Complete Insecurity of Quantum Protocols for Classical Two-Party Computation

TL;DR

This paper proves that in quantum two-party computation of classical functions, ensuring security against one cheating party inevitably leads to complete insecurity against the other, revealing fundamental limits of quantum cryptography.

Contribution

It demonstrates that any quantum protocol secure against a cheating Bob can be fully compromised by a cheating Alice, establishing a fundamental insecurity in quantum two-party classical computation.

Findings

Quantum protocols cannot be fully secure against both parties.

Security for one party implies insecurity for the other.

Results hold even with approximate security or different functions.

Abstract

A fundamental task in modern cryptography is the joint computation of a function which has two inputs, one from Alice and one from Bob, such that neither of the two can learn more about the other's input than what is implied by the value of the function. In this Letter, we show that any quantum protocol for the computation of a classical deterministic function that outputs the result to both parties (two-sided computation) and that is secure against a cheating Bob can be completely broken by a cheating Alice. Whereas it is known that quantum protocols for this task cannot be completely secure, our result implies that security for one party implies complete insecurity for the other. Our findings stand in stark contrast to recent protocols for weak coin tossing, and highlight the limits of cryptography within quantum mechanics. We remark that our conclusions remain valid, even if security is only required to be approximate and if the function that is computed for Bob is different from that of Alice.