Alice and Bob are getting divorced, but who keeps the dog? They could toss a coin for it, but as they now live apart, how can Bob be sure, if Alice tosses, that she won't lie about the result?

In most cryptographic problems of communication between two parties, the challenge is to eliminate third-party eavesdropping. But in the ‘coin-tossing protocol’, which is relevant to real-world situations such as remote signing of contracts, the issue is a lack of trust between the communicants. Can quantum cryptographic methods stamp out cheating? Yes, they can, say G. Molina-Terriza et al. (Phys. Rev. Lett. 94, 040501; 2005).

The authors have staged a quantum-optical enactment of a protocol that works as follows. The result is decided by many throws — the best of 100, say. Alice tosses each coin and encodes the outcome in the angular-momentum quantum state of a photon in an entangled pair. This encoding determines the quantum state of the other photon in the pair, which has been sent to Bob. But Bob cannot determine the state of his photon until Alice sends him the information on her own photon — in essence, until she tells him how the coin fell. So he bets on the toss, and then Alice sends him a signal encoding the ‘actual’ outcome, which Bob can verify by performing a measurement on his own photon.

Because of its probabilistic nature, some such measurements will fail — Alice won't be able to encode the true outcome. But the crucial point is that if Alice is systematically cheating, this shows up as a higher than average rate of ‘failures’, and Alice can do nothing to suppress this tell-tale signature of dishonesty.