Abstract
We show that every language in QMA admits a classical-verifier, quantum-prover zero-knowledge argument system which is sound against quantum polynomial-time provers and zero-knowledge for classical (and quantum) polynomial-time verifiers. The protocol builds upon two recent results: a computational zero-knowledge proof system for languages in QMA, with a quantum verifier, introduced by Broadbent et al. (FOCS 2016), and an argument system for languages in QMA, with a classical verifier, introduced by Mahadev (FOCS 2018).
Highlights
The paradigm of the interactive proof system is a versatile tool in complexity theory
Traditional complexity classes are usually defined in terms of a single Turing machine—NP, for example, can be defined as the class of languages which a non-deterministic Turing machine is able to decide—many have reformulations in the language of interactive proofs, and such reformulations often inspire natural and fruitful variants on the traditional classes upon which they are based. (The class MA, for example, can be considered a natural extension of NP under the interactive-proof paradigm.) Intuitively speaking, an interactive proof system is a model of computation involving two entities, a verifier and a prover, the former of whom is computationally efficient, and the latter of whom is unbounded and untrusted
The argument system in [Mah18] is sound against quantum polynomial-time provers. (The class of languages for which there exists an argument system involving a classical probabilistic polynomial-time verifier and a quantum polynomial-time prover is referred to throughout [Mah18] as QPIP0.) The argument system introduced in [Mah18] is reliant upon cryptographic assumptions about the quantum intractability of Learning With Errors (LWE; see [Reg09]) for its soundness. If this assumption holds true, the problem of verification can be considered solved. The last of these three results establishes that BQP ⊆ QPIP0, contingent upon the intractability of Learning With Errors problem (LWE). (As a matter of fact, the same result establishes that QMA ⊆ QPIP0, provided the efficient quantum prover is given access to polynomially many copies of a quantum witness for the language to be verified, in the form of ground states of an associated local Hamiltonian.) In this work, we show that the protocol which [Mah18] introduces for this purpose can be combined with the zero-knowledge proof system for QMA presented in [BJSW16] in order to obtain a zeroknowledge argument system for QMA
Summary
(As a matter of fact, the same result establishes that QMA ⊆ QPIP0, provided the efficient quantum prover is given access to polynomially many copies of a quantum witness for the language to be verified, in the form of ground states of an associated local Hamiltonian.) In this work, we show that the protocol which [Mah18] introduces for this purpose can be combined with the zero-knowledge proof system for QMA presented in [BJSW16] in order to obtain a zeroknowledge argument system for QMA. If the LWE assumption holds, and quantum computationally hiding, unconditionally binding commitment schemes exist, 1 QMA ⊆ CZK-QPIP0, where the latter refers to the class of languages for which there exists a computational zero-knowledge interactive argument system involving a classical verifier and a quantum polynomialtime prover. The main difference between all three of these new protocols and our protocol is that the three protocols mentioned all involve the exchange of quantum messages (in [CVZ19], only the setup phase requires quantum communication)
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
