5 research outputs found
On the Concurrent Composition of Quantum Zero-Knowledge
We study the notion of zero-knowledge secure against quantum polynomial-time
verifiers (referred to as quantum zero-knowledge) in the concurrent composition
setting. Despite being extensively studied in the classical setting, concurrent
composition in the quantum setting has hardly been studied. We initiate a
formal study of concurrent quantum zero-knowledge. Our results are as follows:
-Bounded Concurrent QZK for NP and QMA: Assuming post-quantum one-way
functions, there exists a quantum zero-knowledge proof system for NP in the
bounded concurrent setting. In this setting, we fix a priori the number of
verifiers that can simultaneously interact with the prover. Under the same
assumption, we also show that there exists a quantum zero-knowledge proof
system for QMA in the bounded concurrency setting.
-Quantum Proofs of Knowledge: Assuming quantum hardness of learning with
errors (QLWE), there exists a bounded concurrent zero-knowledge proof system
for NP satisfying quantum proof of knowledge property. Our extraction mechanism
simultaneously allows for extraction probability to be negligibly close to
acceptance probability (extractability) and also ensures that the prover's
state after extraction is statistically close to the prover's state after
interacting with the verifier (simulatability). The seminal work of [Unruh
EUROCRYPT'12], and all its followups, satisfied a weaker version of
extractability property and moreover, did not achieve simulatability. Our
result yields a proof of quantum knowledge system for QMA with better
parameters than prior works
How many qubits are needed for quantum computational supremacy?
Quantum computational supremacy arguments, which describe a way for a quantum
computer to perform a task that cannot also be done by a classical computer,
typically require some sort of computational assumption related to the
limitations of classical computation. One common assumption is that the
polynomial hierarchy (PH) does not collapse, a stronger version of the
statement that P NP, which leads to the conclusion that any classical
simulation of certain families of quantum circuits requires time scaling worse
than any polynomial in the size of the circuits. However, the asymptotic nature
of this conclusion prevents us from calculating exactly how many qubits these
quantum circuits must have for their classical simulation to be intractable on
modern classical supercomputers. We refine these quantum computational
supremacy arguments and perform such a calculation by imposing fine-grained
versions of the non-collapse assumption. Each version is parameterized by a
constant and asserts that certain specific computational problems with
input size require time steps to be solved by a non-deterministic
algorithm. Then, we choose a specific value of for each version that we
argue makes the assumption plausible, and based on these conjectures we
conclude that Instantaneous Quantum Polynomial-Time (IQP) circuits with 208
qubits, Quantum Approximate Optimization Algorithm (QAOA) circuits with 420
qubits and boson sampling circuits (i.e. linear optical networks) with 98
photons are large enough for the task of producing samples from their output
distributions up to constant multiplicative error to be intractable on current
technology. In the first two cases, we extend this to constant additive error
by introducing an average-case fine-grained conjecture.Comment: 24 pages + 3 appendices, 8 figures. v2: number of qubits calculation
updated and conjectures clarified after becoming aware of Ref. [42]. v3:
Section IV and Appendix C added to incorporate additive-error simulation
Efficient classical simulation of random shallow 2D quantum circuits
Random quantum circuits are commonly viewed as hard to simulate classically. In some regimes this has been formally conjectured, and there had been no evidence against the more general possibility that for circuits with uniformly random gates, approximate simulation of typical instances is almost as hard as exact simulation. We prove that this is not the case by exhibiting a shallow circuit family with uniformly random gates that cannot be efficiently classically simulated near-exactly under standard hardness assumptions, but can be simulated approximately for all but a superpolynomially small fraction of circuit instances in time linear in the number of qubits and gates. We furthermore conjecture that sufficiently shallow random circuits are efficiently simulable more generally. To this end, we propose and analyze two simulation algorithms. Implementing one of our algorithms numerically, we give strong evidence that it is efficient both asymptotically and, in some cases, in practice. To argue analytically for efficiency, we reduce the simulation of 2D shallow random circuits to the simulation of a form of 1D dynamics consisting of alternating rounds of random local unitaries and weak measurements -- a type of process that has generally been observed to undergo a phase transition from an efficient-to-simulate regime to an inefficient-to-simulate regime as measurement strength is varied. Using a mapping from quantum circuits to statistical mechanical models, we give evidence that a similar computational phase transition occurs for our algorithms as parameters of the circuit architecture like the local Hilbert space dimension and circuit depth are varied
A systematic study of the sensitivity of triangular flow to the initial state fluctuations in relativistic heavy-ion collisions
Experimental data from the Relativistic Heavy Ion Collider (RHIC) suggests
that the quark gluon plasma behaves almost like an ideal fluid. Due to its
short lifetime, many QGP properties can only be inferred indirectly through a
comparison of the final state measurements with transport model calculations.
