23 research outputs found
QMA-hardness of Consistency of Local Density Matrices with Applications to Quantum Zero-Knowledge
We provide several advances to the understanding of the class of Quantum
Merlin-Arthur proof systems (QMA), the quantum analogue of NP. Our central
contribution is proving a longstanding conjecture that the Consistency of Local
Density Matrices (CLDM) problem is QMA-hard under Karp reductions. The input of
CLDM consists of local reduced density matrices on sets of at most k qubits,
and the problem asks if there is an n-qubit global quantum state that is
consistent with all of the k-qubit local density matrices. The containment of
this problem in QMA and the QMA-hardness under Turing reductions were proved by
Liu [APPROX-RANDOM 2006]. Liu also conjectured that CLDM is QMA-hard under Karp
reductions, which is desirable for applications, and we finally prove this
conjecture. We establish this result using the techniques of simulatable codes
of Grilo, Slofstra, and Yuen [FOCS 2019], simplifying their proofs and
tailoring them to the context of QMA.
In order to develop applications of CLDM, we propose a framework that we call
locally simulatable proofs for QMA: this provides QMA proofs that can be
efficiently verified by probing only k qubits and, furthermore, the reduced
density matrix of any k-qubit subsystem of an accepting witness can be computed
in polynomial time, independently of the witness. Within this framework, we
show advances in quantum zero-knowledge. We show the first commit-and-open
computational zero-knowledge proof system for all of QMA, as a quantum analogue
of a "sigma" protocol. We then define a Proof of Quantum Knowledge, which
guarantees that a prover is effectively in possession of a quantum witness in
an interactive proof, and show that our zero-knowledge proof system satisfies
this definition. Finally, we show that our proof system can be used to
establish that QMA has a quantum non-interactive zero-knowledge proof system in
the secret parameter setting.Comment: Title changed to highlight the QMA-hardness proof of CLDM.
Improvement on the presentation of the paper (including self-contained proofs
of results needed from Grilo, Slofstra, and Yuen'19). The extended abstract
of this paper appears in the proceedings of FOCS'202
Classically Verifiable NIZK for QMA with Preprocessing
We propose three constructions of classically verifiable non-interactive zero-knowledge proofs and arguments (CV-NIZK) for QMA in various preprocessing models.
1. We construct a CV-NIZK for QMA in the quantum secret parameter model where a trusted setup sends a quantum proving key to the prover and a classical verification key to the verifier. It is information theoretically sound and zero-knowledge.
2. Assuming the quantum hardness of the learning with errors problem, we construct a CV-NIZK for QMA in a model where a trusted party generates a CRS and the verifier sends an instance-independent quantum message to the prover as preprocessing. This model is the same as one considered in the recent work by Coladangelo, Vidick, and Zhang (CRYPTO \u2720). Our construction has the so-called dual-mode property, which means that there are two computationally indistinguishable modes of generating CRS, and we have information theoretical soundness in one mode and information theoretical zero-knowledge property in the other. This answers an open problem left by Coladangelo et al, which is to achieve either of soundness or zero-knowledge information theoretically. To the best of our knowledge, ours is the first dual-mode NIZK for QMA in any kind of model.
3. We construct a CV-NIZK for QMA with quantum preprocessing in the quantum random oracle model. This quantum preprocessing is the one where the verifier sends a random Pauli-basis states to the prover. Our construction uses the Fiat-Shamir transformation. The quantum preprocessing can be replaced with the setup that distributes Bell pairs among the prover and the verifier, and therefore we solve the open problem by Broadbent and Grilo (FOCS \u2720) about the possibility of NIZK for QMA in the shared Bell pair model via the Fiat-Shamir transformation
Indistinguishability Obfuscation of Null Quantum Circuits and Applications
We study the notion of indistinguishability obfuscation for null quantum circuits (quantum null-iO). We present a construction assuming:
- The quantum hardness of learning with errors (LWE).
- Post-quantum indistinguishability obfuscation for classical circuits.
- A notion of "dual-mode" classical verification of quantum computation (CVQC). We give evidence that our notion of dual-mode CVQC exists by proposing a scheme that is secure assuming LWE in the quantum random oracle model (QROM).
