Complete Insecurity of Quantum Protocols for Classical Two-Party Computation

A fundamental task in modern cryptography is the joint computation of a classical deterministic function which has two inputs, one from Alice and one from Bob, such that neither of the two can learn more about the other's input than what is implied by the value of the function (secure two-party computation). In this work we show that any quantum protocol that outputs the result to both parties (two-sided computation) and that is secure against a cheating Bob can be completely broken by a cheating Alice. Whereas it is known that quantum protocols for this task cannot be completely secure, our result implies that even partial security cannot be obtained. Our findings stand in stark contrast to recent works on coin tossing, where interesting quantum mechanical advantages can be obtained, and highlight the limits of cryptography within quantum mechanics. With help of von Neumann's minimax theorem we extend the result to the imperfect case, where the quantum protocol may not work perfectly and may not be perfectly secure.