Possibility, Impossibility and Cheat-Sensitivity of Quantum Bit String Commitment

Unconditionally secure non-relativistic bit commitment is known to be impossible in both the classical and the quantum worlds. But when committing to a string of n bits at once, how far can we stretch the quantum limits? In this paper, we introduce a framework for quantum schemes where Alice commits a string of n bits to Bob in such a way that she can only cheat on a bits and Bob can learn at most b bits of information before the reveal phase. Our results are two-fold: we show by an explicit construction that in the traditional approach, where the reveal and guess probabilities form the security criteria, no good schemes can exist: a+b is at least n. If, however, we use a more liberal criterion of security, the accessible information, we construct schemes where a=4log n+O(1) and b=4, which is impossible classically. We furthermore present a cheat-sensitive quantum bit string commitment protocol for which we give an explicit tradeoff between Bob's ability to gain information about the committed string, and the probability of him being detected cheating.Comment: 10 pages, RevTex, 2 figure. v2: title change, cheat-sensitivity adde

High rate, long-distance quantum key distribution over 250km of ultra low loss fibres

We present a fully automated quantum key distribution prototype running at 625 MHz clock rate. Taking advantage of ultra low loss fibres and low-noise superconducting detectors, we can distribute 6,000 secret bits per second over 100 km and 15 bits per second over 250km

Composability in quantum cryptography

In this article, we review several aspects of composability in the context of quantum cryptography. The first part is devoted to key distribution. We discuss the security criteria that a quantum key distribution protocol must fulfill to allow its safe use within a larger security application (e.g., for secure message transmission). To illustrate the practical use of composability, we show how to generate a continuous key stream by sequentially composing rounds of a quantum key distribution protocol. In a second part, we take a more general point of view, which is necessary for the study of cryptographic situations involving, for example, mutually distrustful parties. We explain the universal composability framework and state the composition theorem which guarantees that secure protocols can securely be composed to larger applicationsComment: 18 pages, 2 figure

Reexamination of Quantum Bit Commitment: the Possible and the Impossible

Bit commitment protocols whose security is based on the laws of quantum mechanics alone are generally held to be impossible. In this paper we give a strengthened and explicit proof of this result. We extend its scope to a much larger variety of protocols, which may have an arbitrary number of rounds, in which both classical and quantum information is exchanged, and which may include aborts and resets. Moreover, we do not consider the receiver to be bound to a fixed "honest" strategy, so that "anonymous state protocols", which were recently suggested as a possible way to beat the known no-go results are also covered. We show that any concealing protocol allows the sender to find a cheating strategy, which is universal in the sense that it works against any strategy of the receiver. Moreover, if the concealing property holds only approximately, the cheat goes undetected with a high probability, which we explicitly estimate. The proof uses an explicit formalization of general two party protocols, which is applicable to more general situations, and a new estimate about the continuity of the Stinespring dilation of a general quantum channel. The result also provides a natural characterization of protocols that fall outside the standard setting of unlimited available technology, and thus may allow secure bit commitment. We present a new such protocol whose security, perhaps surprisingly, relies on decoherence in the receiver's lab.Comment: v1: 26 pages, 4 eps figures. v2: 31 pages, 5 eps figures; replaced with published version; title changed to comply with puzzling Phys. Rev. regulations; impossibility proof extended to protocols with infinitely many rounds or a continuous communication tree; security proof of decoherence monster protocol expanded; presentation clarifie

Quantum key distribution based on orthogonal states allows secure quantum bit commitment

For more than a decade, it was believed that unconditionally secure quantum bit commitment (QBC) is impossible. But basing on a previously proposed quantum key distribution scheme using orthogonal states, here we build a QBC protocol in which the density matrices of the quantum states encoding the commitment do not satisfy a crucial condition on which the no-go proofs of QBC are based. Thus the no-go proofs could be evaded. Our protocol is fault-tolerant and very feasible with currently available technology. It reopens the venue for other "post-cold-war" multi-party cryptographic protocols, e.g., quantum bit string commitment and quantum strong coin tossing with an arbitrarily small bias. This result also has a strong influence on the Clifton-Bub-Halvorson theorem which suggests that quantum theory could be characterized in terms of information-theoretic constraints.Comment: Published version plus an appendix showing how to defeat the counterfactual attack, more references [76,77,90,118-120] cited, and other minor change

Perfectly concealing quantum bit commitment from any quantum one-way permutation

Abstract. We show that although unconditionally secure quantum bit commitment is impossible, it can be based upon any family of quantum one-way permutations. The resulting scheme is unconditionally concealing and computationally binding. Unlike the classical reduction of Naor, Ostrovski, Ventkatesen and Young, our protocol is non-interactive and has communication complexity O(n) qubits for n a security parameter.