Results 1  10
of
40
A new protocol and lower bounds for quantum coin flipping
 In Proceedings of the ThirtyThird Annual ACM Symposium on Theory of Computing
, 2001
"... We present a new protocol and two lower bounds for quantum coin flipping. In our protocol, no dishonest party can achieve one outcome with probability more than 0.75. Then, we show that our protocol is optimal for a certain type of quantum protocols. For arbitrary quantum protocols, we show that if ..."
Abstract

Cited by 40 (5 self)
 Add to MetaCart
(Show Context)
We present a new protocol and two lower bounds for quantum coin flipping. In our protocol, no dishonest party can achieve one outcome with probability more than 0.75. Then, we show that our protocol is optimal for a certain type of quantum protocols. For arbitrary quantum protocols, we show that if a protocol achieves a bias of at most ǫ, it must use at least Ω(log log 1 ǫ) rounds of communication. This implies that the parallel repetition fails for quantum coin flipping. (The bias of a protocol cannot be arbitrarily decreased by running several copies of it in parallel.) 1
Quantum digital signatures
, 2001
"... We present a quantum digital signature scheme whose security is based on fundamental principles of quantum physics. It allows a sender (Alice) to sign a message in such a way that the signature can be validated by a number of different people, and all will agree either that the message came from Ali ..."
Abstract

Cited by 27 (1 self)
 Add to MetaCart
(Show Context)
We present a quantum digital signature scheme whose security is based on fundamental principles of quantum physics. It allows a sender (Alice) to sign a message in such a way that the signature can be validated by a number of different people, and all will agree either that the message came from Alice or that it has been tampered with. To accomplish this task, each recipient of the message must have a copy of Alice’s “public key, ” which is a set of quantum states whose exact identity is known only to Alice. Quantum public keys are more difficult to deal with than classical public keys: for instance, only a limited number of copies can be in circulation, or the scheme becomes insecure. However, in exchange for this price, we achieve unconditionally secure digital signatures. Sending an mbit message uses up O(m) quantum bits for each recipient of the public key. We briefly discuss how to securely distribute quantum public keys, and show the signature scheme is absolutely secure using one method of key distribution. The protocol provides a model for importing the ideas of classical public key cryptography into the quantum world. 1.
Quantum weak coin flipping with arbitrarily small bias
 WCF, 2007. quantph:0711.4114. 11 [SR01] [SR02] Ashwin Nayak and
"... “God does not play dice. He flips coins instead. ” And though for some reason He has denied us quantum bit commitment. And though for some reason he has even denied us strong coin flipping. He has, in His infinite mercy, granted us quantum weak coin flipping so that we too may flip coins. Instructio ..."
Abstract

Cited by 19 (0 self)
 Add to MetaCart
“God does not play dice. He flips coins instead. ” And though for some reason He has denied us quantum bit commitment. And though for some reason he has even denied us strong coin flipping. He has, in His infinite mercy, granted us quantum weak coin flipping so that we too may flip coins. Instructions for the flipping of coins are contained herein. But be warned! Only those who have mastered Kitaev’s formalism relating coin flipping and operator monotone functions may succeed. For those foolhardy enough to even try, a complete tutorial is included. Contents 1
An Optimally Fair Coin Toss
"... We address one of the foundational problems in cryptography: the bias of coinflipping protocols. Coinflipping protocols allow mutually distrustful parties to generate a common unbiased random bit, guaranteeing that even if one of the parties is malicious, it cannot significantly bias the output of ..."
Abstract

Cited by 15 (0 self)
 Add to MetaCart
We address one of the foundational problems in cryptography: the bias of coinflipping protocols. Coinflipping protocols allow mutually distrustful parties to generate a common unbiased random bit, guaranteeing that even if one of the parties is malicious, it cannot significantly bias the output of the honest party. A classical result by Cleve [STOC ’86] showed that for any twoparty rround coinflipping protocol there exists an efficient adversary that can bias the output of the honest party by Ω(1/r). However, the best previously known protocol only guarantees O(1 / √ r) bias, and the question of whether Cleve’s bound is tight has remained open for more than twenty years. In this paper we establish the optimal tradeoff between the round complexity and the bias of twoparty coinflipping protocols. Under standard assumptions, we show that Cleve’s lower bound is tight: we construct an rround protocol with bias O(1/r).
Multiparty quantum coin flipping
 Proceedings of the 19th IEEE Annual Conference on Computational Complexity, 250–259
, 2004
"... All intext references underlined in blue are linked to publications on ResearchGate, letting you access and read them immediately. ..."
Abstract

