André Chailloux

Optimal Quantum Strong Coin Flipping

Coin flipping is a fundamental cryptographic primitive that enables two distrustful and far apart parties to create a uniformly random bit. Quantum information allows for protocols in the information theoretic setting where no dishonest party can perfectly cheat. The previously best-known quantum protocol by Ambain is achieved a cheating probability of at most 3/4. On the other hand, Kitaev showed that no quantum protocol can have cheating probability less than 1/sqrt{2}. Closing this gap has been one of the important open questions in quantum cryptography. In this paper, we resolve this question by presenting a quantum strong coin flipping protocol with cheating probability arbitrarily close to 1/sqrt{2}.More precisely, we show how to use any weak coin flipping protocol with cheating probability 1/2+epsilon in order to achieve a strong coin flipping protocol with cheating probability 1/sqrt{2}+O(epsilon). The optimal quantum strong coin flipping protocol follows from our construction and the optimal quantum weak coin flipping protocol described by Mochon.

Optimal Bounds for Quantum Bit Commitment

Bit commitment is a fundamental cryptographic primitive with numerous applications. Quantum information allows for bit commitment schemes in the information theoretic setting where no dishonest party can perfectly cheat. The previously best-known quantum protocol by Ambainis achieved a cheating probability of at most 3/4. On the other hand, Kitaev showed that no quantum protocol can have cheating probability less than 1\sqrt{2} (his lower bound on coin flipping can be easily extended to bit commitment). Closing this gap has since been an important open question. In this paper, we provide the optimal bound for quantum bit commitment. First, we show a lower bound of approximately 0.739, improving Kitaevs lower bound. For this, we present some generic cheating strategies for Alice and Bob and conclude by proving a new relation between the trace distance and fidelity of two quantum states. Second, we present an optimal quantum bit commitment protocol which has cheating probability arbitrarily close to 0.739. More precisely, we show how to use any weak coin flipping protocol with cheating probability 1/2 + \eps in order to achieve a quantum bit commitment protocol with cheating probability 0.739 + O(\eps). We then use the optimal quantum weak coin flipping protocol described by Mochon. Last, in order to stress the fact that our protocol uses quantum effects beyond the weak coin flip, we show that any classical bit commitment protocol with access to perfect weak (or strong) coin flipping has cheating probability at least 3/4.

Fully Distrustful Quantum Bit Commitment and Coin Flipping

J. Silman, A. Chailloux, N. Aharon, I. Kerenidis, 5 S. Pironio, and S. Massar Laboratoire d’Information Quantique, Université Libre de Bruxelles, 1050 Bruxelles, Belgium LIAFA, Univ. Paris 7, F-75205 Paris, France; and Univ. Paris-Sud, 91405 Orsay, France School of Physics and Astronomy, Tel-Aviv University, Tel-Aviv 69978, Israel LIAFA, Univ. Paris 7 CNRS; F-75205 Paris, France Centre for Quantum Technologies, National University of Singapore, Singapore 117543

Multipartite entanglement verification resistant against dishonest parties.

Future quantum information networks will consist of quantum and classical agents, who have the ability to communicate in a variety of ways with trusted and untrusted parties and securely delegate computational tasks to untrusted large-scale quantum computing servers. Multipartite quantum entanglement is a fundamental resource for such a network and, hence, it is imperative to study the possibility of verifying a multipartite entanglement source in a way that is efficient and provides strong guarantees even in the presence of multiple dishonest parties. In this Letter, we show how an agent of a quantum network can perform a distributed verification of a source creating multipartite Greenberger-Horne-Zeilinger (GHZ) states with minimal resources, which is, nevertheless, resistant against any number of dishonest parties. Moreover, we provide a tight tradeoff between the level of security and the distance between the state produced by the source and the ideal GHZ state. Last, by adding the resource of a trusted common random source, we can further provide security guarantees for all honest parties in the quantum network simultaneously.

Experimental plug and play quantum coin flipping

Performing complex cryptographic tasks will be an essential element in future quantum communication networks. These tasks are based on a handful of fundamental primitives, such as coin flipping, where two distrustful parties wish to agree on a randomly generated bit. Although it is known that quantum versions of these primitives can offer information-theoretic security advantages with respect to classical protocols, a demonstration of such an advantage in a practical communication scenario has remained elusive. Here we experimentally implement a quantum coin flipping protocol that performs strictly better than classically possible over a distance suitable for communication over metropolitan area optical networks. The implementation is based on a practical plug and play system, developed by significantly enhancing a commercial quantum key distribution device. Moreover, we provide combined quantum coin flipping protocols that are almost perfectly secure against bounded adversaries. Our results offer a useful toolbox for future secure quantum communications.

Practical Quantum Coin Flipping

We show that in the unconditional security model, a single quantum strong coin flip with security guarantees that are strictly better than in any classical protocol is possible to implement with current technology. Our protocol takes into account all aspects of an experimental implementation, including losses, multiphoton pulses emitted by practical photon sources, channel noise, detector dark counts, and finite quantum efficiency. We calculate the abort probability when both players are honest, as well as the probability of one player forcing his desired outcome. For a channel length up to 21 km and commonly used parameter values, we can achieve honest abort and cheating probabilities that are better than in any classical protocol. Our protocol is, in principle, implementable using attenuated laser pulses, with no need for entangled photons or any other specific resources.

