Paper 1998/022

Insecurity of Quantum Computations

Hoi-Kwong Lo

Abstract

It had been widely claimed that quantum mechanics can protect private information during public decision in for example the so-called two-party secure computation. If this were the case, quantum smart-cards could prevent fake teller machines from learning the PIN (Personal Identification Number) from the customers' input. Although such optimism has been challenged by the recent surprising discovery of the insecurity of the so-called quantum bit commitment, the security of quantum two-party computation itself remains unaddressed. Here I answer this question directly by showing that all *one-sided* two-party computations (which allow only one of the two parties to learn the result) are necessarily insecure. As corollaries to my results, quantum one-way oblivious password identification and the so-called quantum one-out-of-two oblivious transfer are impossible. I also construct a class of functions that cannot be computed securely in any <i>two-sided</i> two-party computation. Nevertheless, quantum cryptography remains useful in key distribution and can still provide partial security in ``quantum money'' proposed by Wiesner.

Metadata
Available format(s)
PS
Publication info
Published elsewhere. Appeared in the THEORY OF CRYPTOGRAPHY LIBRARY and has been included in the ePrint Archive.
Keywords
Quantum cryptography.
Contact author(s)
hkl @ hplb hp com
History
1998-08-12: received
Short URL
https://ia.cr/1998/022
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:1998/022,
      author = {Hoi-Kwong Lo},
      title = {Insecurity of Quantum Computations},
      howpublished = {Cryptology {ePrint} Archive, Paper 1998/022},
      year = {1998},
      url = {https://eprint.iacr.org/1998/022}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.