Fully Simulatable Quantum-Secure Coin-Flipping and Applications

TL;DR

This paper introduces a fully simulatable quantum-secure coin-flip protocol that enables quantum-secure classical cryptographic applications without setup assumptions, relying only on mixed commitments, and establishes their completeness for two-party function evaluation.

Contribution

It presents a novel fully simulatable quantum-secure coin-flip protocol based on mixed commitments, enabling quantum-secure classical cryptography without setup assumptions.

Findings

Protocol is secure against poly-sized quantum adversaries.

Constructs quantum-secure applications like zero-knowledge proofs and function evaluation.

Shows mixed commitments are complete for quantum-secure two-party computation.

Abstract

We propose a coin-flip protocol which yields a string of strong, random coins and is fully simulatable against poly-sized quantum adversaries on both sides. It can be implemented with quantum-computational security without any set-up assumptions, since our construction only assumes mixed commitment schemes which we show how to construct in the given setting. We then show that the interactive generation of random coins at the beginning or during outer protocols allows for quantum-secure realizations of classical schemes, again without any set-up assumptions. As example applications we discuss quantum zero-knowledge proofs of knowledge and quantum-secure two-party function evaluation. Both applications assume only fully simulatable coin-flipping and mixed commitments. Since our framework allows to construct fully simulatable coin-flipping from mixed commitments, this in particular shows that mixed commitments are complete for quantum-secure two-party function evaluation. This seems to be the first completeness result for quantum-secure two-party function evaluation from a generic assumption.