36,907 research outputs found
Perfect zero knowledge for quantum multiprover interactive proofs
In this work we consider the interplay between multiprover interactive
proofs, quantum entanglement, and zero knowledge proofs - notions that are
central pillars of complexity theory, quantum information and cryptography. In
particular, we study the relationship between the complexity class MIP, the
set of languages decidable by multiprover interactive proofs with quantumly
entangled provers, and the class PZKMIP, which is the set of languages
decidable by MIP protocols that furthermore possess the perfect zero
knowledge property.
Our main result is that the two classes are equal, i.e., MIP
PZKMIP. This result provides a quantum analogue of the celebrated result of
Ben-Or, Goldwasser, Kilian, and Wigderson (STOC 1988) who show that MIP
PZKMIP (in other words, all classical multiprover interactive protocols can be
made zero knowledge). We prove our result by showing that every MIP
protocol can be efficiently transformed into an equivalent zero knowledge
MIP protocol in a manner that preserves the completeness-soundness gap.
Combining our transformation with previous results by Slofstra (Forum of
Mathematics, Pi 2019) and Fitzsimons, Ji, Vidick and Yuen (STOC 2019), we
obtain the corollary that all co-recursively enumerable languages (which
include undecidable problems as well as all decidable problems) have zero
knowledge MIP protocols with vanishing promise gap
Classical proofs of quantum knowledge
We define the notion of a proof of knowledge in the setting where the verifier is classical, but the prover is quantum, and where the witness that the prover holds is in general a quantum state. We establish simple properties of our definition, including that nondestructive classical proofs of quantum knowledge are impossible for nontrivial states, and that, under certain conditions on the parameters in our definition, a proof of knowledge protocol for a hard-to-clone state can be used as a (destructive) quantum money verification protocol. In addition, we provide two examples of protocols (both inspired by private-key classical verification protocols for quantum money schemes) which we can show to be proofs of quantum knowledge under our definition. In so doing, we introduce new techniques for the analysis of such protocols which build on results from the literature on nonlocal games. Finally, we show that, under our definition, the verification protocol introduced by Mahadev (FOCS 2018) is a classical argument of quantum knowledge for QMA relations
Classical proofs of quantum knowledge
We define the notion of a proof of knowledge in the setting where the verifier is classical, but the prover is quantum, and where the witness that the prover holds is in general a quantum state. We establish simple properties of our definition, including that nondestructive classical proofs of quantum knowledge are impossible for nontrivial states, and that, under certain conditions on the parameters in our definition, a proof of knowledge protocol for a hard-to-clone state can be used as a (destructive) quantum money verification protocol. In addition, we provide two examples of protocols (both inspired by private-key classical verification protocols for quantum money schemes) which we can show to be proofs of quantum knowledge under our definition. In so doing, we introduce new techniques for the analysis of such protocols which build on results from the literature on nonlocal games. Finally, we show that, under our definition, the verification protocol introduced by Mahadev (FOCS 2018) is a classical argument of quantum knowledge for QMA relations
Quantum entropic security and approximate quantum encryption
We present full generalisations of entropic security and entropic
indistinguishability to the quantum world where no assumption but a limit on
the knowledge of the adversary is made. This limit is quantified using the
quantum conditional min-entropy as introduced by Renato Renner. A proof of the
equivalence between the two security definitions is presented. We also provide
proofs of security for two different cyphers in this model and a proof for a
lower bound on the key length required by any such cypher. These cyphers
generalise existing schemes for approximate quantum encryption to the entropic
security model.Comment: Corrected mistakes in the proofs of Theorems 3 and 6; results
unchanged. To appear in IEEE Transactions on Information Theory
Quantum Proofs
Quantum information and computation provide a fascinating twist on the notion
of proofs in computational complexity theory. For instance, one may consider a
quantum computational analogue of the complexity class \class{NP}, known as
QMA, in which a quantum state plays the role of a proof (also called a
certificate or witness), and is checked by a polynomial-time quantum
computation. For some problems, the fact that a quantum proof state could be a
superposition over exponentially many classical states appears to offer
computational advantages over classical proof strings. In the interactive proof
system setting, one may consider a verifier and one or more provers that
exchange and process quantum information rather than classical information
during an interaction for a given input string, giving rise to quantum
complexity classes such as QIP, QSZK, and QMIP* that represent natural quantum
analogues of IP, SZK, and MIP. While quantum interactive proof systems inherit
some properties from their classical counterparts, they also possess distinct
and uniquely quantum features that lead to an interesting landscape of
complexity classes based on variants of this model.
In this survey we provide an overview of many of the known results concerning
quantum proofs, computational models based on this concept, and properties of
the complexity classes they define. In particular, we discuss non-interactive
proofs and the complexity class QMA, single-prover quantum interactive proof
systems and the complexity class QIP, statistical zero-knowledge quantum
interactive proof systems and the complexity class \class{QSZK}, and
multiprover interactive proof systems and the complexity classes QMIP, QMIP*,
and MIP*.Comment: Survey published by NOW publisher
Quantum Proofs of Knowledge
We motivate, define and construct quantum proofs of knowledge, that
is, proofs of knowledge secure against quantum adversaries. Our
constructions are based on a new quantum rewinding technique that
allows us to extract witnesses in many classical proofs of
knowledge. We give criteria under which a classical proof of knowledge
is a quantum proof of knowledge. Combining our results with Watrous\u27
results on quantum zero-knowledge, we show that there are
zero-knowledge quantum proofs of knowledge for all languages in NP
(assuming quantum 1-1 one-way functions)
- …