What level of trust in the bank is needed in "Quantum Money from Hidden Subspaces" of Aaronson and Christiano?
The bank's mint works by first generating a uniformly random classical secret string $r$, and then generating a banknote $\$_r=(S_r,\rho_r)$. The authors state that the bank can generate many identical banknotes by simply reusing the secret $r$.
But after the currency is distributed, is $r$ needed, either by the bank or by the users, ever again? If so, does the bank need to keep it safe and secure? If not, should the bank "forget" or destroy the secret $r$ used in the mini-scheme, lest it fall into a forger's hand?
Can the mint use $r$ to produce many coins with a specific serial number $S_r$, potentially targeting a specific holder of currency for devaluation?
Can the users of the currency know how many coins are actively in circulation, without having to trust the mint?
The authors of Hidden Subspaces note that in "Quantum Money from Knots" of Farhi, Gosset, Hassidim, Lutomirski, and Shor, not even the mint is likely able to generate two identical banknotes.
But I think that the inability of banks to copy their own currency is a feature, not a bug, of "Quantum Money from Knots", because the actions of the mint are public and known. The total amount of currency is known; no secret $r$ is needed to be kept safe or destroyed; the mint can "destroy" a coin by removing it from the public list of serial numbers (Alexander polynomials,) but cannot target a coin for devaluation by minting many copies.