Quantum coin flipping


Quantum coin flipping uses the principles of quantum mechanics to encrypt messages for secure communication. Unlike other types of quantum cryptography, quantum coin flipping is a protocol used between two users who do not trust each other. Because of this, both users want to win the coin toss and will attempt to cheat in various ways.
Quantum coin flipping and other types of quantum cryptography communicate information through the transmission of qubits. The accepting player does not know the information in the qubit until he performs a measurement. Information about each qubit is stored on and carried by a single photon. Once the receiving player measures the photon, it is altered, and will not produce the same output if measured again. Since a photon can only be read the same way once, any other party attempting to intercept the message is easily detectable.
Although quantum coin flipping is a secure means of communicating in theory, it is difficult to accomplish.

History

Manuel Blum introduced coin flipping as part of a classical system in 1983 based on computational algorithms and assumptions. Blum's version of coin flipping answers the following cryptographic problem:
Thus, the problem with Alice and Bob is that they do not trust each other; the only resource they have is the telephone communication channel, and there is not a third party available to read the coin. Therefore, Alice and Bob must be either truthful and agree on a value or be convinced that the other is cheating.
In 1984, quantum cryptography emerged from a paper written by Charles H. Bennett and Giles Brassard. In this paper, the two introduced the idea of using quantum mechanics to enhance previous cryptographic protocols such as coin flipping. Since then, many researchers have applied quantum mechanics to cryptography as they have proven theoretically to be more secure than classical cryptography, however, demonstrating these protocols in practical systems is difficult to accomplish.
As published in 2014, a group of scientists at the Laboratory for Communication and Processing of Information in Paris have implemented quantum coin flipping protocols experimentally. The researchers have reported that the protocol performs better than a classical system over a suitable distance for a metropolitan area optical network.

Coin flipping protocol

Quantum coin flipping is when random qubits are generated between two players that do not trust each other because both of them want to win the coin toss, which could lead them to cheat in a variety of ways. The essence of coin flipping occurs when the two players issue a sequence of instructions over a communication channel that then eventually results in an output.
A basic quantum coin flipping protocol involves two people: Alice and Bob.
  1. Alice sends Bob a set number of Κ photon pulses in the quantum states. Each of these photon pulses is independently prepared following a random choice by Alice of basis αi and bit ci where i = 1, 2, 3...Κ.
  2. Bob then measures the pulses from Alice by identifying a random basis βi. Bob records these photons and then reports back the first successfully measured photon j to Alice along with a random bit b.
  3. Alice reveals the basis and bit that she used at the basis Bob gave her. If the two bases and bits match, then both parties are truthful and can exchange information. If the bit reported by Bob is different than that of Alice's, one is not being truthful.
A more general explanation of the above protocol is as follows:
  1. Alice first chooses a random basis and a sequence of random qubits. Alice then encodes her chosen qubits as a sequence of photons following the chosen basis. She then sends these qubits as a train of polarized photons to Bob through the communication channel.
  2. Bob chooses a sequence of reading bases randomly for each individual photon. He then reads the photons and records the results in two tables. One table is of the rectilinear received photons and one of the diagonally received photons. Bob may have holes in his tables due to losses in his detectors or in the transmission channels. Based on this table, Bob makes a guess as to which basis Alice used and announces his guess to Alice. If he guessed correctly, he wins and if not, he loses.
  3. Alice reports whether he won or not by announcing what basis she used to Bob. Alice then confirms the information by sending Bob her entire original qubit sequence that she used in step 1.
  4. Bob compares Alice's sequence with his tables to confirm that no cheating occurred on Alice's part. The tables should correspond to Alice's basis and there should be no correlation with the other table.

    Assumptions

There are a few assumptions that must be made for this protocol to work properly. The first is that Alice can create each state independent of Bob, and with an equal probability. Second, for the first bit that Bob successfully measures, his basis and bit are both random and completely independent of Alice. The last assumption, is that when Bob measures a state, he has a uniform probability to measure each state, and no state is easier to be detected than others. This last assumption is especially important because if Alice were aware of Bob's inability to measure certain states, she could use that to her advantage.

Cheating

The key issue with coin flipping is that it occurs between two distrustful parties. These two parties are communicating through the communication channel some distance from each other and they have to agree on a winner or loser with each having a 50 percent chance of winning. However, since they are distrustful of one another, cheating is likely to occur. Cheating can occur in a number of ways such as claiming they lost some of the message when they do not like the result or increasing the average number of photons contained in each of the pulses.
For Bob to cheat, he would have to be able to guess Alice's basis with a probability greater than ½. In order to accomplish this, Bob would have to be able to determine a train of photons randomly polarized in one basis from a train of photons polarized in another basis.
Alice, on the other hand, could cheat in a couple of different ways, but she has to be careful because Bob could easily detect it. When Bob sends a correct guess to Alice, she could convince Bob that her photons are actually polarized the opposite of Bob's correct guess. Alice could also send Bob a different original sequence than she actually used in order to beat Bob.

Detecting a third-party

Single photons are used to pass the information from one player to the other. In this protocol, the information is encoded in the single photons with polarization directions of 0, 45, 90, and 135 degrees, non-orthogonal quantum states. When a third party attempts to read or gain information on the transmission, they alter the photon's polarization in a random way that is likely detected by the two players because it does not match the pattern exchanged between the two legitimate users.

Implementation

Experimental

As mentioned in the history section, scientists at the LTCI in Paris have experimentally carried out a quantum coin flipping protocol. Previous protocols called for a single photon source or an entangled source to be secure. However, these sources are why it is difficult for quantum coin flipping to be implemented. Instead, the researchers at LTCI used the effects of quantum superposition rather than a single photon source, which they claim makes implementation easier with the standard photon sources available.
The researchers used the Clavis2 platform developed by IdQuantique for their protocol, but needed to modify the Clavis2 system in order for it to work for the coin flipping protocol. The experimental setup they used with the Clavis2 system, involves a two-way approach. Light pulsed at 1550 nanometres is sent from Bob to Alice. Alice then uses a phase modulator to encrypt the information. After encryption, she then uses a Faraday mirror to reflect and attenuate the pulses at her chosen level and sends them back to Bob. Using two high quality single photon detectors, Bob chooses a measurement basis in his phase modulator to detect the pulses from Alice.
They replaced the detectors on Bob's side because of the low detection efficiencies of the previous detectors. When they replaced the detectors, they were able to show a quantum advantage on a channel for over. A couple of other challenges the group faced was reprogramming the system because photon source attenuation was high and performing system analyses to identify losses and errors in system components. With these corrections, the scientists were capable of implementing a coin flipping protocol by introducing a small honest abort probability, the probability that two honest participants cannot obtain a coin flip at the end of the protocol, but at a short communication distance.

Classical Analogy

Classical Coin Flip

In 2012, a pair of physicists in the US claimed that all classical probabilities can be collapsed into quantum probabilities. They concluded that fluid interactions on a microscopic scale can amplify minute quantum fluctuations, which can then propagate to macroscopic scales. In essence, something that seems probabilistically simple actually relies on a cascading series of processes with a nearly exponentially growing level of uncertainty. So any time someone flips a coin they are, in some capacity, performing a Schrödinger's cat experiment where the coin can be considered simultaneously both heads and tails.