Quantum bit commitment in a noisy channel

Under rather general assumptions about the properties of a noisy quantum channel, a first quantum protocol is proposed which allows to implement the secret bit commitment with the probability arbitrarily close to unity. The idea that quantum physics can provide more secure communication between two distant parties than the classical one was first put forward by Wiesner [1]. Later, after the works [2,3], a lot of papers devoted to secret key distribution (quantum cryptography) have been published. Apart from the key distribution protocol, there exist other cryptographic protocols which are both important for applications and interesting in themselves. These are the so-called Bit Commitment (BC) and Coin Tossing (CT) protocols [4,5]. Quantum versions of these protocols were first proposed by Bennett and Brassard [6]. BC is the information exchange protocol allowing two distant users A and B which do not trust each other to implement the following scheme. User A sends some (part of) information on his secret bit b (b = 0 or 1, commitment stage) to user B in such a way that user B cannot recover the secret bit chosen by A on the basis of information supplied alone. However, this information should be sufficient to prevent cheating by user A, i.e., later (at the disclosure stage) when user B asks user A to send him the rest information on the chosen secret bit, user A should be unable to change his mind and modify the value of his secret bit. The CT protocol is the scheme allowing two distant users which do not trust each other to implement the procedure of drawing an honest lot. Classical versions of these protocols are based on unproved computational complexity of some trap-door functions which require exponentially large resources to calculate their inverse on the classical computer [7,8]. Some time ago it was generally assumed that the quantum protocols based on the fundamental restriction imposed by the laws of quantum mechanics rather than on the computational complexity are unconditionally secure [9]. However, it was later shown by Mayers, Lo and Chau [10,11] that the non-relativistic quantum BC protocol is not actually secure. User A can cheat user B without being detected by the latter employing the so-called EPR-attack (EPR stands for Einstein, Podolsky, and Rosen [12]). The possibility of successful EPR-attack is actually based on the result of paper by Hougston, Josza, and Wotters on the measurements performed over the …