Non-interactive zero-knowledge arguments for qma, with preprocessing

Andrea Coladangelo, Thomas Vidick, Tina Zhang

Research output: Chapter in Book/Report/Conference proceedingChapter

Abstract

A non-interactive zero-knowledge (NIZK) proof system for a language (Formula Presented) allows a prover (who is provided with an instance (Formula Presented), and a witness w for x) to compute a classical certificate π for the claim that (Formula Presented) such that π has the following properties: 1) π can be verified efficiently, and 2) π does not reveal any information about w, besides the fact that it exists (i.e. that (Formula Presented)). NIZK proof systems have recently been shown to exist for all languages in NP in the common reference string (CRS) model and under the learning with errors (LWE) assumption. We initiate the study of NIZK arguments for languages in QMA. An argument system differs from a proof system in that the honest prover must be efficient, and that it is only sound against (quantum) polynomial-time provers. Our first main result is the following: if LWE is hard for quantum computers, then any language in QMA has an NIZK argument with preprocessing. The preprocessing in our argument system consists of (i) the generation of a CRS and (ii) a single (instance-independent) quantum message from verifier to prover. The instance-dependent phase of our argument system, meanwhile, involves only a single classical message from prover to verifier. Importantly, verification in our protocol is entirely classical, and the verifier needs not have quantum memory; its only quantum actions are in the preprocessing phase. NIZK proofs of (classical) knowledge are widely used in the construction of more advanced cryptographic protocols, and we expect the quantum analogue to likewise find a broad range of applications. In this respect, the fact that our protocol has an entirely classical verification phase is particularly appealing. Our second contribution is to extend the notion of a classical proof of knowledge to the quantum setting. We introduce the notions of arguments and proofs of quantum knowledge (AoQK/PoQK), and we show that our non-interactive argument system satisfies the definition of an AoQK, which extends its domain of usefulness with respect to cryptographic applications. In particular, we explicitly construct an extractor which can recover a quantum witness from any prover who is successful in our protocol. We also show that any language in QMA has an (interactive) proof of quantum knowledge, again by exhibiting a particular proof system for all languages in QMA and constructing an extractor for it.

Original languageEnglish
Title of host publicationAdvances in Cryptology - CRYPTO 2020 - 40th Annual International Cryptology Conference, Proceedings
EditorsDaniele Micciancio, Thomas Ristenpart
PublisherSpringer Verlag
Pages799-828
Number of pages30
ISBN (Print)9783030568764
DOIs
StatePublished - 2020
Externally publishedYes
Event40th Annual International Cryptology Conference, CRYPTO 2020 - Santa Barbara, United States
Duration: 17 Aug 202021 Aug 2020

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume12172 LNCS

Conference

Conference40th Annual International Cryptology Conference, CRYPTO 2020
Country/TerritoryUnited States
CitySanta Barbara
Period17/08/2021/08/20

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'Non-interactive zero-knowledge arguments for qma, with preprocessing'. Together they form a unique fingerprint.

Cite this