24-Hour Relativistic Bit Commitment

Bit commitment is a fundamental cryptographic primitive in which a party wishes to commit a secret bit to another party. Perfect security between mistrustful parties is unfortunately impossible to achieve through the asynchronous exchange of classical and quantum messages. Perfect security can nonetheless be achieved if each party splits into two agents exchanging classical information at times and locations satisfying strict relativistic constraints. A relativistic multiround protocol to achieve this was previously proposed and used to implement a 2-millisecond commitment time. Much longer durations were initially thought to be insecure, but recent theoretical progress showed that this is not so. In this Letter, we report on the implementation of a 24-hour bit commitment solely based on timed high-speed optical communication and fast data processing, with all agents located within the city of Geneva. This duration is more than 6 orders of magnitude longer than before, and we argue that it could be extended to one year and allow much more flexibility on the locations of the agents. Our implementation offers a practical and viable solution for use in applications such as digital signatures, secure voting and honesty-preserving auctions.

Figure 1

(a) Positioning of the agents of Bob and Alice. Agent $B_i$ imposes that $A_i$ is within a distance $l_i$ from him and that he receives the answers $y_i$ within a time ${\tau }_i$ from the start of the round. (b) Space-time diagram of the multiround protocol showing the relativistic constraints (solid red line) for the spatial configuration where $A_i$ is placed at the distance limit $l_i$.

Figure 2

(a) Experimental setup showing the clocking system, described in the main text, and the exchanges between the agents. (b) Detailed setup of agent $A_i$. For each round, the string $a_k$ is loaded from the hard drive (HDD) to the FPGA at a rate of 200 MBps. The string $x_k$, sent by $B_i$ through the optical link, is read using a small form-factor pluggable (SFP) transceiver. Then, the string $y_k$ is computed within the FPGA, using both $a_k$ and $x_k$, and sent back through the optical fiber at a rate of 2.5 Gbps. (c) Detailed setup of agent $B_i$. The string $x_k$ is loaded on the FPGA then sent to $A_i$ via the optical link. The answer $y_k$ is received and transferred to the HDD, where it is stored. To verify the commitment, agent $B_2$ transfers the stored data to $B_1$ via a communication link (Com. link).