1,367 research outputs found
Insecurity of Quantum Secure Computations
It had been widely claimed that quantum mechanics can protect private
information during public decision in for example the so-called two-party
secure computation. If this were the case, quantum smart-cards could prevent
fake teller machines from learning the PIN (Personal Identification Number)
from the customers' input. Although such optimism has been challenged by the
recent surprising discovery of the insecurity of the so-called quantum bit
commitment, the security of quantum two-party computation itself remains
unaddressed. Here I answer this question directly by showing that all
``one-sided'' two-party computations (which allow only one of the two parties
to learn the result) are necessarily insecure. As corollaries to my results,
quantum one-way oblivious password identification and the so-called quantum
one-out-of-two oblivious transfer are impossible. I also construct a class of
functions that cannot be computed securely in any ``two-sided'' two-party
computation. Nevertheless, quantum cryptography remains useful in key
distribution and can still provide partial security in ``quantum money''
proposed by Wiesner.Comment: The discussion on the insecurity of even non-ideal protocols has been
greatly extended. Other technical points are also clarified. Version accepted
for publication in Phys. Rev.
The Impossibility Of Secure Two-Party Classical Computation
We present attacks that show that unconditionally secure two-party classical
computation is impossible for many classes of function. Our analysis applies to
both quantum and relativistic protocols. We illustrate our results by showing
the impossibility of oblivious transfer.Comment: 10 page
The relationship between two flavors of oblivious transfer at the quantum level
Though all-or-nothing oblivious transfer and one-out-of-two oblivious
transfer are equivalent in classical cryptography, we here show that due to the
nature of quantum cryptography, a protocol built upon secure quantum
all-or-nothing oblivious transfer cannot satisfy the rigorous definition of
quantum one-out-of-two oblivious transfer.Comment: 4 pages, no figur
Can relativistic bit commitment lead to secure quantum oblivious transfer?
While unconditionally secure bit commitment (BC) is considered impossible
within the quantum framework, it can be obtained under relativistic or
experimental constraints. Here we study whether such BC can lead to secure
quantum oblivious transfer (QOT). The answer is not completely negative. On one
hand, we provide a detailed cheating strategy, showing that the
"honest-but-curious adversaries" in some of the existing no-go proofs on QOT
still apply even if secure BC is used, enabling the receiver to increase the
average reliability of the decoded value of the transferred bit. On the other
hand, it is also found that some other no-go proofs claiming that a dishonest
receiver can always decode all transferred bits simultaneously with reliability
100% become invalid in this scenario, because their models of cryptographic
protocols are too ideal to cover such a BC-based QOT.Comment: Published version. This paper generalized some results in Sec. V of
arXiv:1101.4587, and pointed out the limitation of the proof in
arXiv:quant-ph/961103
Why Quantum Bit Commitment And Ideal Quantum Coin Tossing Are Impossible
There had been well known claims of unconditionally secure quantum protocols
for bit commitment. However, we, and independently Mayers, showed that all
proposed quantum bit commitment schemes are, in principle, insecure because the
sender, Alice, can almost always cheat successfully by using an
Einstein-Podolsky-Rosen (EPR) type of attack and delaying her measurements. One
might wonder if secure quantum bit commitment protocols exist at all. We answer
this question by showing that the same type of attack by Alice will, in
principle, break any bit commitment scheme. The cheating strategy generally
requires a quantum computer. We emphasize the generality of this ``no-go
theorem'': Unconditionally secure bit commitment schemes based on quantum
mechanics---fully quantum, classical or quantum but with measurements---are all
ruled out by this result. Since bit commitment is a useful primitive for
building up more sophisticated protocols such as zero-knowledge proofs, our
results cast very serious doubt on the security of quantum cryptography in the
so-called ``post-cold-war'' applications. We also show that ideal quantum coin
tossing is impossible because of the EPR attack. This no-go theorem for ideal
quantum coin tossing may help to shed some lights on the possibility of
non-ideal protocols.Comment: We emphasize the generality of this "no-go theorem". All bit
commitment schemes---fully quantum, classical and quantum but with
measurements---are shown to be necessarily insecure. Accepted for publication
in a special issue of Physica D. About 18 pages in elsart.sty. This is an
extended version of an earlier manuscript (quant-ph/9605026) which has
appeared in the proceedings of PHYSCOMP'9
Is Quantum Bit Commitment Really Possible?
We show that all proposed quantum bit commitment schemes are insecure because
the sender, Alice, can almost always cheat successfully by using an
Einstein-Podolsky-Rosen type of attack and delaying her measurement until she
opens her commitment.Comment: Major revisions to include a more extensive introduction and an
example of bit commitment. Overlap with independent work by Mayers
acknowledged. More recent works by Mayers, by Lo and Chau and by Lo are also
noted. Accepted for publication in Phys. Rev. Let
- …