Papers
Topics
Authors
Recent
Search
2000 character limit reached

Quantum Bit Commitment Protocols

Updated 23 April 2026
  • Quantum bit commitment protocols are cryptographic primitives that ensure a secret bit remains both concealing and binding through quantum mechanics despite the challenges posed by no-go theorems.
  • These protocols use specific constraints—such as relativistic separation, separable operations, or forced measurements—to prevent quantum steering and limit cheating probabilities.
  • Experimental implementations employing photonic qubits, entangled states, and precise timing have demonstrated practical security with quantifiable cheat probabilities and resource-based bounds.

Quantum bit commitment (QBC) protocols are cryptographic primitives in which one party, Alice, wishes to commit a secret bit bb to another party, Bob, in such a way that Bob learns nothing about bb before Alice reveals it (concealing), and Alice cannot change bb after committing (binding). Quantum approaches to bit commitment have engaged the field for decades because of their foundational implications for quantum information theory, their connections to zero-knowledge proofs, and their potential role as a foundation for secure multi-party protocols. While general quantum bit commitment is impossible under unconstrained quantum operations due to the Mayers–Lo–Chau no-go theorems, a wide array of protocols exist—many with security proved under physical, operational, relativistic, or computational restrictions.

1. Foundational Principles and the Quantum No-Go Theorems

Quantum bit commitment is framed by two core requirements: information-theoretic hiding (Bob cannot obtain bb before the reveal) and binding (Alice cannot change bb after committing). The quantum setting first generated optimism for unconditional security, but the Mayers–Lo–Chau (MLC) theorem demonstrated the impossibility of unconditionally secure QBC under generic quantum mechanics. In particular, whenever the bit-commitment protocol is perfectly or approximately concealing, Uhlmann’s theorem ensures that Alice can prepare a purification that can be steered—by a local unitary—between the two possible revealings, rendering the protocol non-binding in principle (Srikanth, 2017).

Despite this, protocols have been constructed which circumvent the no-go theorem by means of additional constraints. Notable approaches include restricting the committer to a limited class of quantum operations (e.g., separable operations), exploiting relativity to enforce simultaneity, embedding the protocol within other cryptographic primitives, or leveraging the operational infeasibility of certain coherent attacks (Chaoui et al., 13 Jan 2025, Yuen, 2012, Liu et al., 2013).

2. Exemplary Protocol Families and Security Models

The diversity of QBC protocol constructions reflects varied assumptions and target operational regimes. The principal classes of protocols are summarized below.

Protocol Classifications and Assumptions

Protocol Type Security Assumptions Key Security Mechanisms
Unconditional (Standard QM) None (No-Go rule out information-theoretic) Impossible under Mayers–Lo–Chau
Relativistic Agents in spacelike separation Causal constraints
Bounded/Noisy Storage/Operation Restr. Memory bound or forbidden entanglement types Physical resource limits
Separable-Operation QBC Committer can only apply separable operations Prevents local steering
Classical-Evidence QBC Outcome forced to classical domain No steering possible
Counterfactual and Nonlocality-Exploit No quantum data transmission in commit Orthogonality, nonlocality
Computational (e.g., GA-hardness) Problem intractability for QC Reduces to hard classical/quantum problem

Notable instantiations:

