Skip to main content

General Properties of Quantum Bit Commitments (Extended Abstract)

  • Conference paper
  • First Online:
Advances in Cryptology – ASIACRYPT 2022 (ASIACRYPT 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13794))


While unconditionally-secure quantum bit commitment (allowing both quantum computation and communication) is impossible, researchers turn to study the complexity-based one, a.k.a. computational quantum bit commitment. A computational canonical (non-interactive) quantum bit commitment scheme refers to a kind of schemes such that the commitment consists of just a single (quantum) message from the sender to the receiver that later can be opened by uncomputing the commit stage. In this work, we study general properties of computational quantum bit commitments through the lens of canonical quantum bit commitments. Among other results, we in particular obtain the following two:

  1. 1.

    Any computational quantum bit commitment scheme can be converted into the canonical (non-interactive) form (with its sum-binding property preserved).

  2. 2.

    Two flavors of canonical quantum bit commitments are equivalent; that is, canonical computationally-hiding statistically-binding quantum bit commitment exists if and only if the canonical statistically-hiding computationally-binding one exists. Combining this result with the first one, it immediately implies (unconditionally) that computational quantum bit commitment is symmetric.

Canonical quantum bit commitments can be based on quantum-secure one-way functions or pseudorandom quantum states. But in our opinion, the formulation of canonical quantum bit commitment is so clean and simple that itself can be viewed as a plausible complexity assumption as well. We propose to explore canonical quantum bit commitment from perspectives of both quantum cryptography and quantum complexity theory in the future.

The full version of this paper is referred to [50].

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others


  1. 1.

    Even in case, it is still legal to call it “quantum bit commitment scheme”. This is because classical computation and communication can be simulated by quantum computation and communication, respectively, in a standard way.

  2. 2.

    That is, any quantum cheating sender cannot generate a commitment that can be opened as both 0 and 1 successfully with non-negligible probability.

  3. 3.

    In the prior work (e.g. [18, 51, 52]) and an earlier draft of this paper (back in 2020), it is called “generic” form. However, this name is misleading as pointed out by Ananth, Qian, and Yuen [4], who also suggest the current name “canonical” to us. And we accept.

  4. 4.

    In [18], a quantum oblivious transfer with a security that is weaker than the full simulation-security [5, 22] but still very useful in many scenarios was achieved.

  5. 5.

    We do not claim that this holds for a general quantum bit commitment; the two simple schemes presented in [50, Appendix C] also serve as two counterexamples in this regard.

  6. 6.

    Then it suffices to show its semi-honest security.

  7. 7.

    Strictly speaking, we simplify the security analysis of the DMS scheme after it is firstly converted into the canonical form (which is straightforward).

  8. 8.

    This symmetry is in the same sense as that of oblivious transfer [48].

  9. 9.

    To the best of our knowledge, however, no impossibility result is known yet. In [12], authors only vaguely argue that this seems impossible for quantum computationally-binding commitments.

  10. 10.

    After the upload of the first preprint of this work to Cryptology ePrint Archive [50] in 2020.

  11. 11.

    This is also observed in [36, Appendix B].

  12. 12.

    We do not expect that quantum bit commitments can imply quantum-secure one-way functions, simply because a canonical quantum bit commitment scheme concerns quantum states rather than any sort of functions.

  13. 13.

    Their size depend on the security parameter n.

  14. 14.

    Strictly speaking, it should be understood as the corresponding two quantum state ensembles indexed by the security parameter n are indistinguishable.

  15. 15.

    Here the notation \(\left| 0 \right\rangle \) should be understood as multiple \(\left| 0 \right\rangle \)’s, the number of which depends on the security parameter; we just write a single \(\left| 0 \right\rangle \) to simplify the notation. We will follow this rule throughout this paper.


  1. Aaronson, S.: The complexity of quantum states and transformations: from quantum money to black holes. arXiv:1607.05256 (2016)

  2. Adcock, M., Cleve, R.: A quantum Goldreich-Levin theorem with cryptographic applications. In: Alt, H., Ferreira, A. (eds.) STACS 2002. LNCS, vol. 2285, pp. 323–334. Springer, Heidelberg (2002).

