Two-Party Quantum Protocols Do Not Compose Securely Against Honest-But-Curious Adversaries

Abstract

In this paper, we build upon the model of two-party quantum computation introduced by Salvail et al. [SSS09] and show that in this model, only trivial correct two-party quantum protocols are weakly self-composable. We do so by defining a protocol , calling any non-trivial sub-protocol π N times and showing that there is a quantum honest-but-curious strategy that cannot be modeled by acting locally in every single copy of π. In order to achieve this, we assign a real value called "payoff" to any strategy for and show that that there is a gap between the highest payoff achievable by coherent and local strategies.