INSECURITY OF QUANTUM SECURE COMPUTATIONS

It had been widely claimed that quantum mechanics can protect private information during public decision in, for example, the so-called two- party secure computation. If this were the case, quantum smart-cards, storing confidential information accessible only to a proper reader, c ould prevent fake teller machines from learning the PIN (personal iden tification number) from the customers' input. Although such optimism h as been challenged by the recent surprising discovery of the insecurit y of the so-called quantum bit commitment, the security of quantum two -party computation itself remains unaddressed. Here I answer this ques tion directly by showing that all one-sided two-party computations (wh ich allow only one of the two parties to learn the result) are necessa rily insecure. As corollaries to my results, quantum one-way oblivious password identification and the so-called quantum one-out-of-two obli vious transfer are impossible. I also construct a class of functions t hat cannot be computed securely in any two-sided two-party computation . Nevertheless, quantum cryptography remains useful in key distributio n and can still provide partial security in ''quantum money'' proposed by Wiesner.