1,674 research outputs found
Quantum Weak Coin Flipping
We investigate weak coin flipping, a fundamental cryptographic primitive
where two distrustful parties need to remotely establish a shared random bit. A
cheating player can try to bias the output bit towards a preferred value. For
weak coin flipping the players have known opposite preferred values. A weak
coin-flipping protocol has a bias if neither player can force the
outcome towards their preferred value with probability more than
. While it is known that all classical protocols have
, Mochon showed in 2007 [arXiv:0711.4114] that quantumly
weak coin flipping can be achieved with arbitrarily small bias (near perfect)
but the best known explicit protocol has bias (also due to Mochon, 2005
[Phys. Rev. A 72, 022341]). We propose a framework to construct new explicit
protocols achieving biases below . In particular, we construct explicit
unitaries for protocols with bias approaching . To go below, we introduce
what we call the Elliptic Monotone Align (EMA) algorithm which, together with
the framework, allows us to numerically construct protocols with arbitrarily
small biases.Comment: 98 pages split into 3 parts, 10 figures; For updates and contact
information see https://atulsingharora.github.io/WCF. Version 2 has minor
improvements. arXiv admin note: text overlap with arXiv:1402.7166 by other
author
Serial composition of quantum coin-flipping, and bounds on cheat detection for bit-commitment
Quantum protocols for coin-flipping can be composed in series in such a way
that a cheating party gains no extra advantage from using entanglement between
different rounds. This composition principle applies to coin-flipping protocols
with cheat sensitivity as well, and is used to derive two results: There are no
quantum strong coin-flipping protocols with cheat sensitivity that is linear in
the bias (or bit-commitment protocols with linear cheat detection) because
these can be composed to produce strong coin-flipping with arbitrarily small
bias. On the other hand, it appears that quadratic cheat detection cannot be
composed in series to obtain even weak coin-flipping with arbitrarily small
bias.Comment: 7 pages, REVTeX 4 (minor corrections in v2
Tight bounds for classical and quantum coin flipping
Coin flipping is a cryptographic primitive for which strictly better
protocols exist if the players are not only allowed to exchange classical, but
also quantum messages. During the past few years, several results have appeared
which give a tight bound on the range of implementable unconditionally secure
coin flips, both in the classical as well as in the quantum setting and for
both weak as well as strong coin flipping. But the picture is still incomplete:
in the quantum setting, all results consider only protocols with perfect
correctness, and in the classical setting tight bounds for strong coin flipping
are still missing. We give a general definition of coin flipping which unifies
the notion of strong and weak coin flipping (it contains both of them as
special cases) and allows the honest players to abort with a certain
probability. We give tight bounds on the achievable range of parameters both in
the classical and in the quantum setting.Comment: 18 pages, 2 figures; v2: published versio
Multiparty Quantum Coin Flipping
We investigate coin-flipping protocols for multiple parties in a quantum
broadcast setting:
(1) We propose and motivate a definition for quantum broadcast. Our model of
quantum broadcast channel is new.
(2) We discovered that quantum broadcast is essentially a combination of
pairwise quantum channels and a classical broadcast channel. This is a somewhat
surprising conclusion, but helps us in both our lower and upper bounds.
(3) We provide tight upper and lower bounds on the optimal bias epsilon of a
coin which can be flipped by k parties of which exactly g parties are honest:
for any 1 <= g <= k, epsilon = 1/2 - Theta(g/k).
Thus, as long as a constant fraction of the players are honest, they can
prevent the coin from being fixed with at least a constant probability. This
result stands in sharp contrast with the classical setting, where no
non-trivial coin-flipping is possible when g <= k/2.Comment: v2: bounds now tight via new protocol; to appear at IEEE Conference
on Computational Complexity 200
Simple, near-optimal quantum protocols for die-rolling
Die-rolling is the cryptographic task where two mistrustful, remote parties
wish to generate a random -sided die-roll over a communication channel.
Optimal quantum protocols for this task have been given by Aharon and Silman
(New Journal of Physics, 2010) but are based on optimal weak coin-flipping
protocols which are currently very complicated and not very well understood. In
this paper, we first present very simple classical protocols for die-rolling
which have decent (and sometimes optimal) security which is in stark contrast
to coin-flipping, bit-commitment, oblivious transfer, and many other two-party
cryptographic primitives. We also present quantum protocols based on
integer-commitment, a generalization of bit-commitment, where one wishes to
commit to an integer. We analyze these protocols using semidefinite programming
and finally give protocols which are very close to Kitaev's lower bound for any
. Lastly, we briefly discuss an application of this work to the
quantum state discrimination problem.Comment: v2. Updated titl
Fair Loss-Tolerant Quantum Coin Flipping
Coin flipping is a cryptographic primitive in which two spatially separated
players, who in principle do not trust each other, wish to establish a common
random bit. If we limit ourselves to classical communication, this task
requires either assumptions on the computational power of the players or it
requires them to send messages to each other with sufficient simultaneity to
force their complete independence. Without such assumptions, all classical
protocols are so that one dishonest player has complete control over the
outcome. If we use quantum communication, on the other hand, protocols have
been introduced that limit the maximal bias that dishonest players can produce.
However, those protocols would be very difficult to implement in practice
because they are susceptible to realistic losses on the quantum channel between
the players or in their quantum memory and measurement apparatus. In this
paper, we introduce a novel quantum protocol and we prove that it is completely
impervious to loss. The protocol is fair in the sense that either player has
the same probability of success in cheating attempts at biasing the outcome of
the coin flip. We also give explicit and optimal cheating strategies for both
players.Comment: 12 pages, 1 figure; various minor typos corrected in version
- …