Quantum cryptography began in 1984 with the description by Bennett and Brassard of their famous Quantum Key Distribution (QKD) protocol [1]. The central idea behind QKD is that, according to quantum physics, observation necessarily modifies the state of what is being observed. This implies that two parties can be clever enough to set up a communication scheme which allows them to detect any eavesdropping -- because they will be able to observe the disturbances introduced by such enemy action.

Papers on cryptography discuss scenarios involving three fictional characters:
Alice (or simply *A*) who tries to send a message to Bob (*B*), and
Eve, who is the evil eavesdropper trying to intercept their conversation (figure
1).

The same seminal paper of Bennett and Brassard contained a quantum coin tossing protocol. Here, Eve is not present; Alice and Bob are college students who want to flip a coin over the (quantum) phone to decide who is going to do the homework for the other. Alice flips the coin but she needs some means to convince Bob that she is telling him the truth about the outcome of the toss.

Bennett and Brassard's work generated a huge field of research, both on the better known QKD protocols as in Quantum Bit Commitment (QBC), which followed from the coin flipping scenario. Both seemed to follow more or less parallel trends, with improved protocols, error correction, proofs of security, and so on, until QBC was -- much to the embarrassment of those who had published ``proofs'' of its robustness -- shown to be insecure and beyond all possible repair. The present paper is a brief account of this story.