Composable security in relativistic quantum cryptography

Relativistic protocols have been proposed to overcome some impossibility results in classical and quantum cryptography. In such a setting, one takes the location of honest players into account, and uses the fact that information cannot travel faster than the speed of light to limit the abilities of dishonest agents. For example, various relativistic bit commitment protocols have been proposed [1, 2]. Although it has been shown that bit commitment is sufficient to construct oblivious transfer [3] and thus multiparty computation, composing specific relativistic protocols in this way is known to be insecure [4, Appendix A]. A composable framework is required to perform such a modular security analysis of construction schemes, but no known frameworks can handle models of computation in Minkowski space. By instantiating the systems model from the Abstract Cryptography framework [5] with causal boxes [6], we obtain such a composable framework, in which messages are assigned a location in Minkowski space (or superpositions thereof). This allows us to analyze relativistic protocols, and derive novel possibility and impossibility results. We show that (1) coin flipping can be constructed from the primitive channel with delay, (2) biased coin flipping, bit commitment and channel with delay are all impossible without further assumptions, and (3) it is impossible to improve a channel with delay (Fig. 1). This implies in particular non-composability of all proposed relativistic bit commitment protocols, as well as non-composability of (quantum, but non-relativistic) biased coin flipping protocols [7].