Unconditionally Secure Bit Commitment

We describe a new classical bit commitment protocol based on cryptographic constraints imposed by special relativity. The protocol is unconditionally secure against classical or quantum attacks. It evades the no-go results of Mayers, Lo and Chau by requiring from Alice a sequence of communications, including a post-revelation verification, each of which is guaranteed to be independent of its predecessor.Comment: Typos corrected. Reference details added. To appear in Phys. Rev. Let

Device-Independent Relativistic Quantum Bit Commitment

We examine the possibility of device-independent relativistic quantum bit commitment. We note the potential threat of {\it location attacks}, in which the behaviour of untrusted devices used in relativistic quantum cryptography depends on their space-time location. We describe relativistic quantum bit commitment schemes that are immune to these attacks, and show that these schemes offer device-independent security against hypothetical post-quantum adversaries subject only to the no-signalling principle. We compare a relativistic classical bit commitment scheme with similar features, and note some possible advantages of the quantum schemes

No Superluminal Signaling Implies Unconditionally Secure Bit Commitment

Bit commitment (BC) is an important cryptographic primitive for an agent to convince a mutually mistrustful party that she has already made a binding choice of 0 or 1 but only to reveal her choice at a later time. Ideally, a BC protocol should be simple, reliable, easy to implement using existing technologies, and most importantly unconditionally secure in the sense that its security is based on an information-theoretic proof rather than computational complexity assumption or the existence of a trustworthy arbitrator. Here we report such a provably secure scheme involving only one-way classical communications whose unconditional security is based on no superluminal signaling (NSS). Our scheme is inspired by the earlier works by Kent, who proposed two impractical relativistic protocols whose unconditional securities are yet to be established as well as several provably unconditionally secure protocols which rely on both quantum mechanics and NSS. Our scheme is conceptually simple and shows for the first time that quantum communication is not needed to achieve unconditional security for BC. Moreover, with purely classical communications, our scheme is practical and easy to implement with existing telecom technologies. This completes the cycle of study of unconditionally secure bit commitment based on known physical laws.Comment: This paper has been withdrawn by the authors due to a crucial oversight on an earlier work by A. Ken

Secure bit commitment from relativistic constraints

We investigate two-party cryptographic protocols that are secure under assumptions motivated by physics, namely relativistic assumptions (no-signalling) and quantum mechanics. In particular, we discuss the security of bit commitment in so-called split models, i.e. models in which at least some of the parties are not allowed to communicate during certain phases of the protocol. We find the minimal splits that are necessary to evade the Mayers-Lo-Chau no-go argument and present protocols that achieve security in these split models. Furthermore, we introduce the notion of local versus global command, a subtle issue that arises when the split committer is required to delegate non-communicating agents to open the commitment. We argue that classical protocols are insecure under global command in the split model we consider. On the other hand, we provide a rigorous security proof in the global command model for Kent's quantum protocol [Kent 2011, Unconditionally Secure Bit Commitment by Transmitting Measurement Outcomes]. The proof employs two fundamental principles of modern physics, the no-signalling property of relativity and the uncertainty principle of quantum mechanics.Comment: published version, IEEE format, 18 pages, 8 figure

The cryptographic power of misaligned reference frames

Suppose that Alice and Bob define their coordinate axes differently, and the change of reference frame between them is given by a probability distribution mu over SO(3). We show that this uncertainty of reference frame is of no use for bit commitment when mu is uniformly distributed over a (sub)group of SO(3), but other choices of mu can give rise to a partially or even asymptotically secure bit commitment.Comment: 4 pages Latex; v2 has a new referenc