The quantum bit commitment: a complete classification of protocols (original) (raw)

The quantum bit commitment: a finite open system approach for a complete classification of protocols

2002

Mayers [1], Lo and Chau[2, 3] argued that all quantum bit commitment protocols are insecure, because there is no way to prevent an Einstein-Podolsky-Rosen (EPR) cheating attack. However, Yuen [4, 5, 6] presented some protocols which challenged the previous impossibility argument. Up to now, it is still debated whether there exist or not unconditionally secure protocols[7]. In this paper the above controversy is addressed. For such purpose, a complete classification of all possible bit commitment protocols is given, including all possible cheating attacks. Focusing on the simplest class of protocols (non-aborting and with complete and perfect verification), it is shown how naturally a game-theoretical situation arises. For these protocols, bounds for the cheating probabilities are derived, involving the two quantum operations encoding the bit values and their respective alternate Kraus decompositions. Such bounds are different from those given in the impossibility proof[1, 2, 3]. The whole classification and analysis has been carried out using a finite open system approach. The discrepancy with the impossibility proof is explained on the basis of the implicit adoption of a closed system approach-equivalent to modeling the commitment as performed by two fixed machines interacting unitarily in a overall closed system-according to which it is possible to assume as openly known both the initial state and the probability distributions for all secret parameters, which can be then purified. This approach is also motivated by existence of unitary extensions for any open system. However, it is shown that the closed system approach for the classification of commitment protocols unavoidably leads to infinite dimensions, which then invalidate the continuity argument at the basis of the impossibility proof.

Reexamination of quantum bit commitment: The possible and the impossible

Physical Review A, 2007

Bit commitment protocols whose security is based on the laws of quantum mechanics alone are generally held to be impossible. We give a strengthened and explicit proof of this result. We extend its scope to a much larger variety of protocols, which may have an arbitrary number of rounds, in which both classical and quantum information is exchanged, and which may include aborts and resets. Moreover, we do not consider the receiver to be bound to a fixed "honest" strategy, so that "anonymous state protocols," which were recently suggested as a possible way to beat the known no-go results, are also covered. We show that any concealing protocol allows the sender to find a cheating strategy, which is universal in the sense that it works against any strategy of the receiver. Moreover, if the concealing property holds only approximately, the cheat goes undetected with a high probability, which we explicitly estimate. The proof uses an explicit formalization of general two-party protocols, which is applicable to more general situations, and an estimate about the continuity of the Stinespring dilation of a general quantum channel. The result also provides a natural characterization of protocols that fall outside the standard setting of unlimited available technology and thus may allow secure bit commitment. We present such a protocol whose security, perhaps surprisingly, relies on decoherence in the receiver's laboratory.

Quantum bit commitment revisited: the possible and the impossible

2006

Bit commitment protocols whose security is based on the laws of quantum mechanics alone are generally held to be impossible. In this paper we give a strengthened and explicit proof of this result. We extend its scope to a much larger variety of protocols, which may have an arbitrary number of rounds, in which both classical and quantum information is exchanged, and which may include aborts and resets. Moreover, we do not consider the receiver to be bound to a fixed "honest" strategy, so that "anonymous state protocols", which were recently suggested as a possible way to beat the known no-go results are also covered. We show that any concealing protocol allows the sender to find a cheating strategy, which is universal in the sense that it works against any strategy of the receiver. Moreover, if the concealing property holds only approximately, the cheat goes undetected with a high probability, which we explicitly estimate. The proof uses an explicit formalization of general two party protocols, which is applicable to more general situations, and a new estimate about the continuity of the Stinespring dilation of a general quantum channel. The result also provides a natural characterization of protocols that fall outside the standard setting of unlimited available technology, and thus may allow secure bit commitment. We present a new such protocol whose security, perhaps surprisingly, relies on decoherence in the receiver's lab.

A short impossibility proof of Quantum Bit Commitment

2009

Bit commitment protocols, whose security is based on the laws of quantum mechanics alone, are generally held to be impossible on the basis of a concealment-bindingness tradeoff. A strengthened and explicit impossibility proof has been given in: G. M. D'Ariano, D. Kretschmann, D. Schlingemann, and R. F. Werner, Phys. Rev. A 76, 032328 (2007), in the Heisenberg picture and in a C*-algebraic framework, considering all conceivable protocols in which both classical and quantum information are exchanged. In the present paper we provide a new impossibility proof in the Schrodinger picture, greatly simplifying the classification of protocols and strategies using the mathematical formulation in terms of quantum combs, with each single-party strategy represented by a conditional comb. We prove that assuming a stronger notion of concealment--worst-case over the classical information histories--allows Alice's cheat to pass also the worst-case Bob's test. The present approach allows us to restate the concealment-bindingness tradeoff in terms of the continuity of dilations of probabilistic quantum combs with respect to the comb-discriminability distance.

