1,179 research outputs found
Increasing the power of the verifier in Quantum Zero Knowledge
In quantum zero knowledge, the assumption was made that the verifier is only
using unitary operations. Under this assumption, many nice properties have been
shown about quantum zero knowledge, including the fact that Honest-Verifier
Quantum Statistical Zero Knowledge (HVQSZK) is equal to Cheating-Verifier
Quantum Statistical Zero Knowledge (QSZK) (see [Wat02,Wat06]).
In this paper, we study what happens when we allow an honest verifier to flip
some coins in addition to using unitary operations. Flipping a coin is a
non-unitary operation but doesn't seem at first to enhance the cheating
possibilities of the verifier since a classical honest verifier can flip coins.
In this setting, we show an unexpected result: any classical Interactive Proof
has an Honest-Verifier Quantum Statistical Zero Knowledge proof with coins.
Note that in the classical case, honest verifier SZK is no more powerful than
SZK and hence it is not believed to contain even NP. On the other hand, in the
case of cheating verifiers, we show that Quantum Statistical Zero Knowledge
where the verifier applies any non-unitary operation is equal to Quantum
Zero-Knowledge where the verifier uses only unitaries.
One can think of our results in two complementary ways. If we would like to
use the honest verifier model as a means to study the general model by taking
advantage of their equivalence, then it is imperative to use the unitary
definition without coins, since with the general one this equivalence is most
probably not true. On the other hand, if we would like to use quantum zero
knowledge protocols in a cryptographic scenario where the honest-but-curious
model is sufficient, then adding the unitary constraint severely decreases the
power of quantum zero knowledge protocols.Comment: 17 pages, 0 figures, to appear in FSTTCS'0
Quantum Proofs
Quantum information and computation provide a fascinating twist on the notion
of proofs in computational complexity theory. For instance, one may consider a
quantum computational analogue of the complexity class \class{NP}, known as
QMA, in which a quantum state plays the role of a proof (also called a
certificate or witness), and is checked by a polynomial-time quantum
computation. For some problems, the fact that a quantum proof state could be a
superposition over exponentially many classical states appears to offer
computational advantages over classical proof strings. In the interactive proof
system setting, one may consider a verifier and one or more provers that
exchange and process quantum information rather than classical information
during an interaction for a given input string, giving rise to quantum
complexity classes such as QIP, QSZK, and QMIP* that represent natural quantum
analogues of IP, SZK, and MIP. While quantum interactive proof systems inherit
some properties from their classical counterparts, they also possess distinct
and uniquely quantum features that lead to an interesting landscape of
complexity classes based on variants of this model.
In this survey we provide an overview of many of the known results concerning
quantum proofs, computational models based on this concept, and properties of
the complexity classes they define. In particular, we discuss non-interactive
proofs and the complexity class QMA, single-prover quantum interactive proof
systems and the complexity class QIP, statistical zero-knowledge quantum
interactive proof systems and the complexity class \class{QSZK}, and
multiprover interactive proof systems and the complexity classes QMIP, QMIP*,
and MIP*.Comment: Survey published by NOW publisher
Perfect zero knowledge for quantum multiprover interactive proofs
In this work we consider the interplay between multiprover interactive
proofs, quantum entanglement, and zero knowledge proofs - notions that are
central pillars of complexity theory, quantum information and cryptography. In
particular, we study the relationship between the complexity class MIP, the
set of languages decidable by multiprover interactive proofs with quantumly
entangled provers, and the class PZKMIP, which is the set of languages
decidable by MIP protocols that furthermore possess the perfect zero
knowledge property.
Our main result is that the two classes are equal, i.e., MIP
PZKMIP. This result provides a quantum analogue of the celebrated result of
Ben-Or, Goldwasser, Kilian, and Wigderson (STOC 1988) who show that MIP
PZKMIP (in other words, all classical multiprover interactive protocols can be
made zero knowledge). We prove our result by showing that every MIP
protocol can be efficiently transformed into an equivalent zero knowledge
MIP protocol in a manner that preserves the completeness-soundness gap.
Combining our transformation with previous results by Slofstra (Forum of
Mathematics, Pi 2019) and Fitzsimons, Ji, Vidick and Yuen (STOC 2019), we
obtain the corollary that all co-recursively enumerable languages (which
include undecidable problems as well as all decidable problems) have zero
knowledge MIP protocols with vanishing promise gap
Quantum money with nearly optimal error tolerance
We present a family of quantum money schemes with classical verification
which display a number of benefits over previous proposals. Our schemes are
based on hidden matching quantum retrieval games and they tolerate noise up to
23%, which we conjecture reaches 25% asymptotically as the dimension of the
underlying hidden matching states is increased. Furthermore, we prove that 25%
is the maximum tolerable noise for a wide class of quantum money schemes with
classical verification, meaning our schemes are almost optimally noise
tolerant. We use methods in semi-definite programming to prove security in a
substantially different manner to previous proposals, leading to two main
advantages: first, coin verification involves only a constant number of states
(with respect to coin size), thereby allowing for smaller coins; second, the
re-usability of coins within our scheme grows linearly with the size of the
coin, which is known to be optimal. Lastly, we suggest methods by which the
coins in our protocol could be implemented using weak coherent states and
verified using existing experimental techniques, even in the presence of
detector inefficiencies.Comment: 17 pages, 5 figure
Universal blind quantum computation
We present a protocol which allows a client to have a server carry out a
quantum computation for her such that the client's inputs, outputs and
computation remain perfectly private, and where she does not require any
quantum computational power or memory. The client only needs to be able to
prepare single qubits randomly chosen from a finite set and send them to the
server, who has the balance of the required quantum computational resources.
Our protocol is interactive: after the initial preparation of quantum states,
the client and server use two-way classical communication which enables the
client to drive the computation, giving single-qubit measurement instructions
to the server, depending on previous measurement outcomes. Our protocol works
for inputs and outputs that are either classical or quantum. We give an
authentication protocol that allows the client to detect an interfering server;
our scheme can also be made fault-tolerant.
We also generalize our result to the setting of a purely classical client who
communicates classically with two non-communicating entangled servers, in order
to perform a blind quantum computation. By incorporating the authentication
protocol, we show that any problem in BQP has an entangled two-prover
interactive proof with a purely classical verifier.
Our protocol is the first universal scheme which detects a cheating server,
as well as the first protocol which does not require any quantum computation
whatsoever on the client's side. The novelty of our approach is in using the
unique features of measurement-based quantum computing which allows us to
clearly distinguish between the quantum and classical aspects of a quantum
computation.Comment: 20 pages, 7 figures. This version contains detailed proofs of
authentication and fault tolerance. It also contains protocols for quantum
inputs and outputs and appendices not available in the published versio
- …