  • Relativistic Protocols: Combine quantum communication with Minkowski causality to enforce simultaneity of commitments, making cheating attacks infeasible due to spacelike separation. Security proofs use entropy-uncertainty relations and finite statistics arguments to bound cheating probabilities, e.g., ϵb0.0568\epsilon_b \leq 0.0568 in an intercontinental implementation (Liu et al., 2013, Lunghi et al., 2013).
  • Separable-Operations QBC: Introduce restriction that Alice is limited to separable channels on her register. The protocol uses global AME (absolutely maximally entangled) states in which switching between commitments requires entangling operations, forbidden by the assumption. Under this constraint, the cheating probability of Alice can be reduced to $1/d$ for qudit dimension dd, giving perfect hiding and honest binding (Chaoui et al., 13 Jan 2025).
  • Forced-Measurement and “Classicalization”: Protocols such as QBC1 enforce mid-protocol projective measurements (forced Lüders measurements), which irreversibly destroy entanglement that would enable coherent cheating. After the check, Alice’s residual state is a classical mixture, and any attempt to open both bits fails with probability tending to zero as nn\to\infty (Yuen, 2012). Analogously, protocols that force the evidence to be classical—such as those that transmit only classical outcome strings—preclude the possibility of quantum steering (Srikanth, 2017).
  • Counterfactual QBC: Leverages protocols where, ideally, no physical quantum information traverses the channel (e.g., Noh’s counterfactual quantum key distribution). In such settings, cheating by quantum steering is physically infeasible due to the absence of transmitted quantum systems and the necessity of macroscopic operations (e.g., optical switches) that cannot be superposed (Song et al., 2017, Song et al., 2018).
  • Computationally Concealing, Statistically Binding: Non-interactive QBC schemes based on problems such as graph automorphism (GA) establish security under credible complexity-theoretic assumptions. These protocols prepare reduced quantum state ensembles whose distinguishability is computationally hard, yet admit explicit checks that prevent equivocation at the open phase (Yamakami, 2013).

3. Security Analysis: Metrics, Bounds, and Key Results

Security in QBC protocols is measured by:

  • Bob’s maximum probability of guessing the committed bit before unveil (PBP_B^*, hiding failure).
  • Alice’s maximum probability of successfully opening both bb0 and bb1 (bb2, binding failure).

For unconstrained quantum operations, Chailloux and Kerenidis showed that in any QBC protocol, bb3, with a matching protocol achieving this bound via weak coin flipping (Chailloux et al., 2011). These bounds delineate the strongest possible trade-off between hiding and binding in unconstrained settings.

Restrictions fundamentally modify these tradeoffs:

  • Relativistic Security Proofs: Combine randomness in basis choices, spacelike separation, and operationally enforced delays to achieve bounded cheating probability, rigorously quantified via min-/max-entropy uncertainty and sampling inequalities (Liu et al., 2013, Lunghi et al., 2013, Zhang et al., 2014).
  • Separable Operation Bound: When Alice is limited to separable channels, and the protocol utilizes AME states for bb4 and fully product states for bb5, her binding failure probability is at most bb6, where bb7 is the qudit dimension, achieving perfect hiding (Bob holds a maximally mixed reduced state) (Chaoui et al., 13 Jan 2025).
  • Physical Constraint Protocols: Protocols dependent on impossibility of long-term quantum memories or high-fidelity nondemolition detection derive practical security from realistic noise, loss, and decoherence models. Practical QBC can achieve statistical security levels bb8, with exact values dependent on system parameters (Danan et al., 2012, Loura et al., 2014, Song et al., 2015).
  • “Classicalization” Protocols: If the commitment evidence is forced to be classical, the probability that Alice can cheat is exponentially small in the number of rounds. For instance, in the double-blind classical-evidence protocol, bb9 (Srikanth, 2017).

4. Protocols Leveraging Relativity, Nonlocality, and Operational Restrictions

Relativistic QBC: Uses spatially separated agents and synchronization to enforce causality, thwarting quantum attacks relying on coordination between separated unveiling actions. Commitment time is bounded by bb0, with bb1 the spatial separation (Lunghi et al., 2013, Liu et al., 2013).

Protocols Exploiting Nonlocality or Infinite Dimension: Recent work employs physical phenomena such as quantum nonlocality or infinite-dimensional Hilbert space structure. For example, optical implementations using single-photon interference across large time-bins approximate an infinite-dimensional commitment space, making cheating strategies based on coherent state manipulation operationally infeasible (He, 2019). The use of nonlocal encodings or non-orthogonality, as in Goldenberg–Vaidman-style state schemes, can directly evade the conditions of the standard no-go theorems (He, 2011).