    Chapter  Google Scholar 

  3. Ananth, P., Qian, L., Yuen, H.: Cryptography from pseudorandom quantum states. Cryptology ePrint Archive, Report 2021/1663 (2021).

  4. Ananth, P., Qian, L., Yuen, H.: (2022). Private communication

    Google Scholar 

  5. Bartusek, J., Coladangelo, A., Khurana, D., Ma, F.: One-way functions imply secure computation in a quantum world. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12825, pp. 467–496. Springer, Cham (2021).

    Chapter  MATH  Google Scholar 

  6. Bennett, C.H., Brassard, G.: Quantum cryptography: public key distribution and coin tossing. In: Proceedings of IEEE International Conference on Computers, Systems and Signal Processing, vol. 175 (1984)

    Google Scholar 

  7. Bitansky, N., Brakerski, Z.: Classical binding for quantum commitments. In: Nissim, K., Waters, B. (eds.) TCC 2021. LNCS, vol. 13042, pp. 273–298. Springer, Cham (2021).

    Chapter  Google Scholar 

  8. Bouman, N.J., Fehr, S.: Sampling in a quantum population, and applications. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 724–741. Springer, Heidelberg (2010).

    Chapter  MATH  Google Scholar 

  9. Brakerski, Z., Canetti, R., Qian, L.: On the computational hardness needed for quantum cryptography. Cryptology ePrint Archive, Paper 2022/1181 (2022).

  10. Brassard, G., Crépeau, C.: Quantum bit commitment and coin tossing protocols. In: Menezes, A.J., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 49–61. Springer, Heidelberg (1991).

    Chapter  Google Scholar 

  11. Chailloux, A., Kerenidis, I., Rosgen, B.: Quantum commitments from complexity assumptions. In: Aceto, L., Henzinger, M., Sgall, J. (eds.) ICALP 2011. LNCS, vol. 6755, pp. 73–85. Springer, Heidelberg (2011).

    Chapter  Google Scholar 

  12. Crépeau, C., Dumais, P., Mayers, D., Salvail, L.: Computational collapse of quantum state with application to oblivious transfer. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 374–393. Springer, Heidelberg (2004).

    Chapter  MATH  Google Scholar 

  13. Crépeau, C., Kilian, J.: Achieving oblivious transfer using weakened security assumptions (extended abstract). In: FOCS, pp. 42–52 (1988)

    Google Scholar 

  14. Crépeau, C., Légaré, F., Salvail, L.: How to convert the flavor of a quantum bit commitment. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 60–77. Springer, Heidelberg (2001).

    Chapter  Google Scholar 

  15. Damgård, I., Fehr, S., Lunemann, C., Salvail, L., Schaffner, C.: Improving the security of quantum protocols via commit-and-open. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 408–427. Springer, Heidelberg (2009).

    Chapter  Google Scholar 

  16. Damgård, I., Fehr, S., Salvail, L.: Zero-knowledge proofs and string commitments withstanding quantum attacks. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 254–272. Springer, Heidelberg (2004).

    Chapter  Google Scholar 

  17. Dumais, P., Mayers, D., Salvail, L.: Perfectly concealing quantum bit commitment from any quantum one-way permutation. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 300–315. Springer, Heidelberg (2000).

    Chapter  Google Scholar 

  18. Fang, J., Unruh, D., Yan, J., Zhou, D.: How to base security on the perfect/statistical binding property of quantum bit commitment? Cryptology ePrint Archive, Report 2020/621 (2020).

  19. Goldreich, O.: A note on computational indistinguishability. Inf. Process. Lett. 34(6), 277–281 (1990)

    Article  MATH  Google Scholar 

  20. Goldreich, O.: Foundations of Cryptography, Basic Tools, vol. I. Cambridge University Press, Cambridge (2001)

    Book  MATH  Google Scholar 

  21. van de Graaf, J.: Towards a formal definition of security for quantum protocols. Ph.D. thesis, Université de Montréal (1997)

    Google Scholar 

  22. Grilo, A.B., Lin, H., Song, F., Vaikuntanathan, V.: Oblivious transfer is in miniqcrypt. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021. LNCS, vol. 12697, pp. 531–561. Springer, Cham (2021).

