dorsal/arxiv
View SchemaWhy quantum bit commitment and ideal quantum coin tossing are impossible
| Authors | Hoi-Kwong Lo, H. F. Chau |
|---|---|
| Categories | |
| ArXiv ID | quant-ph/9605026 |
| URL | https://arxiv.org/abs/quant-ph/9605026 |
Abstract
There had been well known claims of ``provably unbreakable'' quantum protocols for bit commitment and coin tossing. However, we, and independently Mayers, showed that all proposed quantum bit commitment (and therefore coin tossing) schemes are, in principle, insecure because the sender, Alice, can always cheat successfully by using an EPR-type of attack and delaying her measurements. One might wonder if secure quantum bit commitment and coin tossing protocols exist at all. Here we prove that an EPR-type of attack by Alice will, in principle, break {\em any} realistic quantum bit commitment and {\em ideal} coin tossing scheme. Therefore, provided that Alice has a quantum computer and is capable of storing quantum signals for an arbitrary length of time, all those schemes are insecure. Since bit commitment and coin tossing are useful primitives for building up more sophisticated protocols such as zero-knowledge proofs, our results cast very serious doubt on the security of quantum cryptography in the so-called ``post-cold-war'' applications.
{
"annotation_id": "7688d176-9567-493d-ae58-4ca7ed9ad0a6",
"date_created": "2026-03-02T18:02:37.787000Z",
"date_modified": "2026-03-02T18:02:37.787000Z",
"file_hash": "3b8b2460f725a76551f7ff2b20055a1930b0f8296ba68af87205a14c7acd248a",
"private": false,
"record": {
"abstract": "There had been well known claims of ``provably unbreakable\u0027\u0027 quantum\nprotocols for bit commitment and coin tossing. However, we, and independently\nMayers, showed that all proposed quantum bit commitment (and therefore coin\ntossing) schemes are, in principle, insecure because the sender, Alice, can\nalways cheat successfully by using an EPR-type of attack and delaying her\nmeasurements. One might wonder if secure quantum bit commitment and coin\ntossing protocols exist at all. Here we prove that an EPR-type of attack by\nAlice will, in principle, break {\\em any} realistic quantum bit commitment and\n{\\em ideal} coin tossing scheme. Therefore, provided that Alice has a quantum\ncomputer and is capable of storing quantum signals for an arbitrary length of\ntime, all those schemes are insecure. Since bit commitment and coin tossing are\nuseful primitives for building up more sophisticated protocols such as\nzero-knowledge proofs, our results cast very serious doubt on the security of\nquantum cryptography in the so-called ``post-cold-war\u0027\u0027 applications.",
"arxiv_id": "quant-ph/9605026",
"authors": [
"Hoi-Kwong Lo",
"H. F. Chau"
],
"categories": [
"quant-ph"
],
"title": "Why quantum bit commitment and ideal quantum coin tossing are impossible",
"url": "https://arxiv.org/abs/quant-ph/9605026"
},
"schema_id": "dorsal/arxiv",
"source": {
"execution_id": "d87845d3-88c4-4efd-832e-abb408af14ed",
"id": "arXiv Dataset IDs",
"type": "Model",
"variant": "snapshot-2026-03-01",
"version": "0.1.0"
},
"user_id": 1000002
}