We describe results from an apparatus and protocol designed to implement quantum key distribution, by which two users, who share no secret information initially: 1) exchange a random quantum transmission, consisting of very faint flashes of polarized light; 2) by subsequent public discussion of the sent and received versions of this transmission estimate the extent of eavesdropping that might have taken place on it, and finally 3) if this estimate is small enough, distill from the sent and received versions a smaller body of shared random information, which is certifiably secret in the sense that any third party's expected information on it is an exponentially small fraction of one bit. Because the system depends on the uncertainty principle of quantum physics, instead of usual mathematical assumptions such as the difficulty of factoring, it remains secure against an adversary with unlimited computing power. A preliminary version of this paper was presented at Eurocrypt '90, May 21 ...

Assume that a party, Alice, has a bit x in mind, to which she would like to be committed toward another party, Bob. That is, Alice wishes, through a procedure commit(x), to provide Bob with a piece of evidence that she has a bit x in mind and that she cannot change it. Meanwhile, Bob should not be able to tell from that evidence what x is. At a later time, Alice can reveal, through a procedure unveil(x), the value of x and prove to Bob that the piece of evidence sent earlier really corresponded to that bit. Classical bit commitment schemes (by which Alice's piece of evidence is classical information such as a bit string) cannot be secure against unlimited computing power and none have been proven secure against algorithmic sophistication. Previous quantum bit commitment schemes (by which Alice's piece of evidence is quantum information such as a stream of polarized photons) were known to be invulnerable to unlimited computing power and algorithmic sophistication, but not to arbitrary...

Abstract. This paper presents a new paradigm of cryptography, quantum public-key cryptosystems. In quantum public-key cryptosystems, all parties including senders, receivers and adversaries are modeled as quantum (probabilistic) poly-time Turing (QPT) machines and only classical channels (i.e., no quantum channels) are employed. A quantum trapdoor one-way function, f, plays an essential role in our system, in which a QPT machine can compute f with high probability, any QPT machine can invert f with negligible probability, and a QPT machine with trapdoor data can invert f. This paper proposes a concrete scheme for quantum public-key cryptosystems: a quantum public-key encryption scheme or quantum trapdoor one-way function. The security of our schemes is based on the computational assumption (over QPT machines) that a class of subset-sum problems is intractable against any QPT machine. Our scheme is very efficient and practical if Shor’s discrete logarithm algorithm is efficiently realized on a quantum machine.

Molecular Computation (MC) is massively parallel computation where data is stored and processed within objects of molecular size. Biomolecular Computation (BMC) is MC using biotechnology techniques, e.g. recombinant DNA operations. In contrast, Quantum Computation (QC) is a type of computation where unitary and measurement operations are executed on linear superpositions of basis states. Both BMC and QC may be executed at the micromolecular scale by a variety of methodologies and technologies. This paper surveys various methods for doing BMC and QC and discusses the considerable theoretical and practical advances in BMC and QC made in the last few years. We compare bounds on key resource such as time, volume (number of molecules times molecular density), energy and error rates achievable, taking particular note of the scalability of these methods with the size of the problem solved. In addition to NP search problems and database search problems, we enumerate a wide variety of further potential practical applications of BMC and QC. We observe that certain problems (e.g., NP search problems), if solved with polynomial time bounds, requires exponentially large volume for BMC, so BMC does not scale well to solve very large NP search problems. However, we describe a number of applications (e.g., search within large data bases and simulation

inequality, which means that all collusions of minorities can be tolerated, is argued to be optimal and makes the main result also optimal. 592 A third construction, on which the second is based but which is interesting in its own right, is that of an "all-honest world." This is a setting, relying only on assumption (b), in which any participant who has revealed secrets to any other can prove publicly that the secrets revealed are correct and receivable by the second participant--even ff the second participant denies receipt orcorrecmess. I INFORMAL INTRODUCTION A spymaster's deepest fear, it might be said, is that of a "double agent., If the spymasters of major countries would be willing to pool all the information they have on their agents, then they could discover--to their mutual benefit-- all double agents who play one side off against the other. But for a spymaster, revealing this sensitive data to "the other side" is, of course, unthinkable. A solution to the spymasters'

It is well-known that n players, connected only by pairwise secure channels, can achieve Byzantine agreement only if the number t of cheaters satisfies t < n=3, even with respect to computational security. However, for many applications it is sufficient to achieve detectable broadcast. With this primitive, broadcast is only guaranteed when all players are non-faulty ("honest"), but all non-faulty players always reach agreement on whether broadcast was achieved or not. We show that detectable broadcast can be achieved regardless of the number of faulty players (i.e., for all t < n). We give a protocol which is unconditionally secure, as well as two more efficient protocols which are secure with respect to computational assumptions, and the existence of quantum channels, respectively.

The security of the previous quantum key distribution (QKD) protocols, which is guaranteed by the nature of physics law, is based on the legitimate users. However, impersonation of the legitimate communicators by eavesdroppers, in practice, will be inevitable. In fact, the previous QKD proto-cols is un secure without authentication in practical communication. In this paper, we proposed an improved QKD protocol that can simultaneously distribute the quantum secret key and verify the communicators ’ identity. This presented authentication scheme is provably secure. PACS:0365.Bz 1

Quantum Computation (QC) is a type of computation where unitary and measurement operations are executed on linear superpositions of basis states. This paper provides a brief introduction to QC. We begin with a discussion of basic models for QC such as quantum TMs, quantum gates and circuits and related complexity results. We then discuss a number of topics in quantum information theory, including bounds for quantum communication and I/O complexity, methods for quantum data compression. and quantum error correction (that is, techniques for decreasing decoherence errors in QC), Furthermore, we enumerate a number of methodologies and technologies for doing QC. Finally, we discuss resource bounds for QC including bonds for processing time, energy and volume, particularly emphasizing challenges in determining volume bounds for observation apperatus.

1.4 Simple XOR

this paper, we focus on the number of bits which Bob needs to store until the opening phase. We consider this as crucial in the quantum setting, since Bob must protect the received quantum states against decoherence until the opening phase. For some practical application, the length between the committing phase and the opening phase could be years. We will propose two quantum bit-commitment schemes based on quantum one-way permutations. One has the property of statistically binding and computationally concealing, and the other has that of statistically concealing and computationally binding. Our schemes reduce exponentially the number of bits which Bob needs to store (i.e., Alice sends) until the opening phase compared with the classical counterparts