Can Quantum Key Distribution Be Secure

The importance of quantum key distribution as a cryptographic method depends upon its purported strong security guarantee. The following gives reasons on why such strong security guarantee has not been validly established and why good QKD security is difficult to obtain.Comment: This new version is a rewriting of the last v1 for a broader group of readers. It also contains a new specific counter-example not in v

Quantum Bit Commitment with a Composite Evidence

Entanglement-based attacks, which are subtle and powerful, are usually believed to render quantum bit commitment insecure. We point out that the no-go argument leading to this view implicitly assumes the evidence-of-commitment to be a monolithic quantum system. We argue that more general evidence structures, allowing for a composite, hybrid (classical-quantum) evidence, conduce to improved security. In particular, we present and prove the security of the following protocol: Bob sends Alice an anonymous state. She inscribes her commitment $b$ by measuring part of it in the + (for $b = 0$) or $\times$ (for $b=1$) basis. She then communicates to him the (classical) measurement outcome $R_x$ and the part-measured anonymous state interpolated into other, randomly prepared qubits as her evidence-of-commitment.Comment: 6 pages, minor changes, journal reference adde