On the Power of Two-Party Quantum Cryptography

  • Louis Salvail
  • Christian Schaffner
  • Miroslava Sotáková
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5912)


We study quantum protocols among two distrustful parties. Under the sole assumption of correctness—guaranteeing that honest players obtain their correct outcomes—we show that every protocol implementing a non-trivial primitive necessarily leaks information to a dishonest player. This extends known impossibility results to all non-trivial primitives. We provide a framework for quantifying this leakage and argue that leakage is a good measure for the privacy provided to the players by a given protocol. Our framework also covers the case where the two players are helped by a trusted third party. We show that despite the help of a trusted third party, the players cannot amplify the cryptographic power of any primitive. All our results hold even against quantum honest-but-curious adversaries who honestly follow the protocol but purify their actions and apply a different measurement at the end of the protocol. As concrete examples, we establish lower bounds on the leakage of standard universal two-party primitives such as oblivious transfer.


two-party primitives quantum protocols quantum information theory oblivious transfer 


  1. 1.
    Ambainis, A.: personal communication (2005)Google Scholar
  2. 2.
    Ariano, G.M.D., Kretschmann, D., Schlingemann, D., Werner, R.F.: Reexamination of quantum bit commitment: The possible and the impossible. Physical Review A (Atomic, Molecular, and Optical Physics) 76(3), 032328 (2007)CrossRefGoogle Scholar
  3. 3.
    Barrett, J., Linden, N., Massar, S., Pironio, S., Popescu, S., Roberts, D.: Nonlocal correlations as an information-theoretic resource. Physical Review A 71, 022101 (2005)CrossRefGoogle Scholar
  4. 4.
    Bennett, C.H., Brassard, G.: Quantum cryptography: Public key distribution and coin tossing. In: Proceedings of IEEE International Conference on Computers, Systems, and Signal Processing, pp. 175–179 (1984)Google Scholar
  5. 5.
    Berta, M.: Single-shot quantum state merging. Master’s thesis, ETH Zurich (2008)Google Scholar
  6. 6.
    Buhrman, H., Christandl, M., Hayden, P., Lo, H.-K., Wehner, S.: Possibility, impossibility and cheat-sensitivity of quantum bit string commitments. Physical Review A 78, 022316 (2008)CrossRefGoogle Scholar
  7. 7.
    Buhrman, H., Christandl, M., Schaffner, C.: Impossibility of two-party secure function evaluation (in preparation, 2009)Google Scholar
  8. 8.
    Chailloux, A., Kerenidis, I.: Optimal quantum strong coin flipping (2009),
  9. 9.
    Chor, B., Kushilevitz, E.: A zero-one law for boolean privacy. SIAM J. Discrete Math. 4(1), 36–47 (1991)zbMATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    Colbeck, R.: The impossibility of secure two-party classical computation (August 2007),
  11. 11.
    Damgård, I.B., Fehr, S., Salvail, L., Schaffner, C.: Secure identification and QKD in the bounded-quantum-storage model. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 342–359. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  12. 12.
    Fehr, S., Schaffner, C.: Composing quantum protocols in a classical environment. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 350–367. Springer, Heidelberg (2009)Google Scholar
  13. 13.
    Fitzi, M., Wolf, S., Wullschleger, J.: Pseudo-signatures, broadcast, and multi-party computation from correlated randomness. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 562–579. Springer, Heidelberg (2004)Google Scholar
  14. 14.
    Holevo, A.S.: Information-theoretical aspects of quantum measurement. Problemy Peredači Informacii 9(2), 31–42 (1973)zbMATHMathSciNetGoogle Scholar
  15. 15.
    Imai, H., Müller-Quade, J., Nascimento, A., Winter, A.: Rates for bit commitment and coin tossing from noisy correlation. In: Proceedings of 2004 IEEE International Symposium on Information Theory, p. 47 (June 2004)Google Scholar
  16. 16.
