Abstract
A bit string commitment protocol securely commits classical bits so that the recipient can extract only bits of information about the string. Classical reasoning suggests that bit string commitment implies bit commitment and hence, given the Mayers-Lo-Chau theorem, that nonrelativistic quantum bit string commitment is impossible. Not so: there exist nonrelativistic quantum bit string commitment protocols, with security parameters and , that allow to commit bits to so that ’s probability of successfully cheating when revealing any bit and ’s probability of extracting more than bits of information about the bit string before revelation are both less than . With a restrictive definition of security against , can be taken to be for a positive constant . I briefly discuss possible applications.
- Received 1 October 2001
DOI:https://doi.org/10.1103/PhysRevLett.90.237901
©2003 American Physical Society