Insecurity of quantum secure computations
Abstract
It had been widely claimed that quantum mechanics can protect private information during public decision in, for example, the socalled twoparty secure computation. If this were the case, quantum smartcards, storing confidential information accessible only to a proper reader, could prevent fake teller machines from learning the PIN (personal identification number) from the customers' input. Although such optimism has been challenged by the recent surprising discovery of the insecurity of the socalled quantum bit commitment, the security of quantum twoparty computation itself remains unaddressed. Here I answer this question directly by showing that all onesided twoparty computations (which allow only one of the two parties to learn the result) are necessarily insecure. As corollaries to my results, quantum oneway oblivious password identification and the socalled quantum oneoutoftwo oblivious transfer are impossible. I also construct a class of functions that cannot be computed securely in any twosided twoparty computation. Nevertheless, quantum cryptography remains useful in key distribution and can still provide partial security in ``quantum money'' proposed by Wiesner.
 Publication:

Physical Review A
 Pub Date:
 August 1997
 DOI:
 10.1103/PhysRevA.56.1154
 arXiv:
 arXiv:quantph/9611031
 Bibcode:
 1997PhRvA..56.1154L
 Keywords:

 03.65.Bz;
 89.70.+c;
 89.80.+h;
 Information theory and communication theory;
 Quantum Physics;
 Computer Science  Cryptography and Security
 EPrint:
 The discussion on the insecurity of even nonideal protocols has been greatly extended. Other technical points are also clarified. Version accepted for publication in Phys. Rev. A