Cited by 13 (1 self)
 Add to MetaCart
(Show Context)
All intext references underlined in blue are linked to publications on ResearchGate, letting you access and read them immediately.
Basing Cryptographic Protocols on TamperEvident Seals
 In Proceedings of the 32nd International Colloquium on Automata, Languages and Programming
, 2005
"... In this paper we attempt to formally study two very intuitive physical models: sealed envelopes and locked boxes, often used as illustrations for common cryptographic operations. We relax the security properties usually required from locked boxes (such as in bitcommitment protocols) and require onl ..."
Abstract

Cited by 13 (5 self)
 Add to MetaCart
(Show Context)
In this paper we attempt to formally study two very intuitive physical models: sealed envelopes and locked boxes, often used as illustrations for common cryptographic operations. We relax the security properties usually required from locked boxes (such as in bitcommitment protocols) and require only that a broken lock or torn envelope be identifiable to the original sender. Unlike the completely impregnable locked box, this functionality may be achievable in real life, where containers having this property are called “tamperevident seals”. Another physical object with this property is the “scratchoff card”, often used in lottery tickets. We consider three variations of tamperevident seals, and show that under some conditions they can be used to implement oblivious transfer, bitcommitment and coin flipping. We also show a separation between the three models. One of our results is a stronglyfair coin flipping protocol with bias bounded by O(1/r) (where r is the number of rounds); this was a stepping stone towards achieving such a protocol in the standard model (in subsequent work). 1
Weak coin flipping with small bias
 INFORMATION PROCESSING LETTERS 89 (2004) 131–135
, 2004
"... This paper presents a quantum protocol that demonstrates that weak coin flipping with bias ≈ 0.239, less than 1/4, is possible. Abiasof1/4 was the smallest known, and followed from the strong coin flipping protocol of Ambainis in [33rd STOC, 2001] ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
(Show Context)
This paper presents a quantum protocol that demonstrates that weak coin flipping with bias ≈ 0.239, less than 1/4, is possible. Abiasof1/4 was the smallest known, and followed from the strong coin flipping protocol of Ambainis in [33rd STOC, 2001]
Quantum information and computation
 arXiv:quantph/0512125. Forthcoming in Butterfield and Earman (eds.) Handbook of Philosophy of Physics
, 2005
"... This Chapter deals with theoretical developments in the subject of quantum information and quantum computation, and includes an overview of classical information and some relevant quantum mechanics. The discussion covers topics in quantum communication, quantum cryptography, and quantum computation, ..."
Abstract

Cited by 7 (2 self)
 Add to MetaCart
This Chapter deals with theoretical developments in the subject of quantum information and quantum computation, and includes an overview of classical information and some relevant quantum mechanics. The discussion covers topics in quantum communication, quantum cryptography, and quantum computation, and concludes by considering whether a perspective in terms of quantum information
Multiparty quantum computation
, 2001
"... We investigate definitions of and protocols for multiparty quantum computing in the scenario where the secret data are quantum systems. We work in the quantum informationtheoretic model, where no assumptions are made on the computational power of the adversary. For the slightly weaker task of veri ..."
Abstract

Cited by 7 (1 self)
 Add to MetaCart
We investigate definitions of and protocols for multiparty quantum computing in the scenario where the secret data are quantum systems. We work in the quantum informationtheoretic model, where no assumptions are made on the computational power of the adversary. For the slightly weaker task of verifiable quantum secret sharing, we give a protocol which tolerates any t < n/4 cheating parties (out of n). This is shown to be optimal. We use this new tool to establish that any multiparty quantum computation can be securely performed as long as the number of dishonest players is less than n/6.