Security Details for Bit Commitment by Transmitting Measurement Outcomes

We spell out details of a simple argument for a security bound for the secure relativistic quantum bit commitment protocol of Ref. [1].

💡 Research Summary

The paper provides a detailed security analysis of the relativistic quantum bit‑commitment protocol introduced by Kent (2011), in which the commitment is effected by transmitting measurement outcomes. The protocol uses only minimal quantum resources: Bob prepares N independent qubits randomly chosen from the BB84 set {│0⟩,│1⟩,│+⟩,│−⟩} and sends them to Alice so that they arrive at a spacetime point P. To commit to bit 0 Alice measures each qubit in the computational (Z) basis, while to commit to bit 1 she measures in the diagonal (X) basis. The measurement results are then sent over secure classical channels (e.g., one‑time‑pad encrypted) to Alice’s agents located at two spacelike‑separated points Q₀ and Q₁. In the unveiling phase the two agents simultaneously reveal their data to Bob’s agents; Bob checks that the two revealed strings are identical and consistent with the list of states he originally sent. If the strings differ, Alice is caught cheating.

Security against Bob is trivial: before the unveiling he has no information about Alice’s measurement choice, because the classical messages are encrypted and the quantum states are random. The non‑trivial part is to show that Alice cannot cheat by being able to produce consistent data for both bases after the fact. The authors exploit Minkowski causality: any operation Alice performs on the segment (P, Q₀] cannot influence the data she must produce at Q₁, and vice‑versa. Suppose Alice had a strategy that allowed her, after P, to keep her commitment “unfixed” such that the probabilities p₀ and p₁ of successfully unveiling 0 at Q₀ and 1 at Q₁ satisfy p₀ + p₁ > 1 + δ for some δ > 0. By running the two strategies on the two spacelike branches, she would, with probability at least δ, be able to combine the data in the joint future of Q₀ and Q₁ and produce outcomes that are simultaneously consistent with measurements in both complementary bases. This would imply that for each individual BB84 state she could correctly identify a subset containing the state from two overlapping bases, a task that is fundamentally limited.

Lemma 1 formalises this limitation for a single BB84 state. It shows that the optimal probability for Alice to guess a subset Sᵢ = {│0⟩,│+⟩}, {│+⟩,│1⟩}, {│1⟩,│−⟩} or {│−⟩,│0⟩} that contains the unknown state is p ≤ ½(1 + 1/√2). The optimal measurement is a four‑outcome POVM {½ P₁, ½ P₂, ½ P₃, ½ P₄}, where each Pᵢ projects onto the qubit |φᵢ⟩ = cos θᵢ │0⟩ + sin θᵢ │1⟩ with θᵢ = i·π/4 − π/8. The proof reduces the problem to minimum‑error discrimination between the mixed states ½(ρᵢ + ρᵢ₊₁) and uses the Holevo–Yuen–Kennedy–Lax conditions to verify optimality.

Lemma 2 extends the result to an arbitrary sequence of i.i.d. BB84 states, allowing Alice to perform any collective quantum operation on the first N − 1 qubits before attempting to guess the subset containing the N‑th state. By a reduction to Lemma 1, it is shown that even with collective strategies the success probability for the N‑th state cannot exceed the same bound ½(1 + 1/√2). The authors argue by contradiction: if a collective strategy could beat the bound, Alice could embed the unknown N‑th state into a teleportation protocol using an entangled singlet, apply the collective strategy, and thereby obtain a better-than‑optimal guess for a single state, contradicting Lemma 1.

Theorem 1 follows directly: for N independent BB84 states the probability p_N that Alice can produce data consistent with measurements in both complementary bases is bounded by p_N ≤