A simpler proof of existence of quantum weak coin flipping with arbitrarily small bias

Mochons proof [Moc07] of existence of quantum weak coin flipping with arbitrarily small bias is a fundamental result in quantum cryptography, but at the same time one of the least understood. Though used several times as a black box in important follow-up results [Gan09, CK09, AS10, CK11, KZ13] the result has not been peer-reviewed, its novel techniques (and in particular Kitaevs point game formalism) have not been applied anywhere else, and an explicit protocol is missing. We believe that truly understanding the existence proof and the novel techniques it relies on would constitute a major step in quantum information theory, leading to deeper understanding of entanglement and of quantum protocols in general. In this work, we make a first step in this direction. We simplify parts of Mochons construction considerably, making about 20 pages of analysis in the original proof superfluous, clarifying some other parts of the proof on the way, and presenting the proof in a way which is conceptually easier to grasp. We believe the resulting proof of existence is easier to understand, more readable, and certainly verifiable.

Quantum commitments from complexity assumptions

We study worst-case complexity assumptions that imply quantum bit-commitment schemes. First we show that QSZK ⊈ QMA implies a computationally hiding and statistically binding auxiliary-input quantum commitment scheme. We then extend our result to show that the much weaker assumption QIP ⊈ QMA (which is weaker than PSPACE ⊈ PP) implies the existence of auxiliary-input commitment schemes with quantum advice. Finally, to strengthen the plausibility of the separation QSZK ⊈ QMA we find a quantum oracle relative to which honest-verifier QSZK is not contained in QCMA.

Strong connections between quantum encodings, non-locality and quantum cryptography

Encoding information in quantum systems can offer surprising advantages but at the same time there are limitations that arise from the fact that measuring an observable may disturb the state of the quantum system. In our work, we provide an in-depth analysis of a simple question: What hap-pens when we perform two measurements sequentially on the same quantum system? This question touches upon some fundamental properties of quantum mechanics, namely the uncertainty principle and the complementarity of quantum measurements. Our results have interesting consequences, for example they can provide a simple proof of the optimal quantum strategy in the famous Clauser-Horne-Shimony-Holt game. Moreover, we show that the way information is encoded in quantum systems can provide a different perspective in understanding other fundamental aspects of quan-tum information, like non-locality and quantum cryptography. We prove some strong equivalences between these notions and provide a number of applications in all areas. Quantum information studies how information is en-coded in quantum systems and how it can be observed through measurements. On one hand, the exponential number of amplitudes that describe the state of a quan-tum system can be used in order to encode a vast amount of classical information into the state of a quantum sys-tem. Hence, we can use quantum information to resolve many distributed tasks much more efficiently than with classical information [1–3]. On the other hand, quantum information does not always offer advantages, since ev-ery time an observer measures a quantum system its state may collapse and information may become irretrievable. For example, Holevos theorem [4], asserts that one quan-tum bit can be used to transmit only one bit of classical information and no more. The intricate interplay between encoding information in quantum systems and measurement interference is at the heart of some fundamental results in quantum infor-mation, from Bell inequalities [5] to quantum key distri-bution [6]. Our goal is to deepen our understanding of the connections between quantum encodings, non-locality, and quantum cryptography and provide new insight on the power and limitations of quantum information, by looking at it through these various lenses. This paper links three seemingly unrelated concepts in quantum information (encodings, non-local games, and cryptographic primitives) via properties of sequen-tial non-commuting measurements. The technical part of this paper examines quantum encodings and bounds the success of sequentially measuring an encoding of two bits (or strings) to learn their XOR. We then show how these bounds can be used to study not only encodings, but non-local games and cryptographic tasks as well. The conceptual part of this paper discusses how the applica-tions we consider are all equivalent in some sense. When viewing each as extracting information from a quantum encoding, we are able to preserve the three notions: (1) hiding the XOR in the encoding, (2) providing perfect security in the cryptographic task, and (3) satisfying the non-signaling principle in the non-local game. In addition to providing philosophical insights towards each of these quantum tasks, we combine the technical and conceptual tools in this paper to give applications in all areas.

Lower bounds for Quantum Oblivious Transfer

Oblivious transfer is a fundamental primitive in cryptography. While perfect information theoretic security is impossible, quantum oblivious transfer protocols can limit the dishonest players cheating. Finding the optimal security parameters in such protocols is an important open question. In this paper we show that every 1-out-of-2 oblivious transfer protocol allows a dishonest party to cheat with probability bounded below by a constant strictly larger than 1/2. Alices cheating is defined as her probability of guessing Bobs index, and Bobs cheating is defined as his probability of guessing both input bits of Alice. In our proof, we relate these cheating probabilities to the cheating probabilities of a bit commitment protocol and conclude by using lower bounds on quantum bit commitment. Then, we present an oblivious transfer protocol with two messages and cheating probabilities at most 3/4. Last, we extend Kitaevs semidefinite programming formulation to more general primitives, where the security is against a dishonest player trying to force the outcome of the other player, and prove optimal lower and upper bounds for them.