Deuteron Momentum Distribution in KD2HPO4

The momentum distribution in KD2PO4(DKDP) has been measured using neutron Compton scattering above and below the weakly first order paraelectric-ferroelectric phase transition(T=229K). There is very litte difference between the two distributions, and no sign of the coherence over two locations for the proton observed in the paraelectric phase, as in KH2PO4(KDP). We conclude that the tunnel splitting must be much less than 20mev. The width of the distribution indicates that the effective potential for DKDP is significantly softer than that for KDP. As electronic structure calculations indicate that the stiffness of the potential increases with the size of the coherent region locally undergoing soft mode fluctuations, we conclude that there is a mass dependent quantum coherence length in both systems.Comment: 6 pages 5 figure

Effects of detector efficiency mismatch on security of quantum cryptosystems

We suggest a type of attack on quantum cryptosystems that exploits variations in detector efficiency as a function of a control parameter accessible to an eavesdropper. With gated single-photon detectors, this control parameter can be the timing of the incoming pulse. When the eavesdropper sends short pulses using the appropriate timing so that the two gated detectors in Bob's setup have different efficiencies, the security of quantum key distribution can be compromised. Specifically, we show for the Bennett-Brassard 1984 (BB84) protocol that if the efficiency mismatch between 0 and 1 detectors for some value of the control parameter gets large enough (roughly 15:1 or larger), Eve can construct a successful faked-states attack causing a quantum bit error rate lower than 11%. We also derive a general security bound as a function of the detector sensitivity mismatch for the BB84 protocol. Experimental data for two different detectors are presented, and protection measures against this attack are discussed.Comment: v3: identical to the journal version. However, after publication we have discovered that Eq. 11 is incorrect: the available bit rate after privacy amplification is reduced even in the case (QBER)=0 [see Quant. Inf. Comp. 7, 73 (2007)

Security Trade-offs in Ancilla-Free Quantum Bit Commitment in the Presence of Superselection Rules

Security trade-offs have been established for one-way bit commitment in quant-ph/0106019. We study this trade-off in two superselection settings. We show that for an `abelian' superselection rule (exemplified by particle conservation) the standard trade-off between sealing and binding properties still holds. For the non-abelian case (exemplified by angular momentum conservation) the security trade-off can be more subtle, which we illustrate by showing that if the bit-commitment is forced to be ancilla-free an asymptotically secure quantum bit commitment is possible.Comment: 7 pages Latex; v2 has 8 pages and additional references and clarifications, this paper is to appear in the New Journal of Physic

Is Quantum Bit Commitment Really Possible?

We show that all proposed quantum bit commitment schemes are insecure because the sender, Alice, can almost always cheat successfully by using an Einstein-Podolsky-Rosen type of attack and delaying her measurement until she opens her commitment.Comment: Major revisions to include a more extensive introduction and an example of bit commitment. Overlap with independent work by Mayers acknowledged. More recent works by Mayers, by Lo and Chau and by Lo are also noted. Accepted for publication in Phys. Rev. Let

Unconditionally secure quantum bit commitment is impossible

The claim of quantum cryptography has always been that it can provide protocols that are unconditionally secure, that is, for which the security does not depend on any restriction on the time, space or technology available to the cheaters. We show that this claim does not hold for any quantum bit commitment protocol. Since many cryptographic tasks use bit commitment as a basic primitive, this result implies a severe setback for quantum cryptography. The model used encompasses all reasonable implementations of quantum bit commitment protocols in which the participants have not met before, including those that make use of the theory of special relativity.Comment: 4 pages, revtex. Journal version replacing the version published in the proceedings of PhysComp96. This is a significantly improved version which emphasis the generality of the resul

Multi-Prover Commitments Against Non-Signaling Attacks

We reconsider the concept of multi-prover commitments, as introduced in the late eighties in the seminal work by Ben-Or et al. As was recently shown by Cr\'{e}peau et al., the security of known two-prover commitment schemes not only relies on the explicit assumption that the provers cannot communicate, but also depends on their information processing capabilities. For instance, there exist schemes that are secure against classical provers but insecure if the provers have quantum information processing capabilities, and there are schemes that resist such quantum attacks but become insecure when considering general so-called non-signaling provers, which are restricted solely by the requirement that no communication takes place. This poses the natural question whether there exists a two-prover commitment scheme that is secure under the sole assumption that no communication takes place; no such scheme is known. In this work, we give strong evidence for a negative answer: we show that any single-round two-prover commitment scheme can be broken by a non-signaling attack. Our negative result is as bad as it can get: for any candidate scheme that is (almost) perfectly hiding, there exists a strategy that allows the dishonest provers to open a commitment to an arbitrary bit (almost) as successfully as the honest provers can open an honestly prepared commitment, i.e., with probability (almost) 1 in case of a perfectly sound scheme. In the case of multi-round schemes, our impossibility result is restricted to perfectly hiding schemes. On the positive side, we show that the impossibility result can be circumvented by considering three provers instead: there exists a three-prover commitment scheme that is secure against arbitrary non-signaling attacks

Quantum Kolmogorov Complexity and Quantum Key Distribution

We discuss the Bennett-Brassard 1984 (BB84) quantum key distribution protocol in the light of quantum algorithmic information. While Shannon's information theory needs a probability to define a notion of information, algorithmic information theory does not need it and can assign a notion of information to an individual object. The program length necessary to describe an object, Kolmogorov complexity, plays the most fundamental role in the theory. In the context of algorithmic information theory, we formulate a security criterion for the quantum key distribution by using the quantum Kolmogorov complexity that was recently defined by Vit\'anyi. We show that a simple BB84 protocol indeed distribute a binary sequence between Alice and Bob that looks almost random for Eve with a probability exponentially close to 1.Comment: typos correcte

Practical Quantum Bit Commitment Protocol

A quantum protocol for bit commitment the security of which is based on technological limitations on nondemolition measurements and long-term quantum memory is presented.Comment: Quantum Inf. Process. (2011