    Chapter  MATH  Google Scholar 

  23. Haitner, I., Hoch, J.J., Reingold, O., Segev, G.: Finding collisions in interactive protocols - a tight lower bound on the round complexity of statistically-hiding commitments. In: FOCS, pp. 669–679 (2007)

    Google Scholar 

  24. Haitner, I., Nguyen, M.H., Ong, S.J., Reingold, O., Vadhan, S.P.: Statistically hiding commitments and statistical zero-knowledge arguments from any one-way function. SIAM J. Comput. 39(3), 1153–1218 (2009)

    Article  MATH  Google Scholar 

  25. Impagliazzo, R., Luby, M.: One-way functions are essential for complexity based cryptography (extended abstract). In: FOCS, pp. 230–235 (1989)

    Google Scholar 

  26. Ji, Z., Liu, Y.-K., Song, F.: Pseudorandom quantum states. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10993, pp. 126–152. Springer, Cham (2018).

    Chapter  Google Scholar 

  27. Kitaev, A., Watrous, J.: Parallelization, amplification, and exponential time simulation of quantum interactive proof systems. In: STOC, pp. 608–617 (2000)

    Google Scholar 

  28. Kobayashi, H.: Non-interactive quantum perfect and statistical zero-knowledge. In: Ibaraki, T., Katoh, N., Ono, H. (eds.) ISAAC 2003. LNCS, vol. 2906, pp. 178–188. Springer, Heidelberg (2003).

    Chapter  MATH  Google Scholar 

  29. Kobayashi, H.: General properties of quantum zero-knowledge proofs. In: TCC, pp. 107–124 (2008). arXiv:0705.1129

  30. Koshiba, T., Odaira, T.: Statistically-hiding quantum bit commitment from approximable-preimage-size quantum one-way function. In: Childs, A., Mosca, M. (eds.) TQC 2009. LNCS, vol. 5906, pp. 33–46. Springer, Heidelberg (2009).

    Chapter  MATH  Google Scholar 

  31. Koshiba, T., Odaira, T.: Non-interactive statistically-hiding quantum bit commitment from any quantum one-way function. arXiv:1102.3441 (2011)

  32. Kretschmer, W.: Quantum pseudorandomness and classical complexity. In: Hsieh, M. (ed.) TQC. LIPIcs, vol. 197, pp. 2:1–2:20. Schloss Dagstuhl - Leibniz-Zentrum für Informatik (2021)

    Google Scholar 

  33. Lo, H.K., Chau, H.F.: Why quantum bit commitment and ideal quantum coin tossing are impossible. Phys. D 120(1), 177–187 (1998)

    Article  MATH  Google Scholar 

  34. Mahmoody, M., Pass, R.: The curious case of non-interactive commitments – on the power of black-box vs. non-black-box use of primitives. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 701–718. Springer, Heidelberg (2012).

    Chapter  Google Scholar 

  35. Mayers, D.: Unconditionally secure quantum bit commitment is impossible. Phys. Rev. Lett. 78(17), 3414–3417 (1997)

    Article  Google Scholar 

  36. Morimae, T., Yamakawa, T.: Quantum commitments and signatures without one-way functions. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO 2022. LNCS, vol. 13507, pp. 269–295. Springer, Cham (2021).,

  37. Naor, M.: Bit commitment using pseudorandomness. J. Cryptol. 4(2), 151–158 (1991)

    Article  MATH  Google Scholar 

  38. Naor, M., Ostrovsky, R., Venkatesan, R., Yung, M.: Perfect zero-knowledge arguments for NP using any one-way permutation. J. Cryptol. 11(2), 87–108 (1998)

    Article  MATH  Google Scholar 

  39. Nielsen, M.A., Chuang, I.L.: Quantum Computation and Quantum Informatioin. Cambridge University Press, Cambridge (2000)

    Google Scholar 

  40. Ong, S.J., Vadhan, S.: An equivalence between zero knowledge and commitments. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 482–500. Springer, Heidelberg (2008).

