Paper 2011/065

Fully Simulatable Quantum-Secure Coin-Flipping and Applications

Carolin Lunemann and Jesper Buus Nielsen


We propose a coin-flip protocol which yields a string of strong, random coins and is fully simulatable against poly-sized quantum adversaries on both sides. It can be implemented with quantum-computational security without any set-up assumptions, since our construction only assumes mixed commitment schemes which we show how to construct in the given setting. We then show that the interactive generation of random coins at the beginning or during outer protocols allows for quantum-secure realizations of classical schemes, again without any set-up assumptions. As example applications we discuss quantum zero-knowledge proofs of knowledge and quantum-secure two-party function evaluation. Both applications assume only fully simulatable coin-flipping and mixed commitments. Since our framework allows to construct fully simulatable coin-flipping from mixed commitments, this in particular shows that mixed commitments are complete for quantum-secure two-party function evaluation. This seems to be the first completeness result for quantum-secure two-party function evaluation from a generic assumption.

Note: Updated according to final proceedings version.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Progress in Cryptology - Africacrypt 2011, pages 21-40, 2011.
mixed commitmentquantumcommon reference stringzero knowledgesecure function evaluation
Contact author(s)
carolin @ cs au dk
2011-06-23: last of 3 revisions
2011-02-08: received
See all versions
Short URL
Creative Commons Attribution


      author = {Carolin Lunemann and Jesper Buus Nielsen},
      title = {Fully Simulatable Quantum-Secure Coin-Flipping and Applications},
      howpublished = {Cryptology ePrint Archive, Paper 2011/065},
      year = {2011},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.