Upper bounds of a class of imperfect quantum sealing protocols

Data sealing is a cryptographic problem between two parties. A sender (Alice) stores some secret data in a certain form, so that any other reader (Bob) can read it without Alice’s helping. Meanwhile, if the data has been read, it should be detectable by Alice[1]. A common example of classical data sealing is closing a letter in an envelop with a wafer of molten wax, into which was pressed the distinctive seal of the sender. Like all other classical cryptographic protocols, it is interesting to find the quantum version of data sealing for better security. Bechmann-Pasquinucci [2] first proposed a protocol which seals a classical bit with a three-qubit state. Singh and Srikanth[3] extended the idea into a many-qubit majority voting scheme, and associated it with secret sharing to improve the security. Chau[4] presented a protocol which seals quantum data with quantum error correcting code. The protocol for sealing a classical string was also proposed[5]. However, as pointed out by the author himself, the protocol in Ref.[2] is insecure against collective measurements. More general, it was further proven[6] that perfect quantum sealing of a classical bit is impossible in principle. If a protocol allows the bit to be perfectly retrievable by the reader, then collective measurements exist which can read the bit without disturbing the corresponding quantum state. It means that Bob can always read the bit without being detected by Alice. In fact, the protocol for sealing quantum data cannot be used for sealing a classical bit either. This is because the quantum states used for encoding the bits 0 and 1 respectively are orthogonal to each other. They can be distinguished by collective measurements without any disturbance too. Therefore, it is natural to ask whether imperfect quantum sealing of a classical bit is possible. Here “imperfect” means that the sealed bit b is not perfectly retrievable in the protocol. Bob can only read b correctly with the probability α < 1, while reading b can be detected with the probability β. Obviously a protocol with α = 1 is a perfect one. But if there exists a protocol in which both α and β are less than but very close to 1, it is still very valuable for practical usage. Nevertheless, in this paper it will be shown that upper bounds exist for α and β. If Bob uses collective measurements instead of the honest operations to read b, then the upper bounds are β 6 1/2 and α+ β 6 9/8. This result actually bounds the power of practical quantum sealing of a classical bit. In the next section we will establish a general model of imperfect quantum sealing protocols. Basing on the model, the upper bounds will be obtained in Section III. In Section IV some examples of imperfect protocols are studied. The impacts of the result will be discussed in the last section.