Counterfactual QBC: Avoids the transmission of information-carrying quanta between the parties. Since a cheating party cannot access or steer the remote system, standard attacks are blocked (Song et al., 2017, Song et al., 2018).

Separable-Operation Restriction: If Alice can only act with local, unentangling quantum channels, the standard “steering” attack is unavailable. By careful state design (AME vs. product), the protocol achieves a nontrivial honest binding bound with perfect hiding (Chaoui et al., 13 Jan 2025).

5. Practical Implementations, Experimental Progress, and Technological Constraints

Numerous protocols have been translated into feasible experimental demonstrations, and a diverse set of practical constraints have been analyzed.

  • Implementation under Technological Limitations: Protocols designed for photonic qubits, where high-fidelity quantum memories or perfect nondemolition measurements are not available, rely on immediate measurement upon receipt or transmission, and use statistical checks to detect or bound cheating. These protocols achieve small binding and concealing parameters by exploiting the quantum-noise tolerance of optical systems (Danan et al., 2012, Loura et al., 2014, Loura et al., 2016, Song et al., 2015).
  • Integration with QKD: Embedding bit commitment within running quantum key distribution sessions (e.g., BB84-based QBC) allows for resource-efficient realization, leveraging the inherent hardware and randomness production facilities of QKD (Zhang et al., 2014).
  • Relativistic Experiments: High-speed optical/free-space and QKD systems have enabled relativistic QBC over intercontinental distances, demonstrating practical bb2, limited principally by the geographic separation, synchronization, and communication delays (Liu et al., 2013, Lunghi et al., 2013).
  • Optical Exploitation of Infinite-Dimensional Systems: Mach–Zehnder interferometer apparatus with time-controlled single-photon emission and detection approximates protocols requiring infinite-dimensional Hilbert spaces, yielding both theoretical and experimental progress (He, 2019).
  • Resource Scaling and Practicality: Typically, achieving near-ideal security in these protocols requires substantial numbers of rounds/qubits or stringent noise/error thresholds. For practical quantum bit commitment, it's crucial to quantify the statistical soundness and the operational cost for the desired security level.

6. Theoretical and Foundational Implications

QBC protocols serve as an incisive probe into the nature of quantum reality, cryptographic security, and the boundary between classical and quantum information. Notable consequences and open issues include:

  • No-go Theorem Evasions: QBC constructions leveraging forced measurement, operational constraints (separability, memory/noise restrictions), or nonlocality demonstrate explicit pathways to circumvent the assumptions underlying the standard impossibility proofs (Chaoui et al., 13 Jan 2025, Yuen, 2012).
  • Reality of the Quantum State: Secure QBC protocols that block steering attacks—even when the “evidence” system is made classical—can be interpreted as demonstrating the necessity of treating the quantum state as an ontic entity (assuming no retrocausality) (Srikanth, 2017).
  • Cryptographic Primitives and Composability: QBC is foundational for zero-knowledge proofs, coin-flipping, and secure multi-party computation. Protocols with composability guarantees under the universal composability framework (e.g., protocols using ideal EPR sources and random oracles) provide secure hybrids for constructing higher-level cryptographic primitives (Gama et al., 2020).
  • Complexity-Theoretic Baselines: Protocols whose security reduces to the computational hardness of quantum state discrimination tasks, such as GA-hard ensembles, offer a path toward quantum cryptography paralleling the classical reliance on computational conjectures, and admit non-interactive, resource-constrained instantiations (Yamakami, 2013).
  • Operational/Physical Model Refinement: Multiple lines of work reveal that practical physical constraints—be they on memory depth, operation class, or causality—must be explicitly incorporated into the theoretical model to faithfully characterize protocol security.

Quantum bit commitment thus remains a dynamic arena at the intersection of fundamental theory, cryptographic protocol design, and quantum experiment—a crucible for testing the structure and limits of quantum security.

Topic to Video (Beta)

No one has generated a video about this topic yet.

Whiteboard

No one has generated a whiteboard explanation for this topic yet.

Follow Topic

Get notified by email when new papers are published related to Quantum Bit Commitment Protocols.