

























A bit string commitment protocol securely commits $N$ classical bits in such a way that the recipient can extract only $M<N$ bits of information about the string. Classical reasoning might suggest that bit string commitment implies bit commitment and hence, given the Mayers-Lo-Chau theorem, that non-relativistic quantum bit string commitment is impossible. Not so: there exist non-relativistic quantum bit string commitment protocols, with security parameters $ε$ and $M$, that allow $A$ to commit $N = N(M, ε)$ bits to $B$ so that $A$'s probability of successfully cheating when revealing any bit and $B$'s probability of extracting more than $N'=N-M$ bits of information about the $N$ bit string before revelation are both less than $ε$. With a slightly weakened but still restrictive definition of security against $A$, $N$ can be taken to be $O(\exp (C N'))$ for a positive constant $C$. I briefly discuss possible applications.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。