Unconditionally secure quantum bit commitment is impossible

The claim of quantum cryptography has always been that it can provide protocols that are unconditionally secure, that is, for which the security does not depend on any restriction on the time, space or technology available to the cheaters. We show that this claim does not hold for any quantum bit commitment protocol. Since many cryptographic tasks use bit commitment as a basic primitive, this result implies a severe setback for quantum cryptography. The model used encompasses all reasonable implementations of quantum bit commitment protocols in which the participants have not met before, including those that make use of the theory of special relativity.Comment: 4 pages, revtex. Journal version replacing the version published in the proceedings of PhysComp96. This is a significantly improved version which emphasis the generality of the resul

Is Quantum Bit Commitment Really Possible?

We show that all proposed quantum bit commitment schemes are insecure because the sender, Alice, can almost always cheat successfully by using an Einstein-Podolsky-Rosen type of attack and delaying her measurement until she opens her commitment.Comment: Major revisions to include a more extensive introduction and an example of bit commitment. Overlap with independent work by Mayers acknowledged. More recent works by Mayers, by Lo and Chau and by Lo are also noted. Accepted for publication in Phys. Rev. Let

Secure two-party quantum evaluation of unitaries against specious adversaries

We describe how any two-party quantum computation, specified by a unitary which simultaneously acts on the registers of both parties, can be privately implemented against a quantum version of classical semi-honest adversaries that we call specious. Our construction requires two ideal functionalities to garantee privacy: a private SWAP between registers held by the two parties and a classical private AND-box equivalent to oblivious transfer. If the unitary to be evaluated is in the Clifford group then only one call to SWAP is required for privacy. On the other hand, any unitary not in the Clifford requires one call to an AND-box per R-gate in the circuit. Since SWAP is itself in the Clifford group, this functionality is universal for the private evaluation of any unitary in that group. SWAP can be built from a classical bit commitment scheme or an AND-box but an AND-box cannot be constructed from SWAP. It follows that unitaries in the Clifford group are to some extent the easy ones. We also show that SWAP cannot be implemented privately in the bare model

Experimental quantum tossing of a single coin

The cryptographic protocol of coin tossing consists of two parties, Alice and Bob, that do not trust each other, but want to generate a random bit. If the parties use a classical communication channel and have unlimited computational resources, one of them can always cheat perfectly. Here we analyze in detail how the performance of a quantum coin tossing experiment should be compared to classical protocols, taking into account the inevitable experimental imperfections. We then report an all-optical fiber experiment in which a single coin is tossed whose randomness is higher than achievable by any classical protocol and present some easily realisable cheating strategies by Alice and Bob.Comment: 13 page

Universal teleportation with a twist

We give a transfer theorem for teleportation based on twisting the entanglement measurement. This allows one to say what local unitary operation must be performed to complete the teleportation in any situation, generalizing the scheme to include overcomplete measurements, non-abelian groups of local unitary operations (e.g., angular momentum teleportation), and the effect of non-maximally entangled resources.Comment: 4 pages, 1 figur

Relativistic quantum coin tossing

A relativistic quantum information exchange protocol is proposed allowing two distant users to realize ``coin tossing'' procedure. The protocol is based on the point that in relativistic quantum theory reliable distinguishing between the two orthogonal states generally requires a finite time depending on the structure of these states.Comment: 6 pages, no figure

11 beta-hydroxysteroid dehydrogenase type 1 regulates glucocorticoid-induced insulin resistance in skeletal muscle

OBJECTIVE: Glucocorticoid excess is characterized by increased adiposity, skeletal myopathy, and insulin resistance, but the precise molecular mechanisms are unknown. Within skeletal muscle, 11beta-hydroxysteroid dehydrogenase type 1 (11beta-HSD1) converts cortisone (11-dehydrocorticosterone in rodents) to active cortisol (corticosterone in rodents). We aimed to determine the mechanisms underpinning glucocorticoid-induced insulin resistance in skeletal muscle and indentify how 11beta-HSD1 inhibitors improve insulin sensitivity. \ud RESEARCH DESIGN AND METHODS: Rodent and human cell cultures, whole-tissue explants, and animal models were used to determine the impact of glucocorticoids and selective 11beta-HSD1 inhibition upon insulin signaling and action. \ud RESULTS: Dexamethasone decreased insulin-stimulated glucose uptake, decreased IRS1 mRNA and protein expression, and increased inactivating pSer$^{307}$ insulin receptor substrate (IRS)-1. 11beta-HSD1 activity and expression were observed in human and rodent myotubes and muscle explants. Activity was predominantly oxo-reductase, generating active glucocorticoid. A1 (selective 11beta-HSD1 inhibitor) abolished enzyme activity and blocked the increase in pSer$^{307}$ IRS1 and reduction in total IRS1 protein after treatment with 11DHC but not corticosterone. In C57Bl6/J mice, the selective 11beta-HSD1 inhibitor, A2, decreased fasting blood glucose levels and improved insulin sensitivity. In KK mice treated with A2, skeletal muscle pSer$^{307}$ IRS1 decreased and pThr$^{308}$ Akt/PKB increased. In addition, A2 decreased both lipogenic and lipolytic gene expression.\ud CONCLUSIONS: Prereceptor facilitation of glucocorticoid action via 11beta-HSD1 increases pSer$^{307}$ IRS1 and may be crucial in mediating insulin resistance in skeletal muscle. Selective 11beta-HSD1 inhibition decreases pSer$^{307}$ IRS1, increases pThr$^{308}$ Akt/PKB, and decreases lipogenic and lipolytic gene expression that may represent an important mechanism underpinning their insulin-sensitizing action

Insecurity of Quantum Secure Computations

It had been widely claimed that quantum mechanics can protect private information during public decision in for example the so-called two-party secure computation. If this were the case, quantum smart-cards could prevent fake teller machines from learning the PIN (Personal Identification Number) from the customers' input. Although such optimism has been challenged by the recent surprising discovery of the insecurity of the so-called quantum bit commitment, the security of quantum two-party computation itself remains unaddressed. Here I answer this question directly by showing that all ``one-sided'' two-party computations (which allow only one of the two parties to learn the result) are necessarily insecure. As corollaries to my results, quantum one-way oblivious password identification and the so-called quantum one-out-of-two oblivious transfer are impossible. I also construct a class of functions that cannot be computed securely in any ``two-sided'' two-party computation. Nevertheless, quantum cryptography remains useful in key distribution and can still provide partial security in ``quantum money'' proposed by Wiesner.Comment: The discussion on the insecurity of even non-ideal protocols has been greatly extended. Other technical points are also clarified. Version accepted for publication in Phys. Rev.

Quantum key distribution with delayed privacy amplification and its application to security proof of a two-way deterministic protocol

Privacy amplification (PA) is an essential post-processing step in quantum key distribution (QKD) for removing any information an eavesdropper may have on the final secret key. In this paper, we consider delaying PA of the final key after its use in one-time pad encryption and prove its security. We prove that the security and the key generation rate are not affected by delaying PA. Delaying PA has two applications: it serves as a tool for significantly simplifying the security proof of QKD with a two-way quantum channel, and also it is useful in QKD networks with trusted relays. To illustrate the power of the delayed PA idea, we use it to prove the security of a qubit-based two-way deterministic QKD protocol which uses four states and four encoding operations.Comment: 11 pages, 3 figure