900 research outputs found
Zero-Knowledge Proof Systems for QMA
© 2016 IEEE. Prior work has established that all problems in NP admit classical zero-knowledge proof systems, and under reasonable hardness assumptions for quantum computations, these proof systems can be made secure against quantum attacks. We prove a result representing a further quantum generalization of this fact, which is that every problem in the complexity class QMA has a quantum zero-knowledge proof system. More specifically, assuming the existence of an unconditionally binding and quantum computationally concealing commitment scheme, we prove that every problem in the complexity class QMA has a quantum interactive proof system that is zero-knowledge with respect to efficient quantum computations. Our QMA proof system is sound against arbitrary quantum provers, but only requires an honest prover to perform polynomial-time quantum computations, provided that it holds a quantum witness for a given instance of the QMA problem under consideration
QMA-hardness of Consistency of Local Density Matrices with Applications to Quantum Zero-Knowledge
We provide several advances to the understanding of the class of Quantum
Merlin-Arthur proof systems (QMA), the quantum analogue of NP. Our central
contribution is proving a longstanding conjecture that the Consistency of Local
Density Matrices (CLDM) problem is QMA-hard under Karp reductions. The input of
CLDM consists of local reduced density matrices on sets of at most k qubits,
and the problem asks if there is an n-qubit global quantum state that is
consistent with all of the k-qubit local density matrices. The containment of
this problem in QMA and the QMA-hardness under Turing reductions were proved by
Liu [APPROX-RANDOM 2006]. Liu also conjectured that CLDM is QMA-hard under Karp
reductions, which is desirable for applications, and we finally prove this
conjecture. We establish this result using the techniques of simulatable codes
of Grilo, Slofstra, and Yuen [FOCS 2019], simplifying their proofs and
tailoring them to the context of QMA.
In order to develop applications of CLDM, we propose a framework that we call
locally simulatable proofs for QMA: this provides QMA proofs that can be
efficiently verified by probing only k qubits and, furthermore, the reduced
density matrix of any k-qubit subsystem of an accepting witness can be computed
in polynomial time, independently of the witness. Within this framework, we
show advances in quantum zero-knowledge. We show the first commit-and-open
computational zero-knowledge proof system for all of QMA, as a quantum analogue
of a "sigma" protocol. We then define a Proof of Quantum Knowledge, which
guarantees that a prover is effectively in possession of a quantum witness in
an interactive proof, and show that our zero-knowledge proof system satisfies
this definition. Finally, we show that our proof system can be used to
establish that QMA has a quantum non-interactive zero-knowledge proof system in
the secret parameter setting.Comment: Title changed to highlight the QMA-hardness proof of CLDM.
Improvement on the presentation of the paper (including self-contained proofs
of results needed from Grilo, Slofstra, and Yuen'19). The extended abstract
of this paper appears in the proceedings of FOCS'202
Quantum Proofs
Quantum information and computation provide a fascinating twist on the notion
of proofs in computational complexity theory. For instance, one may consider a
quantum computational analogue of the complexity class \class{NP}, known as
QMA, in which a quantum state plays the role of a proof (also called a
certificate or witness), and is checked by a polynomial-time quantum
computation. For some problems, the fact that a quantum proof state could be a
superposition over exponentially many classical states appears to offer
computational advantages over classical proof strings. In the interactive proof
system setting, one may consider a verifier and one or more provers that
exchange and process quantum information rather than classical information
during an interaction for a given input string, giving rise to quantum
complexity classes such as QIP, QSZK, and QMIP* that represent natural quantum
analogues of IP, SZK, and MIP. While quantum interactive proof systems inherit
some properties from their classical counterparts, they also possess distinct
and uniquely quantum features that lead to an interesting landscape of
complexity classes based on variants of this model.
