Reexamination of Quantum Bit Commitment: the Possible and the Impossible

Bit commitment protocols whose security is based on the laws of quantum mechanics alone are generally held to be impossible. In this paper we give a strengthened and explicit proof of this result. We extend its scope to a much larger variety of protocols, which may have an arbitrary number of rounds, in which both classical and quantum information is exchanged, and which may include aborts and resets. Moreover, we do not consider the receiver to be bound to a fixed "honest" strategy, so that "anonymous state protocols", which were recently suggested as a possible way to beat the known no-go results are also covered. We show that any concealing protocol allows the sender to find a cheating strategy, which is universal in the sense that it works against any strategy of the receiver. Moreover, if the concealing property holds only approximately, the cheat goes undetected with a high probability, which we explicitly estimate. The proof uses an explicit formalization of general two party protocols, which is applicable to more general situations, and a new estimate about the continuity of the Stinespring dilation of a general quantum channel. The result also provides a natural characterization of protocols that fall outside the standard setting of unlimited available technology, and thus may allow secure bit commitment. We present a new such protocol whose security, perhaps surprisingly, relies on decoherence in the receiver's lab.Comment: v1: 26 pages, 4 eps figures. v2: 31 pages, 5 eps figures; replaced with published version; title changed to comply with puzzling Phys. Rev. regulations; impossibility proof extended to protocols with infinitely many rounds or a continuous communication tree; security proof of decoherence monster protocol expanded; presentation clarifie

Is Quantum Bit Commitment Really Possible?

We show that all proposed quantum bit commitment schemes are insecure because the sender, Alice, can almost always cheat successfully by using an Einstein-Podolsky-Rosen type of attack and delaying her measurement until she opens her commitment.Comment: Major revisions to include a more extensive introduction and an example of bit commitment. Overlap with independent work by Mayers acknowledged. More recent works by Mayers, by Lo and Chau and by Lo are also noted. Accepted for publication in Phys. Rev. Let

Possibility, Impossibility and Cheat-Sensitivity of Quantum Bit String Commitment

Unconditionally secure non-relativistic bit commitment is known to be impossible in both the classical and the quantum worlds. But when committing to a string of n bits at once, how far can we stretch the quantum limits? In this paper, we introduce a framework for quantum schemes where Alice commits a string of n bits to Bob in such a way that she can only cheat on a bits and Bob can learn at most b bits of information before the reveal phase. Our results are two-fold: we show by an explicit construction that in the traditional approach, where the reveal and guess probabilities form the security criteria, no good schemes can exist: a+b is at least n. If, however, we use a more liberal criterion of security, the accessible information, we construct schemes where a=4log n+O(1) and b=4, which is impossible classically. We furthermore present a cheat-sensitive quantum bit string commitment protocol for which we give an explicit tradeoff between Bob's ability to gain information about the committed string, and the probability of him being detected cheating.Comment: 10 pages, RevTex, 2 figure. v2: title change, cheat-sensitivity adde

Unconditionally secure quantum bit commitment is impossible

The claim of quantum cryptography has always been that it can provide protocols that are unconditionally secure, that is, for which the security does not depend on any restriction on the time, space or technology available to the cheaters. We show that this claim does not hold for any quantum bit commitment protocol. Since many cryptographic tasks use bit commitment as a basic primitive, this result implies a severe setback for quantum cryptography. The model used encompasses all reasonable implementations of quantum bit commitment protocols in which the participants have not met before, including those that make use of the theory of special relativity.Comment: 4 pages, revtex. Journal version replacing the version published in the proceedings of PhysComp96. This is a significantly improved version which emphasis the generality of the resul

Insecurity of Quantum Secure Computations

It had been widely claimed that quantum mechanics can protect private information during public decision in for example the so-called two-party secure computation. If this were the case, quantum smart-cards could prevent fake teller machines from learning the PIN (Personal Identification Number) from the customers' input. Although such optimism has been challenged by the recent surprising discovery of the insecurity of the so-called quantum bit commitment, the security of quantum two-party computation itself remains unaddressed. Here I answer this question directly by showing that all ``one-sided'' two-party computations (which allow only one of the two parties to learn the result) are necessarily insecure. As corollaries to my results, quantum one-way oblivious password identification and the so-called quantum one-out-of-two oblivious transfer are impossible. I also construct a class of functions that cannot be computed securely in any ``two-sided'' two-party computation. Nevertheless, quantum cryptography remains useful in key distribution and can still provide partial security in ``quantum money'' proposed by Wiesner.Comment: The discussion on the insecurity of even non-ideal protocols has been greatly extended. Other technical points are also clarified. Version accepted for publication in Phys. Rev.

