4,630 research outputs found
Brief History of Quantum Cryptography: A Personal Perspective
Quantum cryptography is the only approach to privacy ever proposed that
allows two parties (who do not share a long secret key ahead of time) to
communicate with provably perfect secrecy under the nose of an eavesdropper
endowed with unlimited computational power and whose technology is limited by
nothing but the fundamental laws of nature. This essay provides a personal
historical perspective on the field. For the sake of liveliness, the style is
purposely that of a spontaneous after-dinner speech.Comment: 14 pages, no figure
Why Quantum Bit Commitment And Ideal Quantum Coin Tossing Are Impossible
There had been well known claims of unconditionally secure quantum protocols
for bit commitment. However, we, and independently Mayers, showed that all
proposed quantum bit commitment schemes are, in principle, insecure because the
sender, Alice, can almost always cheat successfully by using an
Einstein-Podolsky-Rosen (EPR) type of attack and delaying her measurements. One
might wonder if secure quantum bit commitment protocols exist at all. We answer
this question by showing that the same type of attack by Alice will, in
principle, break any bit commitment scheme. The cheating strategy generally
requires a quantum computer. We emphasize the generality of this ``no-go
theorem'': Unconditionally secure bit commitment schemes based on quantum
mechanics---fully quantum, classical or quantum but with measurements---are all
ruled out by this result. Since bit commitment is a useful primitive for
building up more sophisticated protocols such as zero-knowledge proofs, our
results cast very serious doubt on the security of quantum cryptography in the
so-called ``post-cold-war'' applications. We also show that ideal quantum coin
tossing is impossible because of the EPR attack. This no-go theorem for ideal
quantum coin tossing may help to shed some lights on the possibility of
non-ideal protocols.Comment: We emphasize the generality of this "no-go theorem". All bit
commitment schemes---fully quantum, classical and quantum but with
measurements---are shown to be necessarily insecure. Accepted for publication
in a special issue of Physica D. About 18 pages in elsart.sty. This is an
extended version of an earlier manuscript (quant-ph/9605026) which has
appeared in the proceedings of PHYSCOMP'9
Experimental quantum tossing of a single coin
The cryptographic protocol of coin tossing consists of two parties, Alice and
Bob, that do not trust each other, but want to generate a random bit. If the
parties use a classical communication channel and have unlimited computational
resources, one of them can always cheat perfectly. Here we analyze in detail
how the performance of a quantum coin tossing experiment should be compared to
classical protocols, taking into account the inevitable experimental
imperfections. We then report an all-optical fiber experiment in which a single
coin is tossed whose randomness is higher than achievable by any classical
protocol and present some easily realisable cheating strategies by Alice and
Bob.Comment: 13 page
A proposal for founding mistrustful quantum cryptography on coin tossing
A significant branch of classical cryptography deals with the problems which
arise when mistrustful parties need to generate, process or exchange
information. As Kilian showed a while ago, mistrustful classical cryptography
can be founded on a single protocol, oblivious transfer, from which general
secure multi-party computations can be built.
The scope of mistrustful quantum cryptography is limited by no-go theorems,
which rule out, inter alia, unconditionally secure quantum protocols for
oblivious transfer or general secure two-party computations. These theorems
apply even to protocols which take relativistic signalling constraints into
account. The best that can be hoped for, in general, are quantum protocols
computationally secure against quantum attack. I describe here a method for
building a classically certified bit commitment, and hence every other
mistrustful cryptographic task, from a secure coin tossing protocol. No
security proof is attempted, but I sketch reasons why these protocols might
resist quantum computational attack.Comment: Title altered in deference to Physical Review's fear of question
marks. Published version; references update
Experimental Quantum Coin Tossing
In this letter we present the first implementation of a quantum coin tossing
protocol. This protocol belongs to a class of ``two-party'' cryptographic
problems, where the communication partners distrust each other. As with a
number of such two-party protocols, the best implementation of the quantum coin
tossing requires qutrits. In this way, we have also performed the first
complete quantum communication protocol with qutrits. In our experiment the two
partners succeeded to remotely toss a row of coins using photons entangled in
the orbital angular momentum. We also show the experimental bounds of a
possible cheater and the ways of detecting him
Quantum Bit Commitment with a Composite Evidence
Entanglement-based attacks, which are subtle and powerful, are usually
believed to render quantum bit commitment insecure. We point out that the no-go
argument leading to this view implicitly assumes the evidence-of-commitment to
be a monolithic quantum system. We argue that more general evidence structures,
allowing for a composite, hybrid (classical-quantum) evidence, conduce to
improved security. In particular, we present and prove the security of the
following protocol: Bob sends Alice an anonymous state. She inscribes her
commitment by measuring part of it in the + (for ) or (for
) basis. She then communicates to him the (classical) measurement outcome
and the part-measured anonymous state interpolated into other, randomly
prepared qubits as her evidence-of-commitment.Comment: 6 pages, minor changes, journal reference adde
Coin Tossing is Strictly Weaker Than Bit Commitment
We define cryptographic assumptions applicable to two mistrustful parties who
each control two or more separate secure sites between which special relativity
guarantees a time lapse in communication. We show that, under these
assumptions, unconditionally secure coin tossing can be carried out by
exchanges of classical information. We show also, following Mayers, Lo and
Chau, that unconditionally secure bit commitment cannot be carried out by
finitely many exchanges of classical or quantum information. Finally we show
that, under standard cryptographic assumptions, coin tossing is strictly weaker
than bit commitment. That is, no secure classical or quantum bit commitment
protocol can be built from a finite number of invocations of a secure coin
tossing black box together with finitely many additional information exchanges.Comment: Final version; to appear in Phys. Rev. Let
Quantum Gambling Using Three Nonorthogonal States
We provide a quantum gambling protocol using three (symmetric) nonorthogonal
states. The bias of the proposed protocol is less than that of previous ones,
making it more practical. We show that the proposed scheme is secure against
non-entanglement attacks. The security of the proposed scheme against
entanglement attacks is shown heuristically.Comment: no essential correction, 4 pages, RevTe
- …