QUANT-PHJun 21, 2017
Knowledge-Concealing Evidencing of Knowledge about a Quantum StateEmily Adlam, Adrian Kent
Bob has a black box that emits a single pure state qudit which is, from his perspective, uniformly distributed. Alice wishes to give Bob evidence that she has knowledge about the emitted state while giving him little or no information about it. We show that zero-knowledge evidencing of such knowledge is impossible in quantum relativistic protocols, extending a previous result of Horodecki et al.. We also show that no such protocol can be both sound and complete. We present a new quantum relativistic protocol which we conjecture to be close to optimal in security against Alice and which reveals little knowledge to Bob, for large dimension $d$. We analyse its security against general attacks by Bob and restricted attacks by Alice.
QUANT-PHApr 3, 2015
Device-Independent Relativistic Quantum Bit CommitmentEmily Adlam, Adrian Kent
We examine the possibility of device-independent relativistic quantum bit commitment. We note the potential threat of {\it location attacks}, in which the behaviour of untrusted devices used in relativistic quantum cryptography depends on their space-time location. We describe relativistic quantum bit commitment schemes that are immune to these attacks, and show that these schemes offer device-independent security against hypothetical post-quantum adversaries subject only to the no-signalling principle. We compare a relativistic classical bit commitment scheme with similar features, and note some possible advantages of the quantum schemes.
QUANT-PHApr 3, 2015
Deterministic Relativistic Quantum Bit CommitmentEmily Adlam, Adrian Kent
We describe new unconditionally secure bit commitment schemes whose security is based on Minkowski causality and the monogamy of quantum entanglement. We first describe an ideal scheme that is purely deterministic, in the sense that neither party needs to generate any secret randomness at any stage. We also describe a variant that allows the committer to proceed deterministically, requires only local randomness generation from the receiver, and allows the commitment to be verified in the neighbourhood of the unveiling point. We show that these schemes still offer near-perfect security in the presence of losses and errors, which can be made perfect if the committer uses an extra single random secret bit. We discuss scenarios where these advantages are significant.