dorsal/arxiv
View SchemaInsecurity of Quantum Secure Computations
| Authors | Hoi-Kwong Lo |
|---|---|
| Categories | |
| ArXiv ID | quant-ph/9611031 |
| URL | https://arxiv.org/abs/quant-ph/9611031 |
| DOI | 10.1103/PhysRevA.56.1154 |
Abstract
It had been widely claimed that quantum mechanics can protect private information during public decision in for example the so-called two-party secure computation. If this were the case, quantum smart-cards could prevent fake teller machines from learning the PIN (Personal Identification Number) from the customers' input. Although such optimism has been challenged by the recent surprising discovery of the insecurity of the so-called quantum bit commitment, the security of quantum two-party computation itself remains unaddressed. Here I answer this question directly by showing that all ``one-sided'' two-party computations (which allow only one of the two parties to learn the result) are necessarily insecure. As corollaries to my results, quantum one-way oblivious password identification and the so-called quantum one-out-of-two oblivious transfer are impossible. I also construct a class of functions that cannot be computed securely in any ``two-sided'' two-party computation. Nevertheless, quantum cryptography remains useful in key distribution and can still provide partial security in ``quantum money'' proposed by Wiesner.
{
"annotation_id": "437f38a9-7e5b-44f2-896a-eac8a9a044e2",
"date_created": "2026-03-02T18:02:38.229000Z",
"date_modified": "2026-03-02T18:02:38.229000Z",
"file_hash": "d37b009fe04b6162e630ba9bf017ccd535f89a7958c7e518ea22c8b483b47b16",
"private": false,
"record": {
"abstract": "It had been widely claimed that quantum mechanics can protect private\ninformation during public decision in for example the so-called two-party\nsecure computation. If this were the case, quantum smart-cards could prevent\nfake teller machines from learning the PIN (Personal Identification Number)\nfrom the customers\u0027 input. Although such optimism has been challenged by the\nrecent surprising discovery of the insecurity of the so-called quantum bit\ncommitment, the security of quantum two-party computation itself remains\nunaddressed. Here I answer this question directly by showing that all\n``one-sided\u0027\u0027 two-party computations (which allow only one of the two parties\nto learn the result) are necessarily insecure. As corollaries to my results,\nquantum one-way oblivious password identification and the so-called quantum\none-out-of-two oblivious transfer are impossible. I also construct a class of\nfunctions that cannot be computed securely in any ``two-sided\u0027\u0027 two-party\ncomputation. Nevertheless, quantum cryptography remains useful in key\ndistribution and can still provide partial security in ``quantum money\u0027\u0027\nproposed by Wiesner.",
"arxiv_id": "quant-ph/9611031",
"authors": [
"Hoi-Kwong Lo"
],
"categories": [
"quant-ph",
"cs.CR"
],
"doi": "10.1103/PhysRevA.56.1154",
"title": "Insecurity of Quantum Secure Computations",
"url": "https://arxiv.org/abs/quant-ph/9611031"
},
"schema_id": "dorsal/arxiv",
"source": {
"execution_id": "a51a440d-5e29-46a5-9f74-ca4356807cb0",
"id": "arXiv Dataset IDs",
"type": "Model",
"variant": "snapshot-2026-03-01",
"version": "0.1.0"
},
"user_id": 1000002
}