Coin Tossing is Strictly Weaker Than Bit Commitment

We define cryptographic assumptions applicable to two mistrustful parties who each control two or more separate secure sites between which special relativity guarantees a time lapse in communication. We show that, under these assumptions, unconditionally secure coin tossing can be carried out by exchanges of classical information. We show also, following Mayers, Lo and Chau, that unconditionally secure bit commitment cannot be carried out by finitely many exchanges of classical or quantum information. Finally we show that, under standard cryptographic assumptions, coin tossing is strictly weaker than bit commitment. That is, no secure classical or quantum bit commitment protocol can be built from a finite number of invocations of a secure coin tossing black box together with finitely many additional information exchanges.Comment: Final version; to appear in Phys. Rev. Let

Effects of detector efficiency mismatch on security of quantum cryptosystems

We suggest a type of attack on quantum cryptosystems that exploits variations in detector efficiency as a function of a control parameter accessible to an eavesdropper. With gated single-photon detectors, this control parameter can be the timing of the incoming pulse. When the eavesdropper sends short pulses using the appropriate timing so that the two gated detectors in Bob's setup have different efficiencies, the security of quantum key distribution can be compromised. Specifically, we show for the Bennett-Brassard 1984 (BB84) protocol that if the efficiency mismatch between 0 and 1 detectors for some value of the control parameter gets large enough (roughly 15:1 or larger), Eve can construct a successful faked-states attack causing a quantum bit error rate lower than 11%. We also derive a general security bound as a function of the detector sensitivity mismatch for the BB84 protocol. Experimental data for two different detectors are presented, and protection measures against this attack are discussed.Comment: v3: identical to the journal version. However, after publication we have discovered that Eq. 11 is incorrect: the available bit rate after privacy amplification is reduced even in the case (QBER)=0 [see Quant. Inf. Comp. 7, 73 (2007)

Unconditionally Secure Key Distribution Based on Two Nonorthogonal States

We prove the unconditional security of the Bennett 1992 protocol, by using a reduction to an entanglement distillation protocol initiated by a local filtering process. The bit errors and the phase errors are correlated after the filtering, and we can bound the amount of phase errors from the observed bit errors by an estimation method involving nonorthogonal measurements. The angle between the two states shows a trade-off between accuracy of the estimation and robustness to noises.Comment: 5 pages, 1 figur

Deuteron Momentum Distribution in KD2HPO4

The momentum distribution in KD2PO4(DKDP) has been measured using neutron Compton scattering above and below the weakly first order paraelectric-ferroelectric phase transition(T=229K). There is very litte difference between the two distributions, and no sign of the coherence over two locations for the proton observed in the paraelectric phase, as in KH2PO4(KDP). We conclude that the tunnel splitting must be much less than 20mev. The width of the distribution indicates that the effective potential for DKDP is significantly softer than that for KDP. As electronic structure calculations indicate that the stiffness of the potential increases with the size of the coherent region locally undergoing soft mode fluctuations, we conclude that there is a mass dependent quantum coherence length in both systems.Comment: 6 pages 5 figure

Security Trade-offs in Ancilla-Free Quantum Bit Commitment in the Presence of Superselection Rules

Security trade-offs have been established for one-way bit commitment in quant-ph/0106019. We study this trade-off in two superselection settings. We show that for an `abelian' superselection rule (exemplified by particle conservation) the standard trade-off between sealing and binding properties still holds. For the non-abelian case (exemplified by angular momentum conservation) the security trade-off can be more subtle, which we illustrate by showing that if the bit-commitment is forced to be ancilla-free an asymptotically secure quantum bit commitment is possible.Comment: 7 pages Latex; v2 has 8 pages and additional references and clarifications, this paper is to appear in the New Journal of Physic

Optimal Bell tests do not require maximally entangled states

Any Bell test consists of a sequence of measurements on a quantum state in space-like separated regions. Thus, a state is better than others for a Bell test when, for the optimal measurements and the same number of trials, the probability of existence of a local model for the observed outcomes is smaller. The maximization over states and measurements defines the optimal nonlocality proof. Numerical results show that the required optimal state does not have to be maximally entangled.Comment: 1 figure, REVTEX

Quantum key distribution with 2-bit quantum codes

We propose a prepare-and-measure scheme for quantum key distribution with 2-bit quantum codes. The protocol is unconditionally secure under whatever type of intercept-and-resend attack. Given the symmetric and independent errors to the transmitted qubits, our scheme can tolerate a bit error rate up to 26% in 4-state protocol and 30% in 6-state protocol, respectively. These values are higher than all currently known threshold values for prepare-and-measure protocols. A specific realization with linear optics is given.Comment: Approved for publication in Physical Review Letter

General theory for decoy-state quantum key distribution with arbitrary number of intensities

We develop a general theory for quantum key distribution (QKD) in both the forward error correction and the reverse error correction cases when the QKD system is equipped with phase-randomized coherent light with arbitrary number of decoy intensities. For this purpose, generalizing Wang's expansion, we derive a convex expansion of the phase-randomized coherent state. We also numerically check that the asymptotic key generation rates are almost saturated when the number of decoy intensities is three.Comment: This manuscript has been revised extensivel

Unconditionally Secure Bit Commitment

We describe a new classical bit commitment protocol based on cryptographic constraints imposed by special relativity. The protocol is unconditionally secure against classical or quantum attacks. It evades the no-go results of Mayers, Lo and Chau by requiring from Alice a sequence of communications, including a post-revelation verification, each of which is guaranteed to be independent of its predecessor.Comment: Typos corrected. Reference details added. To appear in Phys. Rev. Let