption keys can decrypt a particular encryption, and the security
requirement is that two parties who receive independently generated decryption
keys cannot both learn the underlying ciphertext. We show that this variant of
uncloneable encryption can be achieved device-independently, i.e., without
trusting the quantum states and measurements used in the scheme, and that this
variant works just as well as the original definition in constructing quantum
money. Moreover, we show that a simple modification of our scheme yields a
single-decryptor encryption scheme, which was a related notion introduced by
Georgiou and Zhandry. In particular, the resulting single-decryptor encryption
scheme achieves device-independent security with respect to a standard
definition of security against random plaintexts. Finally, we derive an
"extractor" result for a two-adversary scenario, which in particular yields a
single-decryptor encryption scheme for single bit-messages that achieves
perfect anti-piracy security without needing the quantum random oracle model.Comment: Issue found in application of the extractor technique to uncloneable
encryption; corresponding claims have been removed. Added generalization of
our results to single-decryptor encryption, in which the extractor technique
can indeed be applie