Recently, Choi \emph{et al}. proposed an assumption on Mayers-Lo-Chau (MLC) no-go theorem that the state of the entire quantum system is invariable to both participants before the unveiling phase. This means that the theorem is only applicable to static quantum bit commitment (QBC). This paper find that the assumption is unnecessary and the MLC no-go theorem can be applied to not only static QBC, but also non-static one. A non-static QBC protocol proposed by Choi \emph{et al.} is briefly reviewed and analyzed to work as a supporting example. In addition, a novel way to prove the impossibility of the two kinds of QBC is given.
Bit commitment allows a sender (Alice) to commit a bit b ∈ {0, 1} to a receiver (Bob) in the following way: 1) Alice can not change the value of the committed bit after the commitment phase (binding property); 2) Bob can not obtain the value of the committed bit before the unveiling phase (concealing property). Bit commitment is an important cryptographic primitive and can be used as a building block for some other cryptographic protocols, such as coin flipping [1], oblivious transfer [2], zeroknowledge proof [3], and multiparty computation [4].
A secure bit commitment protocol should satisfy the binding property and the concealing property at the same time. However, unconditionally secure classical bit commitment protocols do not exist. There are only some unconditionally binding and computationally concealing bit commitment protocols [5] or unconditionally concealing and computationally binding bit commitment ones [6].
Since unconditionally secure quantum key distribution protocols were proposed in [7][8][9], some quantum bit commitment (QBC) protocols have been proposed with the hope that QBC can provide unconditional security [10][11][12]. The most famous one is the bit commitment protocol proposed by Brassard et al. in [11], which was claimed to be unconditionally secure. Unfortunately, the protocol was showed to be insecure afterwards [13]. Furthermore, Mayers, Lo and Chau proved that general secure QBC protocols are impossible [14,15], which is called MLC no-go theorem.
Although discovery of the MLC no-go theorem depressed much study on QBC protocols, researchers try to design secure QBC by adopting certain restrictions or weakening some security requirements. For instance, Kent proposed two bit commitment protocols based on special relativity theory [16,17] while the related proofs proposed in [14,15,21,22] show 80 any concealing protocols are not binding.
The rest of this paper is organized as follows. In the 82 next section, it will be shown that the assumption of the In [14,15], the MLC no-go theorem was proved in the following basic idea. Suppose the initial states of Alice and Bob are |b A (b ∈ {0, 1}) and |ϕ B , respectively, and let U AB denote all the algorithms that Alice and Bob may implement. Then the final quantum state shared by Alice and Bob is
then there exists a local unitary transformation S A satisfying
according to Gisin-Hughston-Jozsa-Wootters theorem
given in [23,24] . This kind of entangled state has a special property, namely equation
holds up to the global phase for any unitary transformation U . Then, TTP applies random projection measurements represented as
If Alice chooses to commit b = 0, she randomly sends M |ψ i A or N |ψ i A to Bob. Otherwise, she sends J|ψ i A or K|ψ i A instead with the same probability. To guarantee the randomness, Alice introduces an auxiliary system A ′ whose initial state is
. Then the state of the whole system
Otherwise, she implements
Due to the randomness of |ψ i A , the resulting state In [21], Choi et al. claimed that the protocol is unconditionally secure. However, the usage of TTP makes the above non-static QBC protocol do not correspond to the fact that only two parties is involved in a general QBC protocol, although TTP plays a little role in offering quantum sources and is not involved in communication between two parties directly. In a way, the protocol is more like a quantum secret sharing protocol. For instance, the cooperation between Bob and TTP can get Aice’s committed value while one of them cannot. If the actions implemented by TTP are replaced by Bob, the protocol will not be secure. As shown by Choi et
192 or unconditionally concealing,
where δ > 0. Assume a non-static QBC protocol is perfectly binding, i.e., there does not exist a local unitary operator S A such that Eq. ( 3) holds for any |ϕ B . Then there must be some |ϕ B such that
Otherwise, the assumption violates the MLC no-go theo-
. So, by postponing measurements and implementing local unitary operations, Alice can change the value of the committed bit arbitrarily without being discovered by Bob. If the QBC protocol is supposed to be unconditionally concealing, similar results can be derived also. However, Choi et al. observed that the local unitary operation S A performed by Alice is related to Bob’s initial state |ϕ B [21]. If |ϕ B is random and unknown to Alice, she can not find a suitable local unitary operation to change the committed value. Thus, a necessary assumption of the MLC no-go theorem is that the state of quantum system should be static to both participants. This means the MLC no-go theorem was considered to be applicable to static QBC only. As shown above, the proof of the MLC no-go theorem is based on the following strategy: a QBC protocol is first supposed unconditionally concealing and it is then proved that unconditionally binding is impossible. So, Theorem 1 can be obtained, which means that the assumption of the MLC no-go theor
This content is AI-processed based on open access ArXiv data.
