# Adaptive Versus Non-Adaptive Strategies in the Quantum Setting with Applications

## Abstract

We prove a general relation between *adaptive* and *non-adaptive* strategies in the quantum setting, i.e., between strategies where the adversary can or cannot adaptively base its action on some auxiliary quantum side information. Our relation holds in a very general setting, and is applicable as long as we can control the bit-size of the side information, or, more generally, its “information content”. Since adaptivity is notoriously difficult to handle in the analysis of (quantum) cryptographic protocols, this gives us a very powerful tool: as long as we have enough control over the side information, it is sufficient to restrict ourselves to non-adaptive attacks.

We demonstrate the usefulness of this methodology with two examples. The first is a quantum bit commitment scheme based on *1-bit cut-and-choose*. Since bit commitment implies oblivious transfer (in the quantum setting), and oblivious transfer is universal for two-party computation, this implies the universality of 1-bit cut-and-choose, and thus solves the main open problem of [9]. The second example is a quantum bit commitment scheme proposed in 1993 by Brassard *et al*. It was originally suggested as an unconditionally secure scheme, back when this was thought to be possible. We partly restore the scheme by proving it secure in (a variant of) the bounded quantum storage model.

In both examples, the fact that the adversary holds quantum side information obstructs a direct analysis of the scheme, and we circumvent it by analyzing a non-adaptive version, which can be done by means of known techniques, and applying our main result.

## Notes

### Acknowledgments

FD acknowledges the support of the Czech Science Foundation (GA\(\check{\mathrm{C}}\)R) project no. GA16-22211S and of the EU FP7 under grant agreement no. 323970 (RAQUEL). LS is supported by Canada’s NSERC discovery grant.

### References

- 1.Bennett, C.H.: Quantum cryptography using any two nonorthogonal states. Phys. Rev. Lett.
**68**, 3121–3124 (1992)MathSciNetCrossRefMATHGoogle Scholar - 2.Bennett, C.H., Brassard, G., Crépeau, C., Skubiszewska, M.-H.: Practical quantum oblivious transfer. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 351–366. Springer, Heidelberg (1992)Google Scholar
- 3.Berta, M., Christandl, M., Renner, R.: The quantum reverse Shannon theorem based on one-shot information theory. Commun. Math. Phys.
**306**(3), 579–615 (2011)MathSciNetCrossRefMATHGoogle Scholar - 4.Bouman, N.J., Fehr, S.: Sampling in a quantum population, and applications. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 724–741. Springer, Heidelberg (2010)CrossRefGoogle Scholar
- 5.Bouman, N.J., Fehr, S., González-Guillén, C., Schaffner, C.: An all-but-one entropic uncertainty relation, and application to password-based identification. In: Kawano, Y. (ed.) TQC 2012. LNCS, vol. 7582, pp. 29–44. Springer, Heidelberg (2012)CrossRefGoogle Scholar
- 6.Brassard, G., Crépeau, C., Jozsa, R., Langlois, D.: A quantum bit commitment scheme provably unbreakable by both parties. In: Proceedings of the 34th Annual IEEE Symposium on the Foundation of Computer Science, pp. 362–371 (1993)Google Scholar
- 7.Crépeau, C.: Quantum oblivious transfer. J. Mod. Opt.
**41**(12), 2445–2454 (1994)MathSciNetCrossRefMATHGoogle Scholar - 8.Damgård, I., Fehr, S., Salvail, L., Schaffner, C.: Cryptography in the bounded-quantum-storage model. SIAM J. Comput.
**37**(6), 1865–1890 (2008)MathSciNetCrossRefMATHGoogle Scholar - 9.Fehr, S., Katz, J., Song, F., Zhou, H.-S., Zikas, V.: Feasibility and completeness of cryptographic tasks in the quantum world. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 281–296. Springer, Heidelberg (2013)CrossRefGoogle Scholar
- 10.Kilian, J.: Founding cryptography on oblivious transfer. In: Proceedings of the ACM Symposium on Theory of Computing, STOC 1988, pp. 20–31. ACM, New York (1988)Google Scholar
- 11.Kilian, J.: A general completeness theorem for two party games. In: Proceedings of the Twenty-Third Annual ACM Symposium on Theory of Computing, STOC 1991, pp. 553–560 (1991)Google Scholar
- 12.Kilian, J.: More general completeness theorems for secure two-party computation. In: Proceedings of the Thirty-Second Annual ACM Symposium on Theory of Computing, STOC 2000, pp. 316–324 (2000)Google Scholar
- 13.König, R., Renner, R., Schaffner, C.: The operational meaning of min- and max-entropy. IEEE Trans. Inf. Theor.
**55**(9), 4337–4347 (2009)MathSciNetCrossRefGoogle Scholar - 14.Kraschewski, F.: Complete primitives for information-theoretically secure two-party computation. Ph.D. thesis, Karlsruhe Institute of Technology (2013)Google Scholar
- 15.Kraschewski, D., Müller-Quade, J.: Completeness theorems with constructive proofs for finite deterministic 2-party functions. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 364–381. Springer, Heidelberg (2011)CrossRefGoogle Scholar
- 16.Maji, H.K., Prabhakaran, M., Rosulek, M.: A zero-one law for cryptographic complexity with respect to computational UC security. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 595–612. Springer, Heidelberg (2010)CrossRefGoogle Scholar
- 17.Maji, H.K., Prabhakaran, M., Rosulek, M.: A unified characterization of completeness and triviality for secure function evaluation. In: Galbraith, S., Nandi, M. (eds.) INDOCRYPT 2012. LNCS, vol. 7668, pp. 40–59. Springer, Heidelberg (2012)CrossRefGoogle Scholar
- 18.Mayers, D.: Unconditionally secure quantum bit commitment is impossible. Phys. Rev. Lett.
**78**, 3414–3417 (1997)CrossRefGoogle Scholar - 19.Renner, R.S., König, R.: Universally composable privacy amplification against quantum adversaries. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 407–425. Springer, Heidelberg (2005)CrossRefGoogle Scholar
- 20.Unruh, D.: Universally composable quantum multi-party computation. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 486–505. Springer, Heidelberg (2010)CrossRefGoogle Scholar