dorsal/arxiv
View SchemaUnconditionally Secure Quantum Coin Tossing
| Authors | Dominic Mayers, Louis Salvail, Yoshie Chiba-Kohno |
|---|---|
| Categories | |
| ArXiv ID | quant-ph/9904078 |
| URL | https://arxiv.org/abs/quant-ph/9904078 |
Abstract
In coin tossing two remote participants want to share a uniformly distributed random bit. At the least in the quantum version, each participant test whether or not the other has attempted to create a bias on this bit. It is requested that, for b = 0,1, the probability that Alice gets bit b and pass the test is smaller than 1/2 whatever she does, and similarly for Bob. If the bound 1/2 holds perfectly against any of the two participants, the task realised is called an exact coin tossing. If the bound is actually $1/2 + \xi$ where the bias $\xi$ vanishes when a security parameter m defined by the protocol increases, the task realised is a (non exact) coin tossing. It is found here that exact coin tossing is impossible. At the same time, an unconditionally secure quantum protocol that realises a (non exact) coin tossing is proposed. The protocol executes m biased quantum coin tossing procedures at the same time. It executes the first round in each of these m procedures sequentially, then the second rounds are executed, and so on until the end of the n procedures. Each procedure requires 4n particles where $n \in O(\lg m)$. The final bit x is the parity of the m random bits. The information about each of these m bits is announced a little bit at a time which implies that the principle used against bit commitment does not apply. The bias on x is smaller than $1/m$. The result is discussed in the light of the impossibility result for exact coin tossing.
{
"annotation_id": "97f5911a-3676-47a8-b0b6-7dac1c282eb7",
"date_created": "2026-03-02T18:02:45.124000Z",
"date_modified": "2026-03-02T18:02:45.124000Z",
"file_hash": "d2590f9b1d9acd88872f9ce774bf4a6c512c14c28ae3a2d9e9e8d309d83f6fa1",
"private": false,
"record": {
"abstract": "In coin tossing two remote participants want to share a uniformly distributed\nrandom bit. At the least in the quantum version, each participant test whether\nor not the other has attempted to create a bias on this bit. It is requested\nthat, for b = 0,1, the probability that Alice gets bit b and pass the test is\nsmaller than 1/2 whatever she does, and similarly for Bob. If the bound 1/2\nholds perfectly against any of the two participants, the task realised is\ncalled an exact coin tossing. If the bound is actually $1/2 + \\xi$ where the\nbias $\\xi$ vanishes when a security parameter m defined by the protocol\nincreases, the task realised is a (non exact) coin tossing. It is found here\nthat exact coin tossing is impossible. At the same time, an unconditionally\nsecure quantum protocol that realises a (non exact) coin tossing is proposed.\nThe protocol executes m biased quantum coin tossing procedures at the same\ntime. It executes the first round in each of these m procedures sequentially,\nthen the second rounds are executed, and so on until the end of the n\nprocedures. Each procedure requires 4n particles where $n \\in O(\\lg m)$. The\nfinal bit x is the parity of the m random bits. The information about each of\nthese m bits is announced a little bit at a time which implies that the\nprinciple used against bit commitment does not apply. The bias on x is smaller\nthan $1/m$. The result is discussed in the light of the impossibility result\nfor exact coin tossing.",
"arxiv_id": "quant-ph/9904078",
"authors": [
"Dominic Mayers",
"Louis Salvail",
"Yoshie Chiba-Kohno"
],
"categories": [
"quant-ph"
],
"title": "Unconditionally Secure Quantum Coin Tossing",
"url": "https://arxiv.org/abs/quant-ph/9904078"
},
"schema_id": "dorsal/arxiv",
"source": {
"execution_id": "141cee0d-72cd-46d6-877e-7129afd83b22",
"id": "arXiv Dataset IDs",
"type": "Model",
"variant": "snapshot-2026-03-01",
"version": "0.1.0"
},
"user_id": 1000002
}