HP Labs Technical Reports

Click here for full text: PDF

Insecurity of Quantum Secure Computations

Lo, Hoi-Kwong


Keyword(s): quantum cryptography; secure computation; oblivious circuit evaluation; oblivious transfer; cryptanalysis; quantum theory

Abstract: It had been widely claimed that quantum mechanics can protect private information during public decision in for example the so-called two-party secure computation. If this were the case, quantum smart-cards could prevent fake teller machines from learning the PIN (personal Identification Number) from the customer's input. Although such optimism has been challenged by the recent surprising discovery of the insecurity of the so-called quantum bit commitment, the security of quantum two-party computation itself remains unaddressed. Here we answer this question directly by showing that all one-sided two-party computations (which allow only one of the two parties to learn the result) are necessarily insecure. As corollaries to our results, quantum oblivious password identification and the so-called quantum one-out-of-two oblivious transfer are impossible. We also construct a class of functions that cannot be computed securely in any two-sided two-party computation. Nevertheless, quantum cryptography remains useful in key distribution and can still provide partial security in "quantum money" proposed by Wiesner. PACS Numbers: 03.65. Bz, 89.70.+c, 89.80.+h

Back to Index

[Research] [News] [Tech Reports] [Palo Alto] [Bristol] [Japan] [Israel] [Site Map][Home] [Hewlett-Packard]