Among the current phenomena of interest are the interdependencies between two
collective flow phenomena, elliptic and triangular flow. The former is mostly
related to the initial geometry and collective expansion of the system whereas
the latter is sensitive to the fluctuations of the initial state. For our
investigation we use a hybrid transport model based on the Ultra-relativistic
Quantum Molecular Dynamics (UrQMD) transport approach using an ideal
hydrodynamic expansion for the hot and dense stage. Using UrQMD initial
conditions for an Au-Au collision, particles resulting from a collision are
mapped into an energy density distribution that is evolved event-by-event with
a hydrodynamic calculation. By averaging these distributions over different
numbers of events, we have studied how the granularity/smoothness of the
distribution affects the initial eccentricity, the initial triangularity, and
the resulting flow components. The average elliptic flow in non central
collisions is not sensitive to the granularity, while triangular flow is. The
triangularity might thus provide a good measure of the amount of initial state
fluctuations that is necessary to reproduce the experimental data.Comment: 10 pages, 7 figure
Cryptographic Simulation Techniques with Applications to Quantum Zero-Knowledge and Copy-Protection
Bob is stuck doing a crossword puzzle and is starting to think that the puzzle is impossible to complete. Alice assures Bob that the puzzle can be solved, but she wants to prove it without revealing a single entry of the puzzle. Their cryptographer friend, Eve, tells them that Alice can prove it by using a zero-knowledge (ZK) protocol. These protocols are a cornerstone of modern cryptography, yet most of the work has been limited to the classical setting. Since Bob has a quantum computer, Alice needs to be careful choosing the right protocol to make sure it is a quantum zero-knowledge (QZK) protocol, guaranteeing that quantum Bob cannot learn anything about the puzzle except that it has a solution.
Proving the security of ZK protocols comes with additional hurdles when adversaries are quantum capable, in part because the main tool used in the classical setting, rewinding, has additional limitations in the quantum case. While one version of quantum rewinding introduced by Watrous has been successfully used to construct QZK protocols, most of the classical ZK results have been challenging to port to the quantum setting. Ideally, we want quantum secure protocols with the same desirable properties that have been achieved in the classical literature, like concurrent security or low-round complexity. In this thesis, we introduce new quantum simulation techniques and apply them to construct the following QZK protocols assuming the quantum hardness of learning with errors (QLWE).
• (1)-round black-box QZK classical argument system for NP: We use techniques developed in the context of ‘tests of quantumness’ to obtain an extraction mechanism that can be leveraged to construct a QZK simulator.
• Public coin bounded concurrent black-box QZK proof system for NP and QMA: We introduce the technique of block rewinding and use it to obtain a concurrent QZK simulator.
• Simulatable and extractable quantum proofs of knowledge for NP: We construct QPoK with desirable properties needed for composability. The technique combines Watrous’ rewinding with a recently studied cryptographic tool, statistical receiver-private oblivious transfer. This is the first construction of QPoK with the desired composability features.
We also introduce a new non-black-box knowledge extraction technique using quantum fully homomorphic encryption (QFHE) and lockable obfuscation. One of our main results is that we can adapt this non-black-box technique to the setting of quantum copy-protection to prove that it is impossible to quantum copy-protect arbitrary unlearnable functions. This resolves a long-standing open problem in the negative, assuming QLWE and the existence of QFHE.
Our impossibility result states that we can’t construct quantum copy-protection for arbitrary functions. However, we can hope to do it for restricted families of functions like point functions or compute-and-compare functionalities. While this remains an interesting and challenging open question, we show that provable secure constructions in a standard model (without oracles) are possible if we consider weaker security guarantees from those of quantum copy-protection. For this purpose, we introduce the notion of Secure Software Leasing (SSL), and construct an SSL scheme for a general class of evasive circuits.Ph.D