A Private Quantum Bit String Commitment

We propose an entanglement-based quantum bit string commitment protocol whose composability is proven in the random oracle model. This protocol has the additional property of preserving the privacy of the committed message. Even though this property is not resilient against man-in-the-middle attacks, this threat can be circumvented by considering that the parties communicate through an authenticated channel. The protocol remains secure and private (but not composable) if we realize the random oracles as physical unclonable functions (PUFs) in the so-called bad PUF model.


Introduction
One of the most basic building blocks of complex cryptosystems is commitment schemes. A commitment scheme is a protocol that allows two mistrustful parties to interact in order to communicate some information that is set up a priori by the sender and that the receiver can only unveil at a later stage. In other words, it is just as if the message was sent inside a locked box, which can only be opened after the sender hands the key over to the receiver. The protocol is secure if the receiver cannot learn the message before the sender wishes to unveil it, and the sender cannot change the message after committing to it. Commitment schemes are used in several protocols, such as coin flipping, zero-knowledge proofs, and secure multiparty computation [1][2][3][4]. Since any weakness in the building blocks affects the security of the overall system, it is important to ensure that they are highly reliable.
Unfortunately, classical bit commitment (BC) schemes cannot be simultaneously unconditionally secure against a corrupted sender and a corrupted receiver, and Canetti and Fischlin proved that universally composable (UC) BC is impossible in the plain model [5]. Together with the impossibility proof, a UC commitment protocol in the common reference string model is provided in [5]. Similarly to the common reference string, the random oracle assumption also allows the existence of UC commitments [6,7].
In 1996, Lo and Chau [8] and independently Mayers [9] proved a no-go theorem for unconditionally secure quantum BC in the standard non-relativistic quantum cryptographic framework. Since then, many protocols relying on additional assumptions have been presented. Entanglement is one of the most extraordinary effects in quantum mechanics, and it is crucially important for quantum computing and quantum cryptography. There are multiple commitment schemes using EPR pairs, such as the one in [10], which is a purified analog of [11], and the relativistic and unconditionally secure protocols in [12] (note that, although secure commitment schemes can be obtained through the exploitation of relativistic constraints, these types of protocols are challenging to implement).
In this paper, we propose a new private commitment protocol, i.e., a commitment where the message is never announced, nor can it be derived from the messages exchanged between the parties. This property is attained through the use of entanglement. Since commitment protocols are mostly used as cryptographic primitives, it is of the utmost importance to study their security in different computational environments. As such, a strong emphasis is placed on the composability of these protocols. After characterizing the commitment functionality, the EPR pair trusted source functionality, and the random oracle functionality in Section 2, we show in Section 3 that these last two functionalities can be used as a resource to achieve a private commitment protocol with composable security, which is proven in Section 4. In Section 5, we analyze the security of the protocol in the bad PUF attack model. Section 6 features our final conclusions alongside with some directions for future work.

Preliminaries
A bit commitment protocol starts with the commitment phase, during which Alice chooses the value m she wants to commit to, and generates the pair (c, d). c is the commitment, which she immediately sends to Bob (who outputs a receipt message), and d is the decommitment, which she keeps to herself. In the opening phase, Alice sends (b, d) to Bob, who can either accept or reject. The protocol is said to be concealing if Bob cannot learn Alice's committed message m before the opening phase, and binding if Alice cannot change her committed message m after the commitment phase.
The security of commitment protocols can be studied from a stand-alone perspective, with the requirements of concealingness and bindingness. However, since commitments are generally used as a subroutine of more complex tasks, it becomes mandatory for protocols to be secure in any computational environment. In a composable security proof, the parties running the protocol are considered as a single big party which must be indistinguishable from a simulated machine running an ideal functionality for commitment (see Figure 1).
1. Upon receiving a commitment b ∈ {0, 1} k from Alice, it records b and sends a receipt to Bob. Subsequent committed messages are ignored. 2. Upon receiving the message 'open' from Alice, it proceeds as follows: If a message b is recorded, then send b to Bob. Otherwise, halt. In the protocol described in the next section, we assume that the parties have access to two different resources. The first one is an EPR pair trusted source modeled by the functionality in Figure 2. Note that the existence of this source is a very reasonable assumption since entanglement distribution has already been successfully implemented [13,14]. Before the beginning of the protocol, Alice and Bob can additionally sacrifice a small number of entangled pairs to estimate their correlation by using an algorithm such as the one described in Section 6.2 of [15]. Even if noisy quantum channels result in a loss of entanglement, the parties can run an entanglement distillation protocol and transform non-maximally entangled shared pairs into a smaller number of maximally entangled ones by using only local operations and classical communication (e.g., [16,17]-the last one is significantly less effective than the first, but has the advantage of being within the reach of current technology).
1. Upon receiving a value n as input from one of the parties, it generates n EPR pairs |Ψ 00 and sends the first qubit of each pair to Alice and the second one to Bob. The second required resource, described by the functionality F RO in Figure 3, is named random oracle and behaves as an ideal cryptographic hash function, i.e., it maps each query to a fixed and uniformly random output in its range.

