Why quantum bit commitment and ideal quantum coin tossing are impossible

Abstract There had been well-known claims of unconditionally secure quantum protocols for bit commitment. However, we, and independently Mayers, showed that all proposed quantum bit commitment schemes are, in principle, insecure because the sender, Alice, can almost always cheat successfully by using an Einstein-Podolsky-Rosen (EPR) type of attack and delaying her measurements. One might wonder if secure quantum bit commitment protocols exist at all. We answer this question by showing that the same type of attack by Alice will, in principle, break any bit commitment scheme. The cheating strategy generally requires a quantum computer. We emphasize the generality of this “no-go theorem”: Unconditionally secure bit commitment schemes based on quantum mechanics-fully quantum, classical or quantum but with measurements-are all ruled out by this result. Since bit commitment is a useful primitive for building up more sophisticated protocols such as zero-knowledge proofs, our results cast very serious doubt on the security of quantum cryptography in the so-called “post-cold-war” applications. We also show that ideal quantum coin tossing is impossible because of the EPR attack. This no-go theorem for ideal quantum coin tossing may help to shed some lights on the possibility of non-ideal protocols.

[1]  Stephen Wiesner,et al.  Conjugate coding , 1983, SIGA.

[2]  Gilles Brassard,et al.  Practical Quantum Oblivious Transfer , 1991, CRYPTO.

[3]  Hoi-Kwong Lo,et al.  Quantum cryptography in noisy channels , 1995 .

[4]  Deutsch,et al.  Quantum Privacy Amplification and the Security of Quantum Cryptography over Noisy Channels. , 1996, Physical review letters.

[5]  Carlton M. Caves,et al.  Mathematical techniques for quantum communication theory , 1995 .

[6]  Gilles Brassard,et al.  Quantum Bit Commitment and Coin Tossing Protocols , 1990, CRYPTO.

[7]  Steane,et al.  Error Correcting Codes in Quantum Theory. , 1996, Physical review letters.

[8]  Griffiths,et al.  Semiclassical Fourier transform for quantum computation. , 1995, Physical review letters.

[9]  J. Preskill Reliable quantum computers , 1997, Proceedings of the Royal Society of London. Series A: Mathematical, Physical and Engineering Sciences.

[10]  Hoi-Kwong Lo,et al.  Insecurity of Quantum Secure Computations , 1996, ArXiv.

[11]  Shor,et al.  Scheme for reducing decoherence in quantum computer memory. , 1995, Physical review. A, Atomic, molecular, and optical physics.

[12]  M. Ardehali A Quantum Bit Commitment Protocol Based on EPR States , 1995, quant-ph/9505019.

[13]  Gilles Brassard,et al.  Experimental Quantum Cryptography , 1990, EUROCRYPT.

[14]  Nicholas V. Findler,et al.  An artificial intelligence technique to generate self-optimizing experimental designs , 1983, SIGA.

[15]  C. Fuchs Distinguishability and Accessible Information in Quantum Theory , 1996, quant-ph/9601020.

[16]  R. Jozsa,et al.  A Complete Classification of Quantum Ensembles Having a Given Density Matrix , 1993 .

[17]  Dominic Mayers,et al.  On the Security of the Quantum Oblivious Transfer and Key Distribution Protocols , 1995, CRYPTO.

[18]  Dominic Mayers Unconditionally secure quantum bit commitment is impossible , 1997 .

[19]  Andrew Chi-Chih Yao,et al.  Security of quantum protocols against coherent measurements , 1995, STOC '95.

[20]  D. Mayers The Trouble with Quantum Bit Commitment , 1996, quant-ph/9603015.

[21]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[22]  Peter W. Shor,et al.  Fault-tolerant quantum computation , 1996, Proceedings of 37th Conference on Foundations of Computer Science.

[23]  Hoi-Kwong Lo,et al.  Is Quantum Bit Commitment Really Possible? , 1996, ArXiv.

[24]  Dominic Mayers,et al.  Quantum Key Distribution and String Oblivious Transfer in Noisy Channels , 1996, CRYPTO.

[25]  Hoi-Kwong Lo,et al.  Making An Empty Promise With A Quantum Computer (Or, A Brief Review on the Impossibility of Quantum Bit Commitment) , 1998, IACR Cryptol. ePrint Arch..

[26]  R. Jozsa Fidelity for Mixed Quantum States , 1994 .

[27]  E. Biham,et al.  Security of Quantum Cryptography against Collective Attacks , 1996, quant-ph/9605007.

[28]  M. Ardehali A simple quantum oblivious transfer protocol , 1995 .

[29]  Ekert,et al.  Quantum cryptography based on Bell's theorem. , 1991, Physical review letters.