A quantum bit commitment scheme provably unbreakable by both parties

Proceedings of 1993 IEEE 34th Annual Foundations of Computer Science, 1993

Assume that a party, Alice, has a bit x in mind, to which she would like to be committed toward another party, Bob. That is, Alice wishes, through a procedure c o m m i t (x) , to provide Bob with a piece of evidence that she has a bit x in mind and that she cannot change it. Meanwhile, Bob should not be able to tell from that evidence what x is. At a later time, Alice can reveal, through a procedure u n v e i l (z) , the value of x and prove to Bob that the piece of evidence sent earlier really corresponded to that bit. Classical bit commitment schemes (by which Alice's piece of evidence is classical information such as a bit string) cannot be secure against unlimited computing power and none have been proven secure against algorithmic sophistication. Previous quantum bit commitment schemes (by which Alice's piece of evidence is quantum information such as a stream of polarized photons) were known to be invulnerable to unlimited computing power and algorithmic sophistication, but not to arbitrary measurements allowed by quantum physics: perhaps more sophisticated use of quantum physics could have defeated them. We present a new quantum bit commitment scheme. The major contribution of this work is to provide the first complete proof that, according to the laws of quantum physics, neither participant, in the protocol can cheat, except with arbitrarily small probability. In addition, the new protocol can be implemented with current technology.

Defeating classical bit commitments with a quantum computer

Arxiv preprint quant-ph/ …, 1998

Abstract: It has been recently shown by Mayers that no bit commitment scheme is secure if the participants have unlimited computational power and technology. However it was noticed that a secure protocol could be obtained by forcing the cheater to perform a ...

An Information-Theoretic Perspective on the Quantum Bit Commitment Impossibility Theorem

Entropy

This paper proposes a different approach to pinpoint the causes for which an unconditionally secure quantum bit commitment protocol cannot be realized, beyond the technical details on which the proof of Mayers' no-go theorem is constructed. We have adopted the tools of quantum entropy analysis to investigate the conditions under which the security properties of quantum bit commitment can be circumvented. Our study has revealed that cheating the binding property requires the quantum system acting as the safe to harbor the same amount of uncertainty with respect to both observers (Alice and Bob) as well as the use of entanglement. Our analysis also suggests that the ability to cheat one of the two fundamental properties of bit commitment by any of the two participants depends on how much information is leaked from one side of the system to the other and how much remains hidden from the other participant.

Why quantum bit commitment and ideal quantum coin tossing are impossible

Physica D-nonlinear Phenomena, 1998

There had been well known claims of "provably unbreakable" quantum protocols for bit commitment and coin tossing. However, we, and independently Mayers, showed that all proposed quantum bit commitment (and therefore coin tossing) schemes are, in principle, insecure because the sender, Alice, can always cheat successfully by using an EPR-type of attack and delaying her measurements. One might wonder if secure quantum bit commitment and coin tossing protocols exist at all. Here we prove that an EPR-type of attack by Alice will, in principle, break any realistic quantum bit commitment and ideal coin tossing scheme. Therefore, provided that Alice has a quantum computer and is capable of storing quantum signals for an arbitrary length of time, all those schemes are insecure. Since bit commitment and coin tossing are useful primitives for building up more sophisticated protocols such as zero-knowledge proofs, our results cast very serious doubt on the security of quantum cryptography in the so-called "post-cold-war" applications.

Security of two-state and four-state practical quantum bit-commitment protocols

Physical Review A, 2016

We study cheating strategies against a practical four-state quantum bit-commitment protocol [A. Danan and L. Vaidman, Quant. Info. Proc. 11, 769 (2012)] and its two-state variant [R. Loura et al., Phys. Rev. A 89, 052336 (2014)] when the underlying quantum channels are noisy and the cheating party is constrained to using single-qubit measurements only. We show that simply inferring the transmitted photons' states by using the Breidbart basis, optimal for ambiguous (minimum-error) state discrimination, does not directly produce an optimal cheating strategy for this bit-commitment protocol. We introduce a strategy, based on certain postmeasurement processes, and show it to have better chances at cheating than the direct approach. We also study to what extent sending forged geographical coordinates helps a dishonest party in breaking the binding security requirement. Finally, we investigate the impact of imperfect single-photon sources in the protocols. Our study shows that, in terms of the resources used, the four-state protocol is advantageous over the two-state version. The analysis performed can be straightforwardly generalised to any finite-qubit measurement, with the same qualitative results.