How to Base Security on the Perfect/Statistical Binding Property of Quantum Bit Commitment?

How to Base Security on the Perfect/Statistical Binding Property of Quantum Bit Commitment?J. Fang, D. Unruh, J. Weng, J. Yan, and D. Zhou (report, 2020).  [eprint]

Abstract: The concept of quantum bit commitment was introduced in the early 1980s for the purpose of basing bit commitment solely on principles of quantum theory. Unfortunately, such unconditional quantum bit commitment still turns out to be impossible. As a compromise like in classical cryptography, Dumais, Mayers and Salvail [DMS00] introduce and realize the conditional quantum bit commitment that additionally relies on complexity assumptions. However, in contrast to the classical bit commitment which is widely used in classical cryptography, up until now there is relatively little work towards studying the application of quantum bit commitment in quantum cryptography. This may be partly due to the well-known weakness of the quantum binding, making it unclear whether quantum bit commitment could be used as a primitive (like its classical counterpart) in quantum cryptography.

As the first step towards studying the possible application of quantum bit commitment in quantum cryptography, in this work we consider replacing the classical bit commitment used in some well-known constructions with a perfectly/statistically-binding quantum bit commitment. We show that (quantum) security can still be fulfilled in particular with respect to zero-knowledge, oblivious transfer, and proofs-of-knowledge. In spite of this, we stress that the corresponding security analyses are by no means a trivial adaptation of their classical counterparts. New techniques are needed to handle possible superposition attacks by the cheating sender of the quantum bit commitments.

Since non-interactive quantum bit commitment schemes can be constructed from general quantum-secure one-way functions, we hope to use quantum bit commitment (rather than the classical one that is still quantum-secure) in cryptographic construction to reduce the round complexity and weaken the complexity assumption simultaneously.