(Why) does unconditionally secure multi-party quantum computation imply quantum bit commitment?

4

I have read in several papers now that information-theoretically secure multi-party quantum computation (MQPC) with a dishonest majority ($t \geq n/2$) is impossible because of the impossibility of unconditionally secure quantum bit commitment. Hence my question, why does MPQC imply the existence of quantum bit commitment? I would in particular be interested in how to combine the different frameworks of MPQC and quantum bit commitment protocols.

jgerrit

Posted 2020-11-03T13:39:19.027

Reputation: 111

It would be helpful if you could add a reference to the papers that make that assertion. – Jonathan Trousdale – 2020-11-04T15:37:28.370

@JonathanTrousdale here is an example: https://arxiv.org/abs/0801.1544

I am not looking for a full proof but more of a hint on how to combine the different frameworks of MPQC and quantum bit commitment protocols.

– jgerrit – 2020-11-04T15:48:42.877

1@glS I have edited the question, thanks for your remark. – jgerrit – 2020-11-04T16:13:24.980

Answers

5

If one had general information-theoretically secure MQPC, one would have 1-out-of-2 oblivious transfer (OT), as this can be obtained from an MPQC protocol computing the following 2-party function: consider a function $f(a_0,a_1,b_0,b_1)$ that takes as input two private bits $a_0,a_1$ from Alice (the two different messages) and two bits $b_0,b_1$ from Bob (first bit being Bob's choice of message to read and second a private key), and produces $$f(a_0,a_1,b_0,b_1)=a_{b_0}\oplus b_1$$ To get OT out of this, Bob simply has to randomize $b_1$. OT is known to imply bit commitment (in fact, the converse is also true in the quantum setting). As unconditionally secure bit commitment is impossible, so is OT and thus so is general information-theoretically secure MPQC.

Martti Karvonen

Posted 2020-11-03T13:39:19.027

Reputation: 151