Clear Sky Science
Evidence-based, jargon-light explanations

Clear Sky Science · en

Experimental secure multiparty computation from quantum oblivious transfer with bit commitment

· Back to index

Keeping Secrets While Still Working Together

Modern life runs on shared data, yet many organizations cannot simply pool their information without risking privacy, security, or legal trouble. This paper shows how ideas from quantum physics can let institutions such as banks collaborate on sensitive tasks—like spotting overlapping fraud cases—without actually revealing their underlying customer records to each other.

Why Private Joint Computation Matters

Many important problems require several parties to compute on their combined data while keeping each party’s input secret. This broad idea, called secure multiparty computation, underpins privacy-preserving tools in finance, machine learning, and even genetics. For example, banks may want to compare lists of suspicious accounts, or hospitals may want to jointly analyze patient data, all without exposing their full databases. A central building block for such tasks is a digital primitive named “oblivious transfer,” in which a sender holds two messages and the receiver learns exactly one of them—while the sender never finds out which one was chosen.

Figure 1
Figure 1.

Classical Security Meets the Quantum Era

Traditional oblivious transfer schemes rely on mathematical problems that are hard for today’s computers, such as factoring large numbers. These same problems, however, could be cracked by future quantum computers running Shor’s algorithm, threatening much of today’s cryptography. Quantum cryptography offers an alternative: instead of trusting only math, it uses the laws of quantum physics to limit what an eavesdropper can learn. But previous quantum oblivious transfer experiments were secure only if an attacker’s quantum memory was noisy or very limited—an assumption that may not hold as quantum hardware improves.

Building Quantum-Secure Oblivious Transfer in the Lab

The authors experimentally implement a new flavor of quantum oblivious transfer that remains secure against any attacker whose computations are limited to realistic (polynomial) time, even if that attacker has powerful quantum memory. Their setup adapts a well-known quantum key distribution design based on faint laser pulses and decoy states. One device (Alice) sends single-photon–level light pulses with randomly chosen polarizations to another device (Bob) through an optical fiber. Bob measures each pulse in a randomly chosen way and then uses a standard cryptographic technique, called bit commitment, to lock in his measurement choices and results before learning how Alice prepared the pulses. If Bob later tries to change his story, a carefully designed test will almost certainly expose the cheating.

Figure 2
Figure 2.

How the System Stays Honest and Practical

The experiment carefully accounts for imperfections in real hardware, such as missing photons and occasional bit flips caused by noise. The protocol includes tests on the overall detection rate to catch sophisticated attacks where Bob might try to keep extra photons and measure them later to learn more than he should—an approach similar to known attacks on quantum key distribution. Error-correcting codes and privacy amplification are then used so that Bob learns only a single message and essentially no information about the other, while Alice never learns which one he chose. The researchers also estimate how difficult it would be for a dishonest Bob to beat the system by combining all possible tricks. With their parameters, cheating successfully even once would, on average, take on the order of 120,000 years of continuous attempts, making real-world attacks effectively impossible.

Finding Shared Fraud Targets Without Sharing Everything

Armed with this robust oblivious transfer primitive, the team demonstrates a concrete financial application: private set intersection. In this task, two banks want to find which account identifiers appear in both of their records—say, a blacklist of suspicious accounts at one bank and a list of active customers at another—without revealing any other accounts. By integrating the quantum oblivious transfer into an efficient protocol known as an oblivious pseudorandom function, they show that each bank can transform its data into scrambled tokens, compare these tokens, and discover only the overlapping entries. Their experiments, using both simulated and real banking data, handle sets as large as one hundred thousand items per party, with communication on the order of tens of megabytes and processing times under half a second on a standard high-speed network.

What This Means for Future Secure Computing

This work delivers the first demonstration of using quantum oblivious transfer to solve a realistic multiparty computation problem, moving quantum cryptography beyond key exchange into practical data-analysis tasks. Because the security rests on basic hash functions and the physics of single photons—rather than on number-theory problems that quantum computers might someday crack—it offers a more future-proof foundation for privacy-preserving collaboration. In everyday terms, it points toward a world where institutions can safely “compare notes” on sensitive information, like fraud patterns or medical records, while confidently keeping everything else locked away.

Citation: Zhang, KY., Huang, AJ., Tu, K. et al. Experimental secure multiparty computation from quantum oblivious transfer with bit commitment. npj Quantum Inf 12, 76 (2026). https://doi.org/10.1038/s41534-026-01219-w

Keywords: quantum cryptography, secure multiparty computation, oblivious transfer, private set intersection, financial data privacy