# On the Composition of Two-Prover Commitments, and Applications to Multi-round Relativistic Commitments

## Abstract

We consider the related notions of *two-prover* and of *relativistic* commitment schemes. In recent work, Lunghi *et al*. proposed a new relativistic commitment scheme with a *multi-round sustain phase* that keeps the binding property alive as long as the sustain phase is running. They prove security of their scheme against classical attacks; however, the proven bound on the error parameter is very weak: it blows up *double exponentially* in the number of rounds.

In this work, we give a new analysis of the multi-round scheme of Lunghi *et al*., and we show a *linear* growth of the error parameter instead (also considering classical attacks only). Our analysis is based on a new *composition theorem* for two-prover commitment schemes. The proof of our composition theorem is based on a better understanding of the binding property of two-prover commitments that we provide in the form of new definitions and relations among them. As an additional consequence of these new insights, our analysis is actually with respect to a strictly *stronger* notion of security than considered by Lunghi *et al*.

## Notes

### Acknowledgments

We would like to thank Jędrzej Kaniewski for helpful discussions regarding [10], and for commenting on an earlier version of our work.

## References

- 1.Bavarian, M., Shor, P.W.: Information Causality, Szemerédi-Trotter and Algebraic Variants of CHSH. In: Roughgarden, T. (ed.) ITCS 2015, pp. 123–132. ACM (2015)Google Scholar
- 2.Ben-Or, M., Goldwasser, S., Kilian, J., Wigderson, A.: Multi-Prover Interactive Proofs: How to Remove Intractability Assumptions. In: Simon, J. (ed.) STOC 1988, pp. 113–131. ACM (1988)Google Scholar
- 3.Chakraborty, K., Chailloux, A., Leverrier, A : Arbitrarily Long Relativistic Bit Commitment. ArXiv e-prints (2015). http://arxiv.org/abs/1507.00239
- 4.Clauser, J.F., Horne, M.A., Shimony, A., Holt, R.A.: Proposed Experiment to Test Local Hidden-Variable Theories. Phys. Rev. Lett.
**23**, 880–884 (1969)CrossRefGoogle Scholar - 5.Crépeau, C., Salvail, L., Simard, J.-R., Tapp, A.: Two Provers in Isolation. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 407–430. Springer, Heidelberg (2011)CrossRefGoogle Scholar
- 6.Fehr, S., Fillinger, M.: Multi-Prover Commitments Against Non-Signaling Attacks. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 403–421. Springer, Heidelberg (2015)CrossRefGoogle Scholar
- 7.Kent, A.: Unconditionally Secure Bit Commitment. Phys. Rev. Lett.
**83**(7), 1447–1450 (1999)MathSciNetCrossRefGoogle Scholar - 8.Kent, A.: Secure Classical Bit Commitment Using Fixed Capacity Communication Channels. J. Cryptology
**18**(4), 313–335 (2005)MathSciNetCrossRefzbMATHGoogle Scholar - 9.Lo, H.-K., Chau, H.F.: Is quantum bit commitment really possible? Phys. Rev. Lett.
**78**, 3410–3413 (1997)CrossRefGoogle Scholar - 10.Lunghi, T., Kaniewski, J., Bussières, F., Houlmann, R., Tomamichel, M., Wehner, S., Zbinden, H.: Practical Relativistic Bit Commitment. Phys. Rev. Lett.
**115**, 30502–30506 (2015)CrossRefGoogle Scholar - 11.Mayers, D.: Unconditionally Secure Quantum Bit Commitment is Impossible. Phys. Rev. Lett.
**18**, 3414–3417 (1997)CrossRefGoogle Scholar - 12.Sikora, J., Chailloux, A., Kerenidis, I.: Strong Connections Between Quantum Encodings, Non-Locality and Quantum Cryptography. Phys. Rev. A
**89**, 22334–22341 (2014)CrossRefGoogle Scholar