38 research outputs found
Flipping quantum coins
Coin flipping is a cryptographic primitive in which two distrustful parties
wish to generate a random bit in order to choose between two alternatives. This
task is impossible to realize when it relies solely on the asynchronous
exchange of classical bits: one dishonest player has complete control over the
final outcome. It is only when coin flipping is supplemented with quantum
communication that this problem can be alleviated, although partial bias
remains. Unfortunately, practical systems are subject to loss of quantum data,
which restores complete or nearly complete bias in previous protocols. We
report herein on the first implementation of a quantum coin-flipping protocol
that is impervious to loss. Moreover, in the presence of unavoidable
experimental noise, we propose to use this protocol sequentially to implement
many coin flips, which guarantees that a cheater unwillingly reveals
asymptotically, through an increased error rate, how many outcomes have been
fixed. Hence, we demonstrate for the first time the possibility of flipping
coins in a realistic setting. Flipping quantum coins thereby joins quantum key
distribution as one of the few currently practical applications of quantum
communication. We anticipate our findings to be useful for various
cryptographic protocols and other applications, such as an online casino, in
which a possibly unlimited number of coin flips has to be performed and where
each player is free to decide at any time whether to continue playing or not.Comment: 17 pages, 3 figure
Tight bounds for classical and quantum coin flipping
Coin flipping is a cryptographic primitive for which strictly better
protocols exist if the players are not only allowed to exchange classical, but
also quantum messages. During the past few years, several results have appeared
which give a tight bound on the range of implementable unconditionally secure
coin flips, both in the classical as well as in the quantum setting and for
both weak as well as strong coin flipping. But the picture is still incomplete:
in the quantum setting, all results consider only protocols with perfect
correctness, and in the classical setting tight bounds for strong coin flipping
are still missing. We give a general definition of coin flipping which unifies
the notion of strong and weak coin flipping (it contains both of them as
special cases) and allows the honest players to abort with a certain
probability. We give tight bounds on the achievable range of parameters both in
the classical and in the quantum setting.Comment: 18 pages, 2 figures; v2: published versio
Simple, near-optimal quantum protocols for die-rolling
Die-rolling is the cryptographic task where two mistrustful, remote parties
wish to generate a random -sided die-roll over a communication channel.
Optimal quantum protocols for this task have been given by Aharon and Silman
(New Journal of Physics, 2010) but are based on optimal weak coin-flipping
protocols which are currently very complicated and not very well understood. In
this paper, we first present very simple classical protocols for die-rolling
which have decent (and sometimes optimal) security which is in stark contrast
to coin-flipping, bit-commitment, oblivious transfer, and many other two-party
cryptographic primitives. We also present quantum protocols based on
integer-commitment, a generalization of bit-commitment, where one wishes to
commit to an integer. We analyze these protocols using semidefinite programming
and finally give protocols which are very close to Kitaev's lower bound for any
. Lastly, we briefly discuss an application of this work to the
quantum state discrimination problem.Comment: v2. Updated titl
Fair Loss-Tolerant Quantum Coin Flipping
Coin flipping is a cryptographic primitive in which two spatially separated
players, who in principle do not trust each other, wish to establish a common
random bit. If we limit ourselves to classical communication, this task
requires either assumptions on the computational power of the players or it
requires them to send messages to each other with sufficient simultaneity to
force their complete independence. Without such assumptions, all classical
protocols are so that one dishonest player has complete control over the
outcome. If we use quantum communication, on the other hand, protocols have
been introduced that limit the maximal bias that dishonest players can produce.
However, those protocols would be very difficult to implement in practice
because they are susceptible to realistic losses on the quantum channel between
the players or in their quantum memory and measurement apparatus. In this
paper, we introduce a novel quantum protocol and we prove that it is completely
impervious to loss. The protocol is fair in the sense that either player has
the same probability of success in cheating attempts at biasing the outcome of
the coin flip. We also give explicit and optimal cheating strategies for both
players.Comment: 12 pages, 1 figure; various minor typos corrected in version
Fidelity of Quantum Strategies with Applications to Cryptography
We introduce a definition of the fidelity function for multi-round quantum strategies, which we call the strategy fidelity, that is a generalization of the fidelity function for quantum states. We provide many interesting properties of the strategy fidelity including a Fuchs-van de Graaf relationship with the strategy norm. We illustrate an operational interpretation of the strategy fidelity in the spirit of Uhlmann\u27s Theorem and discuss its application to the security analysis of quantum protocols for interactive cryptographic tasks such as bit-commitment and oblivious string transfer. Our analysis is very general in the sense that the actions of the protocol need not be fully specified, which is in stark contrast to most other security proofs. Lastly, we provide a semidefinite programming formulation of the strategy fidelity
Recommended from our members
Unconditionally secure relativistic multi-party biased coin flipping and die rolling.
We introduce relativistic multi-party biased die-rolling protocols, generalizing coin flipping to M ≥ 2 parties and to N ≥ 2 outcomes for any chosen outcome biases and show them unconditionally secure. Our results prove that the most general random secure multi-party computation, where all parties receive the output and there is no secret input by any party, can be implemented with unconditional security. Our protocols extend Kent's (Kent A. 1999 Phys. Rev. Lett. 83, 5382) two-party unbiased coin-flipping protocol, do not require any quantum communication, are practical to implement with current technology and to our knowledge are the first multi-party relativistic cryptographic protocols