Parameters:
• List L, initially empty. It is essential in our proof that a quantum computer cannot call the random oracle in superposition. Therefore, a realizable random oracle implementation cannot be a cryptographic hash function such as Secure Hash Algorithm (SHA).This fact makes the random oracle quite a strong assumption; nevertheless, it can be realized using physical unclonable functions (PUFs). PUFs are physical systems with some microscale structural disorder, which is assumed to be unique to each PUF and unclonable even by the PUF manufacturer. When external stimuli (challenges) are applied to a PUF, its response will depend on the disorder of the device. Therefore, each PUF P implements a unique function f P that gives responses r = f P (c) to challenges c. For more about PUFs, we refer to [18][19][20][21]. PUFs have a classical interface, and cannot be run in superposition, even by an all-powerful quantum adversary.

The Proposed Protocol
One of the characteristics of F COM , the functionality for commitments, is that the message is never publicly announced. In most of the existing commitment protocols, nonetheless, the opening step includes sending the message over a public channel. Here, we propose a protocol (Protocol 1) that is not only composable, but also preserves the privacy of the message. We note that the privacy property is vulnerable to man-in-the-middle attacks: a third party, Eve, can pretend to be the EPR pair trusted source and send different sets of EPR pairs to Alice and Bob and then forward any received message. This can be prevented by adding an authenticated channel between Alice and Bob, as similarly done in quantum key distribution protocols.
The protocol will use as a resource the EPR pair trusted source functionality ( Figure 2) and the random oracle functionality (Figure 3) presented in the previous section. It needs two instances of F RO : H 1 with range {0, 1} 2n and H 2 with range {0, 1} n . Note that, unfortunately, we cannot use the weaker version of the RO, the global RO [7], since the programmability of the oracle is a key point of our security proof.
Setup: Alice chooses a message size 2n and sends the value n to F EPR . The functionality prepares the state |ψ = n i=1 |Ψ 00 and sends the odd qubits to Alice and the even ones to Bob.
Commitment phase: 1. To commit to a message m, Alice generates an uniformly random basis string b ∈

Security Analysis
We proceed now to prove the security of Protocol 1 in the Abstract Cryptography framework [22] instantiated with quantum Turing machines [23]. The equivalences that need to be satisfied are depicted in Figure 4.
(c) Binding. Figure 4. Conditions for the constructability of the resource F COM from the resources F EPR and F RO ; (a) corresponds to the soundness property by showing the equivalence between the ideal commitment functionality F COM and the protocol for honest parties (Alice and Bob behave according to π A and π B , respectively); (b,c) correspond to security against dishonest Bob and Alice, respectively. Since the algorithm they follow is unknown, π A and π B are removed from the respective real system, while the simulators σ A and σ B are respectively added to the ideal system. Theorem 1. Protocol 1 is composably secure. That is, the proposed commitment protocol constructs, from F EPR and F RO , a resource that is within a negligible distance from the ideal resource F COM , where simulators and distinguishers are modeled as quantum Turing machines.
Proof. This proof will be divided into three parts, one for each of the required equivalences.

Soundness
Let |ψ be the overall state of the system after Step 1. Note that so, when Alice measures each of her qubits, the corresponding EPR pair will collapse to either |00 or |11 (for b i = {|0 , |1 }), or to either |++ or |−− (for b i = {|+ , |− }). Therefore, when Bob measures each of his qubits i in the basis b i = b i he received from Alice in the opening phase, he will get exactly the same outcome as Alice, O i = O i , implying that H 1 (b |O ) = H 1 (b|O). Bob will then retrieve the message successfully, since

Concealingness
Given any behavior of a dishonest receiver, we have to construct a simulator σ B that simulates H 1 , H 2 , and F EPR and provides the receiver with a commitment that can later be opened to the message in F COM . Consider the following program for σ B : • Simulation of H 1 : Whenever σ B receives the query b|O to H 1 , it answers with h = m ⊕ c 1 . In all other cases, it returns a value h as the ideal functionality would do and keeps (q, h) on a list of queries and respective answers.

•
Simulation of H 2 : Whenever σ B receives queries q to H 2 , it returns a value h as the ideal functionality would do and keeps (q, h) on a list of queries and respective answers.

•
Simulation of F EPR : During the setup phase, σ B generates the state |ψ = n i=1 |Ψ 00 , sends the even qubits to the corrupted receiver and keeps the odd ones to itself. The behavior of σ B is the same regardless of the message that was sent to F COM , and hence there is no algorithm for the dishonest receiver allowing him to guess the committed message with probability greater than 1/2 2n .

Bindingness
Given any behavior of a dishonest sender, we have to construct a simulator σ A that simulates H 1 , H 2 , and F EPR and retrieves the message m from the sender's commitment values and sends it to F COM . It must also be able to detect when the sender is cheating and, whenever that happens, not send the opening message to F COM . Consider the following program for σ A :

•
Simulation of H 1 and H 2 : Whenever σ A receives queries q to H 1 or H 2 , it returns a value h as the ideal functionality would do and keeps (q, h) on a list of queries and respective answers.

