An Information-Theoretic Perspective on the Quantum Bit Commitment Impossibility Theorem (original) (raw)
Related papers
Quantum bit commitment revisited: the possible and the impossible
2006
Bit commitment protocols whose security is based on the laws of quantum mechanics alone are generally held to be impossible. In this paper we give a strengthened and explicit proof of this result. We extend its scope to a much larger variety of protocols, which may have an arbitrary number of rounds, in which both classical and quantum information is exchanged, and which may include aborts and resets. Moreover, we do not consider the receiver to be bound to a fixed "honest" strategy, so that "anonymous state protocols", which were recently suggested as a possible way to beat the known no-go results are also covered. We show that any concealing protocol allows the sender to find a cheating strategy, which is universal in the sense that it works against any strategy of the receiver. Moreover, if the concealing property holds only approximately, the cheat goes undetected with a high probability, which we explicitly estimate. The proof uses an explicit formalization of general two party protocols, which is applicable to more general situations, and a new estimate about the continuity of the Stinespring dilation of a general quantum channel. The result also provides a natural characterization of protocols that fall outside the standard setting of unlimited available technology, and thus may allow secure bit commitment. We present a new such protocol whose security, perhaps surprisingly, relies on decoherence in the receiver's lab.
Reexamination of quantum bit commitment: The possible and the impossible
Physical Review A, 2007
Bit commitment protocols whose security is based on the laws of quantum mechanics alone are generally held to be impossible. We give a strengthened and explicit proof of this result. We extend its scope to a much larger variety of protocols, which may have an arbitrary number of rounds, in which both classical and quantum information is exchanged, and which may include aborts and resets. Moreover, we do not consider the receiver to be bound to a fixed "honest" strategy, so that "anonymous state protocols," which were recently suggested as a possible way to beat the known no-go results, are also covered. We show that any concealing protocol allows the sender to find a cheating strategy, which is universal in the sense that it works against any strategy of the receiver. Moreover, if the concealing property holds only approximately, the cheat goes undetected with a high probability, which we explicitly estimate. The proof uses an explicit formalization of general two-party protocols, which is applicable to more general situations, and an estimate about the continuity of the Stinespring dilation of a general quantum channel. The result also provides a natural characterization of protocols that fall outside the standard setting of unlimited available technology and thus may allow secure bit commitment. We present such a protocol whose security, perhaps surprisingly, relies on decoherence in the receiver's laboratory.
Degrees of concealment and bindingness in quantum bit commitment protocols
Physical Review A, 2001
Although it is impossible for a bit commitment protocol to be both arbitrarily concealing and arbitrarily binding, it is possible for it to be both partially concealing and partially binding. This means that Bob cannot, prior to the beginning of the unveiling phase, find out everything about the bit committed, and Alice cannot, through actions taken after the end of the commitment phase, unveil whatever bit she desires. We determine upper bounds on the degrees of concealment and bindingness that can be achieved simultaneously in any bit commitment protocol, although it is unknown whether these can be saturated. We do, however, determine the maxima of these quantities in a restricted class of bit commitment protocols, namely those wherein all the systems that play a role in the commitment phase are supplied by Alice. We show that these maxima can be achieved using a protocol that requires Alice to prepare a pair of systems in an entangled state, submit one of the pair to Bob at the commitment phase, and the other at the unveiling phase. Finally, we determine the form of the trade-off that exists between the degree of concealment and the degree of bindingness given various assumptions about the purity and dimensionality of the states used in the protocol.