Then we show how quantum null-iO enables a series of new cryptographic primitives that, prior to our work, were unknown to exist even making heuristic assumptions. Among others, we obtain the first witness encryption scheme for QMA, the first publicly verifiable non-interactive zero-knowledge (NIZK) scheme for QMA, and the first attribute-based encryption (ABE) scheme for BQP
Post-quantum Zero Knowledge in Constant Rounds
We construct a constant-round zero-knowledge classical argument for NP secure
against quantum attacks. We assume the existence of Quantum Fully-Homomorphic
Encryption and other standard primitives, known based on the Learning with
Errors Assumption for quantum algorithms. As a corollary, we also obtain a
constant-round zero-knowledge quantum argument for QMA.
At the heart of our protocol is a new no-cloning non-black-box simulation
technique
Commitments to Quantum States
What does it mean to commit to a quantum state? In this work, we propose a
simple answer: a commitment to quantum messages is binding if, after the commit
phase, the committed state is hidden from the sender's view. We accompany this
new definition with several instantiations. We build the first non-interactive
succinct quantum state commitments, which can be seen as an analogue of
collision-resistant hashing for quantum messages. We also show that hiding
quantum state commitments (QSCs) are implied by any commitment scheme for
classical messages. All of our constructions can be based on
quantum-cryptographic assumptions that are implied by but are potentially
weaker than one-way functions.
Commitments to quantum states open the door to many new cryptographic
possibilities. Our flagship application of a succinct QSC is a
quantum-communication version of Kilian's succinct arguments for any language
that has quantum PCPs with constant error and polylogarithmic locality.
Plugging in the PCP theorem, this yields succinct arguments for NP under
significantly weaker assumptions than required classically; moreover, if the
quantum PCP conjecture holds, this extends to QMA. At the heart of our security
proof is a new rewinding technique for extracting quantum information
Multi-theorem (Malicious) Designated-Verifier NIZK for QMA
We present the first non-interactive zero-knowledge argument system for QMA
with multi-theorem security. Our protocol setup constitutes an additional
improvement and is constructed in the malicious designated-verifier (MDV-NIZK)
model (Quach, Rothblum, and Wichs, EUROCRYPT 2019), where the setup consists of
a trusted part that includes only a common uniformly random string and an
untrusted part of classical public and secret verification keys, which even if
sampled maliciously by the verifier, the zero knowledge property still holds.
The security of our protocol is established under the Learning with Errors
Assumption. Our main technical contribution is showing a general transformation
that compiles any sigma protocol into a reusable MDV-NIZK protocol, using NIZK
for NP. Our technique is classical but works for quantum protocols and allows
the construction of a reusable MDV-NIZK for QMA
Classical proofs of quantum knowledge
We define the notion of a proof of knowledge in the setting where the verifier is classical, but the prover is quantum, and where the witness that the prover holds is in general a quantum state. We establish simple properties of our definition, including that nondestructive classical proofs of quantum knowledge are impossible for nontrivial states, and that, under certain conditions on the parameters in our definition, a proof of knowledge protocol for a hard-to-clone state can be used as a (destructive) quantum money verification protocol. In addition, we provide two examples of protocols (both inspired by private-key classical verification protocols for quantum money schemes) which we can show to be proofs of quantum knowledge under our definition. In so doing, we introduce new techniques for the analysis of such protocols which build on results from the literature on nonlocal games. Finally, we show that, under our definition, the verification protocol introduced by Mahadev (FOCS 2018) is a classical argument of quantum knowledge for QMA relations
Classical proofs of quantum knowledge
We define the notion of a proof of knowledge in the setting where the verifier is classical, but the prover is quantum, and where the witness that the prover holds is in general a quantum state. We establish simple properties of our definition, including that nondestructive classical proofs of quantum knowledge are impossible for nontrivial states, and that, under certain conditions on the parameters in our definition, a proof of knowledge protocol for a hard-to-clone state can be used as a (destructive) quantum money verification protocol. In addition, we provide two examples of protocols (both inspired by private-key classical verification protocols for quantum money schemes) which we can show to be proofs of quantum knowledge under our definition. In so doing, we introduce new techniques for the analysis of such protocols which build on results from the literature on nonlocal games. Finally, we show that, under our definition, the verification protocol introduced by Mahadev (FOCS 2018) is a classical argument of quantum knowledge for QMA relations