In this survey we provide an overview of many of the known results concerning
quantum proofs, computational models based on this concept, and properties of
the complexity classes they define. In particular, we discuss non-interactive
proofs and the complexity class QMA, single-prover quantum interactive proof
systems and the complexity class QIP, statistical zero-knowledge quantum
interactive proof systems and the complexity class \class{QSZK}, and
multiprover interactive proof systems and the complexity classes QMIP, QMIP*,
and MIP*.Comment: Survey published by NOW publisher
Non-interactive zero-knowledge arguments for QMA, with preprocessing
A non-interactive zero-knowledge (NIZK) proof system for a language L∈NP allows a prover (who is provided with an instance x∈L, and a witness w for x) to compute a classical certificate π for the claim that x∈L such that π has the following properties: 1) π can be verified efficiently, and 2) π does not reveal any information about w, besides the fact that it exists (i.e. that x∈L). NIZK proof systems have recently been shown to exist for all languages in NP in the common reference string (CRS) model and under the learning with errors (LWE) assumption.
We initiate the study of NIZK arguments for languages in QMA. Our first main result is the following: if LWE is hard for quantum computers, then any language in QMA has an NIZK argument with preprocessing. The preprocessing in our argument system consists of (i) the generation of a CRS and (ii) a single (instance-independent) quantum message from verifier to prover. The instance-dependent phase of our argument system involves only a single classical message from prover to verifier. Importantly, verification in our protocol is entirely classical, and the verifier needs not have quantum memory; its only quantum actions are in the preprocessing phase.
Our second contribution is to extend the notion of a classical proof of knowledge to the quantum setting. We introduce the notions of arguments and proofs of quantum knowledge (AoQK/PoQK), and we show that our non-interactive argument system satisfies the definition of an AoQK. In particular, we explicitly construct an extractor which can recover a quantum witness from any prover who is successful in our protocol. We also show that any language in QMA has an (interactive) proof of quantum knowledge
Quantum interactive proofs and the complexity of separability testing
We identify a formal connection between physical problems related to the
detection of separable (unentangled) quantum states and complexity classes in
theoretical computer science. In particular, we show that to nearly every
quantum interactive proof complexity class (including BQP, QMA, QMA(2), and
QSZK), there corresponds a natural separability testing problem that is
complete for that class. Of particular interest is the fact that the problem of
determining whether an isometry can be made to produce a separable state is
either QMA-complete or QMA(2)-complete, depending upon whether the distance
between quantum states is measured by the one-way LOCC norm or the trace norm.
We obtain strong hardness results by proving that for each n-qubit maximally
entangled state there exists a fixed one-way LOCC measurement that
distinguishes it from any separable state with error probability that decays
exponentially in n.Comment: v2: 43 pages, 5 figures, completely rewritten and in Theory of
Computing (ToC) journal forma
Generalized Quantum Arthur-Merlin Games
This paper investigates the role of interaction and coins in public-coin
quantum interactive proof systems (also called quantum Arthur-Merlin games).
While prior works focused on classical public coins even in the quantum
setting, the present work introduces a generalized version of quantum
Arthur-Merlin games where the public coins can be quantum as well: the verifier
can send not only random bits, but also halves of EPR pairs. First, it is
proved that the class of two-turn quantum Arthur-Merlin games with quantum
public coins, denoted qq-QAM in this paper, does not change by adding a
constant number of turns of classical interactions prior to the communications
of the qq-QAM proof systems. This can be viewed as a quantum analogue of the
celebrated collapse theorem for AM due to Babai. To prove this collapse
theorem, this paper provides a natural complete problem for qq-QAM: deciding
whether the output of a given quantum circuit is close to a totally mixed
state. This complete problem is on the very line of the previous studies
investigating the hardness of checking the properties related to quantum
circuits, and is of independent interest. It is further proved that the class
qq-QAM_1 of two-turn quantum-public-coin quantum Arthur-Merlin proof systems
with perfect completeness gives new bounds for standard well-studied classes of
two-turn interactive proof systems. Finally, the collapse theorem above is
extended to comprehensively classify the role of interaction and public coins
in quantum Arthur-Merlin games: it is proved that, for any constant m>1, the
class of problems having an m-turn quantum Arthur-Merlin proof system is either
equal to PSPACE or equal to the class of problems having a two-turn quantum
Arthur-Merlin game of a specific type, which provides a complete set of quantum
analogues of Babai's collapse theorem.Comment: 31 pages + cover page, the proof of Lemma 27 (Lemma 24 in v1) is
corrected, and a new completeness result is adde
- …