TY - CHAP
T1 - Non-interactive zero-knowledge arguments for qma, with preprocessing
AU - Coladangelo, Andrea
AU - Vidick, Thomas
AU - Zhang, Tina
N1 - Publisher Copyright: © International Association for Cryptologic Research 2020.
PY - 2020
Y1 - 2020
N2 - A non-interactive zero-knowledge (NIZK) proof system for a language (Formula Presented) allows a prover (who is provided with an instance (Formula Presented), and a witness w for x) to compute a classical certificate π for the claim that (Formula Presented) such that π has the following properties: 1) π can be verified efficiently, and 2) π does not reveal any information about w, besides the fact that it exists (i.e. that (Formula Presented)). NIZK proof systems have recently been shown to exist for all languages in NP in the common reference string (CRS) model and under the learning with errors (LWE) assumption. We initiate the study of NIZK arguments for languages in QMA. An argument system differs from a proof system in that the honest prover must be efficient, and that it is only sound against (quantum) polynomial-time provers. Our first main result is the following: if LWE is hard for quantum computers, then any language in QMA has an NIZK argument with preprocessing. The preprocessing in our argument system consists of (i) the generation of a CRS and (ii) a single (instance-independent) quantum message from verifier to prover. The instance-dependent phase of our argument system, meanwhile, involves only a single classical message from prover to verifier. Importantly, verification in our protocol is entirely classical, and the verifier needs not have quantum memory; its only quantum actions are in the preprocessing phase. NIZK proofs of (classical) knowledge are widely used in the construction of more advanced cryptographic protocols, and we expect the quantum analogue to likewise find a broad range of applications. In this respect, the fact that our protocol has an entirely classical verification phase is particularly appealing. Our second contribution is to extend the notion of a classical proof of knowledge to the quantum setting. We introduce the notions of arguments and proofs of quantum knowledge (AoQK/PoQK), and we show that our non-interactive argument system satisfies the definition of an AoQK, which extends its domain of usefulness with respect to cryptographic applications. In particular, we explicitly construct an extractor which can recover a quantum witness from any prover who is successful in our protocol. We also show that any language in QMA has an (interactive) proof of quantum knowledge, again by exhibiting a particular proof system for all languages in QMA and constructing an extractor for it.
AB - A non-interactive zero-knowledge (NIZK) proof system for a language (Formula Presented) allows a prover (who is provided with an instance (Formula Presented), and a witness w for x) to compute a classical certificate π for the claim that (Formula Presented) such that π has the following properties: 1) π can be verified efficiently, and 2) π does not reveal any information about w, besides the fact that it exists (i.e. that (Formula Presented)). NIZK proof systems have recently been shown to exist for all languages in NP in the common reference string (CRS) model and under the learning with errors (LWE) assumption. We initiate the study of NIZK arguments for languages in QMA. An argument system differs from a proof system in that the honest prover must be efficient, and that it is only sound against (quantum) polynomial-time provers. Our first main result is the following: if LWE is hard for quantum computers, then any language in QMA has an NIZK argument with preprocessing. The preprocessing in our argument system consists of (i) the generation of a CRS and (ii) a single (instance-independent) quantum message from verifier to prover. The instance-dependent phase of our argument system, meanwhile, involves only a single classical message from prover to verifier. Importantly, verification in our protocol is entirely classical, and the verifier needs not have quantum memory; its only quantum actions are in the preprocessing phase. NIZK proofs of (classical) knowledge are widely used in the construction of more advanced cryptographic protocols, and we expect the quantum analogue to likewise find a broad range of applications. In this respect, the fact that our protocol has an entirely classical verification phase is particularly appealing. Our second contribution is to extend the notion of a classical proof of knowledge to the quantum setting. We introduce the notions of arguments and proofs of quantum knowledge (AoQK/PoQK), and we show that our non-interactive argument system satisfies the definition of an AoQK, which extends its domain of usefulness with respect to cryptographic applications. In particular, we explicitly construct an extractor which can recover a quantum witness from any prover who is successful in our protocol. We also show that any language in QMA has an (interactive) proof of quantum knowledge, again by exhibiting a particular proof system for all languages in QMA and constructing an extractor for it.
UR - http://www.scopus.com/inward/record.url?scp=85089724882&partnerID=8YFLogxK
U2 - https://doi.org/10.1007/978-3-030-56877-1_28
DO - https://doi.org/10.1007/978-3-030-56877-1_28
M3 - فصل
SN - 9783030568764
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 799
EP - 828
BT - Advances in Cryptology - CRYPTO 2020 - 40th Annual International Cryptology Conference, Proceedings
A2 - Micciancio, Daniele
A2 - Ristenpart, Thomas
PB - Springer Verlag
T2 - 40th Annual International Cryptology Conference, CRYPTO 2020
Y2 - 17 August 2020 through 21 August 2020
ER -