•
Simulation of F EPR : During the setup phase, σ A generates the state |ψ = n i=1 |Ψ 00 , sends the odd qubits to the corrupted sender and keeps the even ones to itself. The real world receiver outputs error whenever the string b sent by the sender is such that H 2 (b ) = H 2 (b). From the soundness property, we know that, when b = b, the receiver correctly retrieves the message. We are interested in the situation where b = b (in which case the commitment will not be opened in the ideal world) and H 2 (b ) = H 2 (b). Since F RO is collision-resistant, this can only happen with negligible probability.
The addition of an authenticated communication channel makes this protocol a private and composable commitment protocol, which is yet to be achieved by classical cryptography based on the same assumptions.

Analysis in the Realistic Bad PUF Model
In order to study the security of PUF applications in a realistic scenario, the bad PUF attack model is described in [19]. In the bad PUF model, the fact that PUFs are real physical objects is exploited, and we consider both the simulatable bad PUFs, which possess a simulation algorithm that can be used by the manufacturer to compute responses to challenges and the challenge-logging bad PUFs, which allow the manufacturer to access a memory module in the device and read all the challenges applied to it (this malicious feature could also be added by an adversary after the construction of the PUF).
In our brief analysis, we consider that, in the proposed protocol (Protocol 1), the RO is replaced by PUFs. We may additionally suppose that the manufacturer (Alice, in our protocol), when in possession of a PUF, can program its responses to challenges. In this case, Alice should send H 1 to Bob at the end of the commitment phase, or else it would be easy for her to open a different message of her choosing without being caught. Protocol 2 describes a secure commitment in the bad PUF model where the adversary can program PUF responses. The requirement that the basis string b is a codeword of a minimum distance code will be important to guarantee security against a dishonest Alice. Note that, since the PUF responses may be programmed, H 2 can no longer be used by Bob to check the validity of the opening information and thus Protocol 2 only requires one PUF (represented by H 1 ). Instead, contrary to what happened in Protocol 1, Alice reveals the outcomes of her measurements in the opening phase. Bob then compares the revealed outcomes with his own measurement results in order to either accept or reject the opening. This does not affect the privacy of the protocol since only Bob has access to the PUF H 1 after the commitment phase.
Setup: Alice chooses a message size 2n and sends the value n to F EPR . The functionality prepares the state |ψ = n i=1 |Ψ 00 and sends the odd qubits to Alice and the even ones to Bob. Alice prepares the PUF H 1 .

Proof.
The soundness proof is similar to the one for Protocol 1. We now prove security against a dishonest Bob (receiver).

Concealingness
Suppose that Bob wants to know the message m before the opening phase. After the commitment phase, he knows c 1 and is in possession of the PUF H 1 . He might try to use H 1 and c 1 to get some information about the message. However, even if he knows H 1 's answer to every possible challenge, he still will not be able to get any information about the message from c 1 , since every possible message will be equally likely.
Finally, we show that Protocol 2 is secure against a dishonest Alice (sender).

Bindingness
Suppose that Alice wants to change the committed message after the commitment phase. Before the opening phase, she has yet to send the basis string b and the measurement outcomes O to Bob. She might try to reveal a different basis string b from what she used to measure her qubits. However, since b must also be part of the same minimum distance code as b, Bob will end up measuring at least d of his qubits in the wrong basis. As was mentioned before, the outcomes O i of Bob's measurements of these qubits will be uniformly random, and the probability of Alice revealing an outcome string O such that O = O is, therefore, 1 2 d . Classical commitments with PUFs have also been studied in the composability setting. In [20], PUFs were first formalized in the UC framework and an unconditionally secure commitment protocol was constructed. However, in this work, only honestly generated PUFs were considered and, in [21], a model where attackers can create malicious PUFs (very similar to the concept of bad PUFs) was proposed, together with a computational UC commitment scheme. Since then, it was shown in [24] that commitments with unconditional security can be obtained in the malicious PUF model and, in [25], an unconditional UC commitment in a stronger adversarial model (allowing PUF encapsulation) was presented. In these papers, it is assumed that, due to the nature of the PUFs, the simulator cannot simulate the answers of a PUF, and so it must honestly forward the queries to the PUF functionality. Protocol 2 is therefore clearly not composable since it is not equivocable, i.e., in the case of a dishonest Bob, σ B is unable to generate c 1 and H 1 during the commitment phase such that it can open it later to any message that happens to be in the functionality F COM .

Conclusions
With this work, we achieved a commitment protocol that is not only composable but also private, since the message is never publicly announced. Man-in-the-middle attacks can be prevented by adding an authenticated channel. We suggest the use of physical unclonable functions to model random oracles, and note that the protocol remains secure and private (although not composable) if we consider the bad PUF attack model, which has been proven impossible for classical bit commitment without other assumptions. In future work, it would be important to obtain a protocol that remains composable in the bad PUF model, as well as analyzing the possibility of transmission errors or implementation-related vulnerabilities (as discussed in [26], for example).
Additionally, it is of interest to further study how to obtain composability in commitment schemes while using the minimum possible assumptions (for more on this topic, see [27]), and which of these assumptions are needed to achieve privacy.