dorsal/arxiv
View SchemaQuantum Bit String Commitment
| Authors | Adrian Kent |
|---|---|
| Categories | |
| ArXiv ID | quant-ph/0111099 |
| URL | https://arxiv.org/abs/quant-ph/0111099 |
| DOI | 10.1103/PhysRevLett.90.237901 |
| Journal | Phys. Rev. Lett. 90 237901 (2003) |
Abstract
A bit string commitment protocol securely commits $N$ classical bits in such a way that the recipient can extract only $M<N$ bits of information about the string. Classical reasoning might suggest that bit string commitment implies bit commitment and hence, given the Mayers-Lo-Chau theorem, that non-relativistic quantum bit string commitment is impossible. Not so: there exist non-relativistic quantum bit string commitment protocols, with security parameters $\epsilon$ and $M$, that allow $A$ to commit $N = N(M, \epsilon)$ bits to $B$ so that $A$'s probability of successfully cheating when revealing any bit and $B$'s probability of extracting more than $N'=N-M$ bits of information about the $N$ bit string before revelation are both less than $\epsilon$. With a slightly weakened but still restrictive definition of security against $A$, $N$ can be taken to be $O(\exp (C N'))$ for a positive constant $C$. I briefly discuss possible applications.
{
"annotation_id": "7f06488d-82e1-4b50-a602-c5c5127d42a4",
"date_created": "2026-03-02T18:01:48.280000Z",
"date_modified": "2026-03-02T18:01:48.280000Z",
"file_hash": "3c7a3be38da5631dae6d69f46820b01de9cdd7b781138ec9f95a6e508f84fd2b",
"private": false,
"record": {
"abstract": "A bit string commitment protocol securely commits $N$ classical bits in such\na way that the recipient can extract only $M\u003cN$ bits of information about the\nstring. Classical reasoning might suggest that bit string commitment implies\nbit commitment and hence, given the Mayers-Lo-Chau theorem, that\nnon-relativistic quantum bit string commitment is impossible. Not so: there\nexist non-relativistic quantum bit string commitment protocols, with security\nparameters $\\epsilon$ and $M$, that allow $A$ to commit $N = N(M, \\epsilon)$\nbits to $B$ so that $A$\u0027s probability of successfully cheating when revealing\nany bit and $B$\u0027s probability of extracting more than $N\u0027=N-M$ bits of\ninformation about the $N$ bit string before revelation are both less than\n$\\epsilon$. With a slightly weakened but still restrictive definition of\nsecurity against $A$, $N$ can be taken to be $O(\\exp (C N\u0027))$ for a positive\nconstant $C$. I briefly discuss possible applications.",
"arxiv_id": "quant-ph/0111099",
"authors": [
"Adrian Kent"
],
"categories": [
"quant-ph",
"cs.CR"
],
"doi": "10.1103/PhysRevLett.90.237901",
"journal_ref": "Phys. Rev. Lett. 90 237901 (2003)",
"title": "Quantum Bit String Commitment",
"url": "https://arxiv.org/abs/quant-ph/0111099"
},
"schema_id": "dorsal/arxiv",
"source": {
"execution_id": "9a0d91e1-95b5-4647-b71a-4764874c3ce2",
"id": "arXiv Dataset IDs",
"type": "Model",
"variant": "snapshot-2026-03-01",
"version": "0.1.0"
},
"user_id": 1000002
}