Quantum key distribution based on orthogonal states allows secure quantum bit commitment

For more than a decade, it was believed that unconditionally secure quantum bit commitment (QBC) is impossible. But basing on a previously proposed quantum key distribution scheme using orthogonal states, here we build a QBC protocol in which the density matrices of the quantum states encoding the commitment do not satisfy a crucial condition on which the no-go proofs of QBC are based. Thus the no-go proofs could be evaded. Our protocol is fault-tolerant and very feasible with currently available technology. It reopens the venue for other "post-cold-war" multi-party cryptographic protocols, e.g., quantum bit string commitment and quantum strong coin tossing with an arbitrarily small bias. This result also has a strong influence on the Clifton-Bub-Halvorson theorem which suggests that quantum theory could be characterized in terms of information-theoretic constraints.Comment: Published version plus an appendix showing how to defeat the counterfactual attack, more references [76,77,90,118-120] cited, and other minor change

The Security of Practical Quantum Key Distribution

Quantum key distribution (QKD) is the first quantum information task to reach the level of mature technology, already fit for commercialization. It aims at the creation of a secret key between authorized partners connected by a quantum channel and a classical authenticated channel. The security of the key can in principle be guaranteed without putting any restriction on the eavesdropper's power. The first two sections provide a concise up-to-date review of QKD, biased toward the practical side. The rest of the paper presents the essential theoretical tools that have been developed to assess the security of the main experimental platforms (discrete variables, continuous variables and distributed-phase-reference protocols).Comment: Identical to the published version, up to cosmetic editorial change

Towards IASI-New Generation (IASI-NG): impact of improved spectral resolution and radiometric noise on the retrieval of thermodynamic, chemistry and climate variables

Besides their strong contribution to weather forecast improvement through data assimilation, thermal infrared sounders onboard polar-orbiting platforms are now playing a key role for monitoring atmospheric composition changes. The Infrared Atmospheric Sounding Interferometer (IASI) instrument developed by the French space agency (CNES) and launched by Eumetsat onboard the Metop satellite series is providing essential inputs for weather forecasting and pollution/climate monitoring owing to its smart combination of large horizontal swath, good spectral resolution and high radiometric performance. EUMETSAT is currently preparing the next polar-orbiting program (EPS-SG) with the Metop-SG satellite series that should be launched around 2020. In this framework, CNES is studying the concept of a new instrument, the IASI-New Generation (IASI-NG), characterized by an improvement of both spectral and radiometric characteristics as compared to IASI, with three objectives: (i) continuity of the IASI/Metop series; (ii) improvement of vertical resolution; (iii) improvement of the accuracy and detection threshold for atmospheric and surface components. In this paper, we show that an improvement of spectral resolution and radiometric noise fulfill these objectives by leading to (i) a better vertical coverage in the lower part of the troposphere, thanks to the increase in spectral resolution; (ii) an increase in the accuracy of the retrieval of several thermodynamic, climate and chemistry variables, thanks to the improved signal-to-noise ratio as well as less interferences between the signatures of the absorbing species in the measured radiances. The detection limit of several atmospheric species is also improved. We conclude that IASI-NG has the potential for strongly benefiting the numerical weather prediction, chemistry and climate communities now connected through the European GMES/Copernicus initiative

The Benefits Conferred by Radial Access for Cardiac Catheterization Are Offset by a Paradoxical Increase in the Rate of Vascular Access Site Complications With Femoral Access The Campeau Radial Paradox

AbstractObjectivesThe purpose of this study was to assess whether the benefits conferred by radial access (RA) at an individual level are offset by a proportionally greater incidence of vascular access site complications (VASC) at a population level when femoral access (FA) is performed.BackgroundThe recent widespread adoption of RA for cardiac catheterization has been associated with increased rates of VASCs when FA is attempted.MethodsLogistic regression was used to calculate the adjusted VASC rate in a contemporary cohort of consecutive patients (2006 to 2008) where both RA and FA were used, and compared it with the adjusted VASC rate observed in a historical control cohort (1996 to 1998) where only FA was used. We calculated the adjusted attributable risk to estimate the proportion of VASC attributable to the introduction of RA in FA patients of the contemporary cohort.ResultsA total of 17,059 patients were included. At a population level, the VASC rate was higher in the overall contemporary cohort compared with the historical cohort (adjusted rates: 2.91% vs. 1.98%; odds ratio [OR]: 1.48, 95% confidence interval [CI]: 1.17 to 1.89; p = 0.001). In the contemporary cohort, RA patients experienced fewer VASC than FA patients (adjusted rates: 1.44% vs. 4.19%; OR: 0.33, 95% CI: 0.23 to 0.48; p < 0.001). We observed a higher VASC rate in FA patients in the contemporary cohort compared with the historical cohort (adjusted rates: 4.19% vs. 1.98%; OR: 2.16, 95% CI: 1.67 to 2.81; p < 0.001). This finding was consistent for both diagnostic and therapeutic catheterizations separately. The proportion of VASCs attributable to RA in the contemporary FA patients was estimated at 52.7%.ConclusionsIn a contemporary population where both RA and FA were used, the safety benefit associated with RA is offset by a paradoxical increase in VASCs among FA patients. The existence of this radial paradox should be taken into consideration, especially among trainees and default radial operators

Quantum Tasks in Minkowski Space

The fundamental properties of quantum information and its applications to computing and cryptography have been greatly illuminated by considering information-theoretic tasks that are provably possible or impossible within non-relativistic quantum mechanics. I describe here a general framework for defining tasks within (special) relativistic quantum theory and illustrate it with examples from relativistic quantum cryptography and relativistic distributed quantum computation. The framework gives a unified description of all tasks previously considered and also defines a large class of new questions about the properties of quantum information in relation to Minkowski causality. It offers a way of exploring interesting new fundamental tasks and applications, and also highlights the scope for a more systematic understanding of the fundamental information-theoretic properties of relativistic quantum theory