    Jozsa, R., Schlienz, J.: Distinguishability of states and von neumann entropy. Phys. Rev. A 62(1), 012301 (2000)CrossRefMathSciNetGoogle Scholar
  17. 17.
    Kent, A.: Promising the impossible: Classical certification in a quantum world (2004),
  18. 18.
    Kitaev, A.: Quantum coin-flipping. presented at QIP 2003. A review of this technique can be found in (2003),
  19. 19.
    Klauck, H.: On quantum and approximate privacy. Theory of Computing Systems 37(1), 221–246 (2004);, also in the Proceedings of STACS (2002)zbMATHCrossRefMathSciNetGoogle Scholar
  20. 20.
    Künzler, R., Müller-Quade, J., Raub, D.: Secure computability of functions in the it setting with dishonest majority and applications to long-term security. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 238–255. Springer, Heidelberg (2009)Google Scholar
  21. 21.
    Kushilevitz, E.: Privacy and communication complexity. SIAM J. Discrete Math. 5(2), 273–284 (1992)zbMATHCrossRefMathSciNetGoogle Scholar
  22. 22.
    Lo, H.-K.: Insecurity of quantum secure computations. Physical Review A 56(2), 1154–1162 (1997)CrossRefGoogle Scholar
  23. 23.
    Lo, H.-K., Chau, H.F.: Is quantum bit commitment really possible? Physical Review Letters 78(17), 3410–3413 (1997)CrossRefGoogle Scholar
  24. 24.
    Mayers, D.: Unconditionally secure quantum bit commitment is impossible. Physical Review Letters 78(17), 3414–3417 (1997)CrossRefGoogle Scholar
  25. 25.
    Mochon, C.: Quantum weak coin-flipping with bias of 0.192. In: 45th Annual IEEE Symposium on Foundations of Computer Science (FOCS), pp. 2–11 (2004)Google Scholar
  26. 26.
    Mochon, C.: A large family of quantum weak coin-flipping protocols. Phys. Rev. A 72, 022341 (2005)CrossRefGoogle Scholar
  27. 27.
    Mochon, C.: Quantum weak coin flipping with arbitrarily small bias (2007),
  28. 28.
    Nielsen, M.A., Chuang, I.L.: Quantum Computation and Quantum Information. Cambridge University Press, Cambridge (2000)zbMATHGoogle Scholar
  29. 29.
    Popescu, S., Rohrlich, D.: Quantum nonlocality as an axiom. Foundations of Physics 24(3), 379–385 (1994)CrossRefMathSciNetGoogle Scholar
  30. 30.
    Renner, R., Wolf, S.: Simple and tight bounds for information reconciliation and privacy amplification. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 199–216. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  31. 31.
    Renner, R., Wolf, S., Wullschleger, J.: The single-serving channel capacity. In: Proceedings of the International Symposium on Information Theory (ISIT). IEEE, Los Alamitos (July 2006), Google Scholar
  32. 32.
    Ruskai, M.B.: Inequalities for quantum entropy: A review with conditions for equality. Journal of Mathematical Physics 43(9), 4358–4375 (2002)zbMATHCrossRefMathSciNetGoogle Scholar
  33. 33.
    Salvail, L., Sotáková, M., Schaffner, C.: On the power of two-party quantum cryptography (2009),
  34. 34.
    Spekkens, R.W., Rudolph, T.: Degrees of concealment and bindingness in quantum bit commitment protocols. Phys. Rev. A 65(1), 012310 (2001)CrossRefMathSciNetGoogle Scholar
  35. 35.
    Winter, A., Renner, R.: Single-shot state merging (2007) (unpublished note)Google Scholar
  36. 36.
    Wolf, S., Wullschleger, J.: Zero-error information and applications in cryptography. In: IEEE Information Theory Workshop (ITW), San Antonio, Texas (October 2004)Google Scholar
  37. 37.
    Wolf, S., Wullschleger, J.: New monotones and lower bounds in unconditional two-party computation. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 467–477. Springer, Heidelberg (2005)Google Scholar
  38. 38.
    Wolf, S., Wullschleger, J.: Oblivious transfer and quantum non-locality. In: International Symposium on Information Theory (ISIT 2005), pp. 1745–1748 (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Louis Salvail
    • 1
  • Christian Schaffner
    • 2
  • Miroslava Sotáková
    • 3
  1. 1.Université de Montréal (DIRO)Canada
  2. 2.Centrum Wiskunde & Informatica (CWI)AmsterdamThe Netherlands
  3. 3.Dept. of Computer ScienceSUNY Stony BrookUSA

Personalised recommendations