Private Database Queries Using Quantum States with Limited Coherence Times

We describe a method for private database queries using exchange of quantum states with bits encoded in mutually incompatible bases. For technology with limited coherence time, the database vendor can announce the encoding after a suitable delay to allow the user to privately learn one of two items in the database without the ability to also definitely infer the second item. This quantum approach also allows the user to choose to learn other functions of the items, such as the exclusive-or of their bits, but not to gain more information than equivalent to learning one item, on average. This method is especially useful for items consisting of a few bits by avoiding the substantial overhead of conventional cryptographic approaches.Comment: extended to generalized (POVM) measurement

The Impossibility Of Secure Two-Party Classical Computation

We present attacks that show that unconditionally secure two-party classical computation is impossible for many classes of function. Our analysis applies to both quantum and relativistic protocols. We illustrate our results by showing the impossibility of oblivious transfer.Comment: 10 page

Why Quantum Bit Commitment And Ideal Quantum Coin Tossing Are Impossible

There had been well known claims of unconditionally secure quantum protocols for bit commitment. However, we, and independently Mayers, showed that all proposed quantum bit commitment schemes are, in principle, insecure because the sender, Alice, can almost always cheat successfully by using an Einstein-Podolsky-Rosen (EPR) type of attack and delaying her measurements. One might wonder if secure quantum bit commitment protocols exist at all. We answer this question by showing that the same type of attack by Alice will, in principle, break any bit commitment scheme. The cheating strategy generally requires a quantum computer. We emphasize the generality of this ``no-go theorem'': Unconditionally secure bit commitment schemes based on quantum mechanics---fully quantum, classical or quantum but with measurements---are all ruled out by this result. Since bit commitment is a useful primitive for building up more sophisticated protocols such as zero-knowledge proofs, our results cast very serious doubt on the security of quantum cryptography in the so-called ``post-cold-war'' applications. We also show that ideal quantum coin tossing is impossible because of the EPR attack. This no-go theorem for ideal quantum coin tossing may help to shed some lights on the possibility of non-ideal protocols.Comment: We emphasize the generality of this "no-go theorem". All bit commitment schemes---fully quantum, classical and quantum but with measurements---are shown to be necessarily insecure. Accepted for publication in a special issue of Physica D. About 18 pages in elsart.sty. This is an extended version of an earlier manuscript (quant-ph/9605026) which has appeared in the proceedings of PHYSCOMP'9

Can relativistic bit commitment lead to secure quantum oblivious transfer?

While unconditionally secure bit commitment (BC) is considered impossible within the quantum framework, it can be obtained under relativistic or experimental constraints. Here we study whether such BC can lead to secure quantum oblivious transfer (QOT). The answer is not completely negative. On one hand, we provide a detailed cheating strategy, showing that the "honest-but-curious adversaries" in some of the existing no-go proofs on QOT still apply even if secure BC is used, enabling the receiver to increase the average reliability of the decoded value of the transferred bit. On the other hand, it is also found that some other no-go proofs claiming that a dishonest receiver can always decode all transferred bits simultaneously with reliability 100% become invalid in this scenario, because their models of cryptographic protocols are too ideal to cover such a BC-based QOT.Comment: Published version. This paper generalized some results in Sec. V of arXiv:1101.4587, and pointed out the limitation of the proof in arXiv:quant-ph/961103

Security of quantum key distribution with imperfect devices

We prove the security of the Bennett-Brassard (BB84) quantum key distribution protocol in the case where the source and detector are under the limited control of an adversary. Our proof applies when both the source and the detector have small basis-dependent flaws, as is typical in practical implementations of the protocol. We derive a general lower bound on the asymptotic key generation rate for weakly basis-dependent eavesdropping attacks, and also estimate the rate in some special cases: sources that emit weak coherent states with random phases, detectors with basis-dependent efficiency, and misaligned sources and detectors.Comment: 22 pages. (v3): Minor changes. (v2): Extensively revised and expanded. New results include a security proof for generic small flaws in the source and the detecto