Protocols for Quantum Weak Coin Flipping

TL;DR

This paper advances quantum weak coin flipping by providing explicit unitaries and a constructive framework (TEF) that translate point-game descriptions into concrete protocols. It systematically develops from Mochon’s existence results through Time-Dependent and Time-Independent Point Games to explicit protocol realizations, achieving bias 1/10 and subsequently bias 1/(4k+2) via f-assignments and monomial solutions. The approach circumvents previous non-constructive gaps by using projectors and a blinkered unitary, enabling explicit implementations that reset the message register after each round. Together, these results move weak coin flipping from non-constructive existence to a practical, scalable construction with vanishing bias and clear pathways for optimization and extension.

Abstract

Weak coin flipping is an important cryptographic primitive$\unicode{x2013}$it is the strongest known secure two-party computation primitive that classically becomes secure only under certain assumptions (e.g. computational hardness), while quantumly there exist protocols that achieve arbitrarily close to perfect security. This breakthrough result was established by Mochon in 2007 [arXiv:0711.4114]. However, his proof relied on the existence of certain unitary operators which was established by a non-constructive argument. Consequently, explicit protocols have remained elusive. In this work, we give exact constructions of related unitary operators. These, together with a new formalism, yield a family of protocols approaching perfect security thereby also simplifying Mochon's proof of existence. We illustrate the construction of explicit weak coin flipping protocols by considering concrete examples (from the aforementioned family of protocols) that are more secure than all previously known protocols.

Figures (16)

• Figure 4: General structure of a WCF protocol.
• Figure 5: Point game.
• Figure 6: Mochon constructed a Time Independent Point Game approaching zero bias which, in combination with prior results and the ones in this manuscript, results in the corresponding WCF protocol approaching zero bias.
• Figure 7: Every quantum WCF protocol can be cast into this general form.
• Figure 8: Mochon's TIPG. The unfilled squares represent initial points of a TIPG (i.e. points with negative weight in $a+b$) and the filled squares point represent final points (i.e. points with positive weight in $a+b$). Filled circles carry negative weight and unfilled circles carry positive weight for the horizontally valid function. For the vertically valid function, it is the other way around. Thus, when the functions are added, the points corresponding to these circles cancel---except for circles on the axes: circles along the $y$-axis represent points present only in the horizontally valid function and circles along the $x$-axis represent those only in the vertically valid function. Note that in both cases, they have negative weight.

Theorems & Definitions (49)

• Theorem 2.1: TEF constraint (simplified)
• Theorem 2.2: informal---we suppressed some constraints on $f$ for brevity.
• definition 3.1: WCF protocol with bias $\epsilon$
• Theorem 3.2: Primal
• remark 3.3
• Theorem 3.4: Dual
• remark 3.5
• definition 3.6: Prob
• definition 3.7: Line Transition
• definition 3.8: EBM line transition