Fully Simulatable Quantum-Secure Coin-Flipping and Applications

  • Carolin Lunemann
  • Jesper Buus Nielsen
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6737)


We propose a coin-flip protocol which yields a string of strong, random coins and is fully simulatable against poly-sized quantum adversaries on both sides. It can be implemented with quantum-computational security without any set-up assumptions, since our construction only assumes mixed commitment schemes which we show how to construct in the given setting. We then show that the interactive generation of random coins at the beginning or during outer protocols allows for quantum-secure realizations of classical schemes, again without any set-up assumptions. As example applications we discuss quantum zero-knowledge proofs of knowledge and quantum-secure two-party function evaluation. Both applications assume only fully simulatable coin-flipping and mixed commitments. Since our framework allows to construct fully simulatable coin-flipping from mixed commitments, this in particular shows that mixed commitments are complete for quantum-secure two-party function evaluation. This seems to be the first completeness result for quantum-secure two-party function evaluation from a generic assumption.


Quantum Circuit Security Parameter Ideal Functionality Commitment Scheme Oblivious Transfer 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bellare, M., Goldreich, O.: On defining proofs of knowledge. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 390–420. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  2. 2.
    Blum, M.: Coin flipping by telephone. In: Advances in Cryptology: A Report on CRYPTO 1981, pp. 11–15. U.C. Santa Barbara, Dept. of Elec. and Computer Eng., ECE Report No 82-04 (1981)Google Scholar
  3. 3.
    Brassard, G., Chaum, D., Crépeau, C.: Minimum disclosure proofs of knowledge. Journal of Compututer and System Sciences 37(2), 156–189 (1988)MathSciNetCrossRefMATHGoogle Scholar
  4. 4.
    Damgård, I., Fehr, S., Lunemann, C., Salvail, L., Schaffner, C.: Improving the security of quantum protocols via commit-and-open. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 408–427. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  5. 5.
    Damgård, I.B., Fehr, S., Salvail, L.: Zero-knowledge proofs and string commitments withstanding quantum attacks. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 254–272. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  6. 6.
    Damgård, I.B., Fehr, S., Salvail, L., Schaffner, C.: Secure identification and QKD in the bounded-quantum-storage model. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 342–359. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  7. 7.
    Damgård, I.B., Lunemann, C.: Quantum-secure coin-flipping and applications. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 52–69. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  8. 8.
    Damgård, I.B., Nielsen, J.B.: Perfect hiding and perfect binding universally composable commitment schemes with constant expansion factor. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 581–596. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  9. 9.
    Fehr, S., Schaffner, C.: Composing quantum protocols in a classical environment. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 350–367. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  10. 10.
    Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof-systems (extended abstract). In: 17th Annual ACM Symposium on Theory of Computing (STOC), pp. 291–304 (1985)Google Scholar
  11. 11.
    van de Graaf, J.: Towards a formal definition of security for quantum protocols. PhD thesis, Université de Montréal (Canada) (1997)Google Scholar
  12. 12.
    Hallgren, S., Smith, A., Song, F.: Classical cryptographic protocols in a quantum world (2011), Extended abstract available at qip2011.quantumlah.org/scientificprogramme/abstract/183.pdf
  13. 13.
    Kilian, J.: Founding cryptography on oblivious transfer. In: 20th Annual ACM Symposium on Theory of Computing (STOC), pp. 20–31 (1988)Google Scholar
  14. 14.
    Lunemann, C.: Cryptographic Protocols under Quantum Attacks. PhD thesis, Aarhus University (Denmark) (November 2010), arXiv:1102.0885 [quant-ph]Google Scholar
  15. 15.
    Lunemann, C., Nielsen, J.B.: Fully simulatable quantum-secure coin-flipping and applications (2011), Full version available at eprint.iacr.org/2011/065
  16. 16.
    Peikert, C., Vaikuntanathan, V., Waters, B.: A framework for efficient and composable oblivious transfer. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 554–571. Springer, Heidelberg (2008), Full version available at eprint.iacr.org/2007/348.pdf
  17. 17.
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: 37th Annual ACM Symposium on Theory of Computing (STOC), pp. 84–93 (2005)Google Scholar
  18. 18.
    Smith, A.: Personal communication (2009)Google Scholar
  19. 19.
    Watrous, J.: Zero-knowledge against quantum attacks. SIAM Journal on Computing 39(1), 25–58 (2009); Preliminary version in 38th Annual ACM Symposium on Theory of Computing (STOC), pp. 296–305 (2006)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Carolin Lunemann
    • 1
  • Jesper Buus Nielsen
    • 1
  1. 1.Department of Computer ScienceAarhus UniversityDenmark

Personalised recommendations