315 research outputs found
Bound on distributed entanglement
Using the convex-roof extended negativity and the negativity of assistance as
quantifications of bipartite entanglement, we consider the possible
remotely-distributed entanglement. For two pure states and
on bipartite systems and , we first show that the
possible amount of entanglement remotely distributed on the system by
joint measurement on the system is not less than the product of two
amounts of entanglement for the states and
in two-qubit and two-qutrit systems. We also provide some sufficient
conditions, for which the result can be generalized into higher-dimensional
quantum systems.Comment: 5 page
Unconditionally secure quantum bit commitment is impossible
The claim of quantum cryptography has always been that it can provide
protocols that are unconditionally secure, that is, for which the security does
not depend on any restriction on the time, space or technology available to the
cheaters. We show that this claim does not hold for any quantum bit commitment
protocol. Since many cryptographic tasks use bit commitment as a basic
primitive, this result implies a severe setback for quantum cryptography. The
model used encompasses all reasonable implementations of quantum bit commitment
protocols in which the participants have not met before, including those that
make use of the theory of special relativity.Comment: 4 pages, revtex. Journal version replacing the version published in
the proceedings of PhysComp96. This is a significantly improved version which
emphasis the generality of the resul
Quantum Bit String Commitment
A bit string commitment protocol securely commits classical bits in such
a way that the recipient can extract only bits of information about the
string. Classical reasoning might suggest that bit string commitment implies
bit commitment and hence, given the Mayers-Lo-Chau theorem, that
non-relativistic quantum bit string commitment is impossible. Not so: there
exist non-relativistic quantum bit string commitment protocols, with security
parameters and , that allow to commit
bits to so that 's probability of successfully cheating when revealing
any bit and 's probability of extracting more than bits of
information about the bit string before revelation are both less than
. With a slightly weakened but still restrictive definition of
security against , can be taken to be for a positive
constant . I briefly discuss possible applications.Comment: Published version. (Refs updated.
Cheat Sensitive Quantum Bit Commitment
We define cheat sensitive cryptographic protocols between mistrustful parties
as protocols which guarantee that, if either cheats, the other has some nonzero
probability of detecting the cheating. We give an example of an unconditionally
secure cheat sensitive non-relativistic bit commitment protocol which uses
quantum information to implement a task which is classically impossible; we
also describe a simple relativistic protocol.Comment: Final version: a slightly shortened version of this will appear in
PRL. Minor corrections from last versio
Is Quantum Bit Commitment Really Possible?
We show that all proposed quantum bit commitment schemes are insecure because
the sender, Alice, can almost always cheat successfully by using an
Einstein-Podolsky-Rosen type of attack and delaying her measurement until she
opens her commitment.Comment: Major revisions to include a more extensive introduction and an
example of bit commitment. Overlap with independent work by Mayers
acknowledged. More recent works by Mayers, by Lo and Chau and by Lo are also
noted. Accepted for publication in Phys. Rev. Let
Insecurity of Quantum Secure Computations
It had been widely claimed that quantum mechanics can protect private
information during public decision in for example the so-called two-party
secure computation. If this were the case, quantum smart-cards could prevent
fake teller machines from learning the PIN (Personal Identification Number)
from the customers' input. Although such optimism has been challenged by the
recent surprising discovery of the insecurity of the so-called quantum bit
commitment, the security of quantum two-party computation itself remains
unaddressed. Here I answer this question directly by showing that all
``one-sided'' two-party computations (which allow only one of the two parties
to learn the result) are necessarily insecure. As corollaries to my results,
quantum one-way oblivious password identification and the so-called quantum
one-out-of-two oblivious transfer are impossible. I also construct a class of
functions that cannot be computed securely in any ``two-sided'' two-party
computation. Nevertheless, quantum cryptography remains useful in key
distribution and can still provide partial security in ``quantum money''
proposed by Wiesner.Comment: The discussion on the insecurity of even non-ideal protocols has been
greatly extended. Other technical points are also clarified. Version accepted
for publication in Phys. Rev.
Quantum identification system
A secure quantum identification system combining a classical identification
procedure and quantum key distribution is proposed. Each identification
sequence is always used just once and new sequences are ``refuelled'' from a
shared provably secret key transferred through the quantum channel. Two
identification protocols are devised. The first protocol can be applied when
legitimate users have an unjammable public channel at their disposal. The
deception probability is derived for the case of a noisy quantum channel. The
second protocol employs unconditionally secure authentication of information
sent over the public channel, and thus it can be applied even in the case when
an adversary is allowed to modify public communications. An experimental
realization of a quantum identification system is described.Comment: RevTeX, 4 postscript figures, 9 pages, submitted to Physical Review
Quantum Key Distribution Using Quantum Faraday Rotators
We propose a new quantum key distribution (QKD) protocol based on the fully
quantum mechanical states of the Faraday rotators. The protocol is
unconditionally secure against collective attacks for multi-photon source up to
two photons on a noisy environment. It is also robust against impersonation
attacks. The protocol may be implemented experimentally with the current
spintronics technology on semiconductors.Comment: 7 pages, 7 EPS figure
Security of quantum bit string commitment depends on the information measure
Unconditionally secure non-relativistic bit commitment is known to be
impossible in both the classical and the quantum world. However, when
committing to a string of n bits at once, how far can we stretch the quantum
limits? In this letter, we introduce a framework of quantum schemes where Alice
commits a string of n bits to Bob, in such a way that she can only cheat on a
bits and Bob can learn at most b bits of information before the reveal phase.
Our results are two-fold: we show by an explicit construction that in the
traditional approach, where the reveal and guess probabilities form the
security criteria, no good schemes can exist: a+b is at least n. If, however,
we use a more liberal criterion of security, the accessible information, we
construct schemes where a=4 log n+O(1) and b=4, which is impossible
classically. Our findings significantly extend known no-go results for quantum
bit commitment.Comment: To appear in PRL. Short version of quant-ph/0504078, long version to
appear separately. Improved security definition and result, one new lemma
that may be of independent interest. v2: added funding reference, no other
change
Unconditional security at a low cost
By simulating four quantum key distribution (QKD) experiments and analyzing
one decoy-state QKD experiment, we compare two data post-processing schemes
based on security against individual attack by L\"{u}tkenhaus, and
unconditional security analysis by Gottesman-Lo-L\"{u}tkenhaus-Preskill. Our
results show that these two schemes yield close performances. Since the Holy
Grail of QKD is its unconditional security, we conclude that one is better off
considering unconditional security, rather than restricting to individual
attacks.Comment: Accepted by International Conference on Quantum Foundation and
Technology: Frontier and Future 2006 (ICQFT'06
- …