Optimization of coherent attacks in generalizations of the BB84 quantum bit commitment protocol

It is well known that no quantum bit commitment protocol is unconditionally secure. Nonetheless, there can be non-trivial upper bounds on both Bob's probability of correctly estimating Alice's commitment and Alice's probability of successfully unveiling whatever bit she desires. In this paper, we seek to determine these bounds for generalizations of the BB84 bit commitment protocol. In such protocols, an honest Alice commits to a bit by randomly choosing a state from a specified set and submitting this to Bob, and later unveils the bit to Bob by announcing the chosen state, at which point Bob measures the projector onto the state. Bob's optimal cheating strategy can be easily deduced from well known results in the theory of quantum state estimation. We show how to understand Alice's most general cheating strategy, (which involves her submitting to Bob one half of an entangled state) in terms of a theorem of Hughston, Jozsa and Wootters. We also show how the problem of optimizing Alice's cheating strategy for a fixed submitted state can be mapped onto a problem of state estimation. Finally, using the Bloch ball representation of qubit states, we identify the optimal coherent attack for a class of protocols that can be implemented with just a single qubit. These results provide a tight upper bound on Alice's probability of successfully unveiling whatever bit she desires in the protocol proposed by Aharonov et al., and lead us to identify a qubit protocol with even greater security.

[1]  Dominic Mayers Unconditionally secure quantum bit commitment is impossible , 1997 .

[2]  L. Goldenberg,et al.  Quantum Gambling , 1998, quant-ph/9808001.

[3]  J. Eberly,et al.  N-Level Coherence Vector and Higher Conservation Laws in Quantum Optics and Quantum Mechanics , 1981 .

[4]  C. Helstrom Quantum detection and estimation theory , 1969 .

[5]  E. Jaynes Information Theory and Statistical Mechanics , 1957 .

[6]  C. H. Bennett,et al.  Remote state preparation. , 2000, Physical review letters.

[7]  Jeffrey Bub,et al.  The Quantum Bit Commitment Theorem , 2000, quant-ph/0007090.

[8]  Gianni Cassinelli,et al.  On the Decompositions of a Quantum State , 1997 .

[9]  Adrian Kent,et al.  Cheat sensitive quantum bit commitment. , 1999, Physical review letters.

[10]  Andrew Chi-Chih Yao,et al.  Quantum bit escrow , 2000, STOC '00.

[11]  R. Jozsa,et al.  A Complete Classification of Quantum Ensembles Having a Given Density Matrix , 1993 .

[12]  T. Rudolph,et al.  Degrees of concealment and bindingness in quantum bit commitment protocols , 2001, quant-ph/0106019.

[13]  Hoi-Kwong Lo,et al.  Is Quantum Bit Commitment Really Possible? , 1996, ArXiv.

[14]  Andris Ambainis A new protocol and lower bounds for quantum coin flipping , 2004, J. Comput. Syst. Sci..

[15]  A. Peres Neumark's theorem and quantum inseparability , 1990 .

[16]  Adrian Kent,et al.  Unconditionally Secure Bit Commitment , 1998, quant-ph/9810068.

[17]  Christopher A. Fuchs Information Gain vs. State Disturbance in Quantum Theory , 1996 .

[18]  H. F. Chau,et al.  Why quantum bit commitment and ideal quantum coin tossing are impossible , 1997 .