A quantum bit commitment scheme provably unbreakable by both parties
Proceedings of 1993 IEEE 34th Annual Foundations of Computer Science, 1993
Assume that a party, Alice, has a bit x in mind, to which she would like to be committed toward another party, Bob. That is, Alice wishes, through a procedure c o m m i t (x) , to provide Bob with a piece of evidence that she has a bit x in mind and that she cannot change it. Meanwhile, Bob should not be able to tell from that evidence what x is. At a later time, Alice can reveal, through a procedure u n v e i l (z) , the value of x and prove to Bob that the piece of evidence sent earlier really corresponded to that bit. Classical bit commitment schemes (by which Alice's piece of evidence is classical information such as a bit string) cannot be secure against unlimited computing power and none have been proven secure against algorithmic sophistication. Previous quantum bit commitment schemes (by which Alice's piece of evidence is quantum information such as a stream of polarized photons) were known to be invulnerable to unlimited computing power and algorithmic sophistication, but not to arbitrary measurements allowed by quantum physics: perhaps more sophisticated use of quantum physics could have defeated them. We present a new quantum bit commitment scheme. The major contribution of this work is to provide the first complete proof that, according to the laws of quantum physics, neither participant, in the protocol can cheat, except with arbitrarily small probability. In addition, the new protocol can be implemented with current technology.
A brief review on the impossibility of quantum bit commitment
Arxiv preprint quant-ph/ …, 1997
The desire to obtain an unconditionally secure bit commitment protocol in quantum cryp-tography was expressed for the first time thirteen years ago. Bit commitment is sufficient in quantum cryptography to realize a variety of applications with unconditional security. In 1993, a quantum bit ...
11 On the impossibility of non-static quantum bit commitment between two parties.pdf
an assumption on Mayers-Lo-Chau (MLC) no-go theorem that the state of the entire quantum system is invariable to both participants before the unveiling phase. This makes us suspect that the theorem is only applicable to static quantum bit commitment (QBC). This paper clarifies that the MLC no-go theorem can be applied to not only static QBC, but also non-static one. A nonstatic QBC protocol proposed by Choi et al. is briefly reviewed and analyzed to work as a supporting example. In addition, a novel way to prove the impossibility of the two kinds of QBC is given.
12 On the impossibility of non-static quantum bit commitment between two parties.pdf
an assumption on Mayers-Lo-Chau (MLC) no-go theorem that the state of the entire quantum system is invariable to both participants before the unveiling phase. This makes us suspect that the theorem is only applicable to static quantum bit commitment (QBC). This paper clarifies that the MLC no-go theorem can be applied to not only static QBC, but also non-static one. A nonstatic QBC protocol proposed by Choi et al. is briefly reviewed and analyzed to work as a supporting example. In addition, a novel way to prove the impossibility of the two kinds of QBC is given.
A short impossibility proof of Quantum Bit Commitment
2009
Bit commitment protocols, whose security is based on the laws of quantum mechanics alone, are generally held to be impossible on the basis of a concealment-bindingness tradeoff. A strengthened and explicit impossibility proof has been given in: G. M. D'Ariano, D. Kretschmann, D. Schlingemann, and R. F. Werner, Phys. Rev. A 76, 032328 (2007), in the Heisenberg picture and in a C*-algebraic framework, considering all conceivable protocols in which both classical and quantum information are exchanged. In the present paper we provide a new impossibility proof in the Schrodinger picture, greatly simplifying the classification of protocols and strategies using the mathematical formulation in terms of quantum combs, with each single-party strategy represented by a conditional comb. We prove that assuming a stronger notion of concealment--worst-case over the classical information histories--allows Alice's cheat to pass also the worst-case Bob's test. The present approach allows us to restate the concealment-bindingness tradeoff in terms of the continuity of dilations of probabilistic quantum combs with respect to the comb-discriminability distance.
Security of Quantum Bit String Commitment Depends on the Information Measure
Physical Review Letters, 2006
Unconditionally secure non-relativistic bit commitment is known to be impossible in both the classical and the quantum world. However, when committing to a string of n bits at once, how far can we stretch the quantum limits? In this letter, we introduce a framework of quantum schemes where Alice commits a string of n bits to Bob, in such a way that she can only cheat on a bits and Bob can learn at most b bits of information before the reveal phase. Our results are two-fold: we show by an explicit construction that in the traditional approach, where the reveal and guess probabilities form the security criteria, no good schemes can exist: a + b is at least n. If, however, we use a more liberal criterion of security, the accessible information, we construct schemes where a = 4 log 2 n + O(1) and b = 4, which is impossible classically. Our findings significantly extend known no-go results for quantum bit commitment.