    Chapter  Google Scholar 

  41. Rosgen, B., Watrous, J.: On the hardness of distinguishing mixed-state quantum computations. In: CCC, pp. 344–354. IEEE Computer Society (2005)

    Google Scholar 

  42. Unruh, D.: Quantum proofs of knowledge. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 135–152. Springer, Heidelberg (2012).

    Chapter  Google Scholar 

  43. Unruh, D.: Collapse-binding quantum commitments without random oracles. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 166–195. Springer, Heidelberg (2016).

    Chapter  Google Scholar 

  44. Unruh, D.: Computationally binding quantum commitments. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 497–527. Springer, Heidelberg (2016).

    Chapter  Google Scholar 

  45. Watrous, J.: Limits on the power of quantum statistical zero-knowledge. In: FOCS, pp. 459–468 (2002)

    Google Scholar 

  46. Watrous, J.: Theory of Quantum Information. Cambridge University Press, Cambridge (2018)

    Book  MATH  Google Scholar 

  47. Winter, A.J.: Coding theorem and strong converse for quantum channels. IEEE Trans. Inf. Theory 45(7), 2481–2485 (1999)

    Article  MATH  Google Scholar 

  48. Wolf, S., Wullschleger, J.: Oblivious transfer is symmetric. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 222–232. Springer, Heidelberg (2006).

    Chapter  Google Scholar 

  49. Yan, J.: Complete problem for perfect zero-knowledge quantum proof. In: Bieliková, M., Friedrich, G., Gottlob, G., Katzenbeisser, S., Turán, G. (eds.) SOFSEM 2012. LNCS, vol. 7147, pp. 419–430. Springer, Heidelberg (2012).

    Chapter  Google Scholar 

  50. Yan, J.: General properties of quantum bit commitments. Cryptology ePrint Archive, Report 2020/1488 (2020).

  51. Yan, J.: Quantum computationally predicate-binding commitments with application in quantum zero-knowledge arguments for NP. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021. LNCS, vol. 13090, pp. 575–605. Springer, Cham (2021).

    Chapter  Google Scholar 

  52. Yan, J., Weng, J., Lin, D., Quan, Y.: Quantum bit commitment with application in quantum zero-knowledge proof (extended abstract). In: Elbassioni, K., Makino, K. (eds.) ISAAC 2015. LNCS, vol. 9472, pp. 555–565. Springer, Heidelberg (2015).

    Chapter  Google Scholar 

  53. Yao, A.C.: Theory and applications of trapdoor functions (extended abstract). In: 23rd Annual Symposium on Foundations of Computer Science, Chicago, Illinois, USA, 3–5 November 1982, pp. 80–91 (1982)

    Google Scholar 

  54. Yao, A.C.C.: Security of quantum protocols against coherent measurements. In: STOC, pp. 67–75 (1995)

    Google Scholar 

Download references


We thank Dominique Unruh and Takeshi Koshiba for bringing the reference [48] to our attention. Many thanks also go to Dominique Unruh, Takeshi Koshiba, Prabhanjan Ananth, Luowen Qian, Henry Yuen, and the anonymous referees of ICALP 2021, Crypto 2022 and Asiacrypt 2022 for their useful suggestions and valuable comments on earlier drafts of this paper.

This work was supported by National Natural Science Foundation of China (Grant No. 61602208), by PhD Start-up Fund of Natural Science Foundation of Guangdong Province, China (Grant No. 2014A030310333), by Major Program of Guangdong Basic and Applied Research Project (Grant No. 2019B030302008), by National Joint Engineering Research Center of Network Security Detection and Protection Technology, and by Guangdong Key Laboratory of Data Security and Privacy Preserving. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of funding agencies.

Author information

Authors and Affiliations


Corresponding author

Correspondence to Jun Yan .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2022 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Yan, J. (2022). General Properties of Quantum Bit Commitments (Extended Abstract). In: Agrawal, S., Lin, D. (eds) Advances in Cryptology – ASIACRYPT 2022. ASIACRYPT 2022. Lecture Notes in Computer Science, vol 13794. Springer, Cham.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-22971-8

  • Online ISBN: 978-3-031-22972-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics