35 research outputs found
A Constructive Quantum Lov\'asz Local Lemma for Commuting Projectors
The Quantum Satisfiability problem generalizes the Boolean satisfiability
problem to the quantum setting by replacing classical clauses with local
projectors. The Quantum Lov\'asz Local Lemma gives a sufficient condition for a
Quantum Satisfiability problem to be satisfiable [AKS12], by generalizing the
classical Lov\'asz Local Lemma.
The next natural question that arises is: can a satisfying quantum state be
efficiently found, when these conditions hold? In this work we present such an
algorithm, with the additional requirement that all the projectors commute. The
proof follows the information theoretic proof given by Moser's breakthrough
result in the classical setting [Mos09].
Similar results were independently published in [CS11,CSV13]
On preparing ground states of gapped Hamiltonians: An efficient Quantum Lov\'asz Local Lemma
A frustration-free local Hamiltonian has the property that its ground state
minimises the energy of all local terms simultaneously. In general, even
deciding whether a Hamiltonian is frustration-free is a hard task, as it is
closely related to the QMA1-complete quantum satisfiability problem (QSAT) --
the quantum analogue of SAT, which is the archetypal NP-complete problem in
classical computer science. This connection shows that the frustration-free
property is not only relevant to physics but also to computer science. The
Quantum Lov\'asz Local Lemma (QLLL) provides a sufficient condition for
frustration-freeness. A natural question is whether there is an efficient way
to prepare a frustration-free state under the conditions of the QLLL. Previous
results showed that the answer is positive if all local terms commute. In this
work we improve on the previous constructive results by designing an algorithm
that works efficiently for non-commuting terms as well, assuming that the
system is "uniformly" gapped, by which we mean that the system and all its
subsystems have an inverse polynomial energy gap. Also, our analysis works
under the most general condition for the QLLL, known as Shearer's bound.
Similarly to the previous results, our algorithm has the charming feature that
it uses only local measurement operations corresponding to the local
Hamiltonian terms.Comment: 39 page
Quantum Tokens for Digital Signatures
The fisherman caught a quantum fish. "Fisherman, please let me go", begged
the fish, "and I will grant you three wishes". The fisherman agreed. The fish
gave the fisherman a quantum computer, three quantum signing tokens and his
classical public key. The fish explained: "to sign your three wishes, use the
tokenized signature scheme on this quantum computer, then show your valid
signature to the king, who owes me a favor".
The fisherman used one of the signing tokens to sign the document "give me a
castle!" and rushed to the palace. The king executed the classical verification
algorithm using the fish's public key, and since it was valid, the king
complied.
The fisherman's wife wanted to sign ten wishes using their two remaining
signing tokens. The fisherman did not want to cheat, and secretly sailed to
meet the fish. "Fish, my wife wants to sign ten more wishes". But the fish was
not worried: "I have learned quantum cryptography following the previous story
(The Fisherman and His Wife by the brothers Grimm). The quantum tokens are
consumed during the signing. Your polynomial wife cannot even sign four wishes
using the three signing tokens I gave you".
"How does it work?" wondered the fisherman. "Have you heard of quantum money?
These are quantum states which can be easily verified but are hard to copy.
This tokenized quantum signature scheme extends Aaronson and Christiano's
quantum money scheme, which is why the signing tokens cannot be copied".
"Does your scheme have additional fancy properties?" the fisherman asked.
"Yes, the scheme has other security guarantees: revocability, testability and
everlasting security. Furthermore, if you're at sea and your quantum phone has
only classical reception, you can use this scheme to transfer the value of the
quantum money to shore", said the fish, and swam away.Comment: Added illustration of the abstract to the ancillary file
Quantum Prudent Contracts with Applications to Bitcoin
Smart contracts are cryptographic protocols that are enforced without a
judiciary. Smart contracts are used occasionally in Bitcoin and are prevalent
in Ethereum. Public quantum money improves upon cash we use today, yet the
current constructions do not enable smart contracts. In this work, we define
and introduce quantum payment schemes, and show how to implement prudent
contracts -- a non-trivial subset of the functionality that a network such as
Ethereum provides. Examples discussed include: multi-signature wallets in which
funds can be spent by any 2-out-of-3 owners; restricted accounts that can send
funds only to designated destinations; and "colored coins" that can represent
stocks that can be freely traded, and their owner would receive dividends. Our
approach is not as universal as the one used in Ethereum since we do not reach
a consensus regarding the state of a ledger. We call our proposal prudent
contracts to reflect this.
The main building block is either quantum tokens for digital signatures
(Ben-David and Sattath QCrypt'17, Coladangelo et al. Crypto'21), semi-quantum
tokens for digital signatures (Shmueli'22) or one-shot signatures (Amos et al.
STOC'20). The solution has all the benefits of public quantum money: no mining
is necessary, and the security model is standard (e.g., it is not susceptible
to 51\% attacks, as in Bitcoin).
Our one-shot signature construction can be used to upgrade the Bitcoin
network to a quantum payment scheme. Notable advantages of this approach are:
transactions are locally verifiable and without latency, the throughput is
unbounded, and most importantly, it would remove the need for Bitcoin mining.
Our approach requires a universal large-scale quantum computer and long-term
quantum memory; hence we do not expect it to be implementable in the next few
years.Comment: Minor change
Redesigning Bitcoin's fee market
The security of the Bitcoin system is based on having a large amount of
computational power in the hands of honest miners. Such miners are incentivized
to join the system and validate transactions by the payments issued by the
protocol to anyone who creates blocks. As new bitcoins creation rate decreases
(halving every 4 years), the revenue derived from transaction fees start to
have an increasingly important role. We argue that Bitcoin's current fee market
does not extract revenue well when blocks are not congested. This effect has
implications for the scalability debate: revenue from transaction fees may
decrease if block size is increased.
The current mechanism is a "pay your bid" auction in which included
transactions pay the amount they suggested. We propose two alternative auction
mechanisms: The Monopolistic Price Mechanism, and the Random Sampling Optimal
Price Mechanism (due to Goldberg et al.). In the monopolistic price mechanism,
the miner chooses the number of accepted transactions in the block, and all
transactions pay exactly the smallest bid included in the block. The mechanism
thus sets the block size dynamically (up to a bound required for fast block
propagation and other security concerns). We show, using analysis and
simulations, that this mechanism extracts revenue better from users, and that
it is nearly incentive compatible: the profit due to strategic bidding relative
to honest biding decreases as the number of bidders grows. Users can then
simply set their bids truthfully to exactly the amount they are willing to pay
to transact, and do not need to utilize fee estimate mechanisms, do not resort
to bid shading and do not need to adjust transaction fees (via replace-by-fee
mechanisms) if the mempool grows.
We discuss these and other properties of our mechanisms, and explore various
desired properties of fee market mechanisms for crypto-currencies
The Complexity of the Separable Hamiltonian Problem
In this paper, we study variants of the canonical Local-Hamiltonian problem
where, in addition, the witness is promised to be separable. We define two
variants of the Local-Hamiltonian problem. The input for the
Separable-Local-Hamiltonian problem is the same as the Local-Hamiltonian
problem, i.e. a local Hamiltonian and two energies a and b, but the question is
somewhat different: the answer is YES if there is a separable quantum state
with energy at most a, and the answer is NO if all separable quantum states
have energy at least b. The Separable-Sparse-Hamiltonian problem is defined
similarly, but the Hamiltonian is not necessarily local, but rather sparse. We
show that the Separable-Sparse-Hamiltonian problem is QMA(2)-Complete, while
Separable-Local-Hamiltonian is in QMA. This should be compared to the
Local-Hamiltonian problem, and the Sparse-Hamiltonian problem which are both
QMA-Complete. To the best of our knowledge, Separable-SPARSE-Hamiltonian is the
first non-trivial problem shown to be QMA(2)-Complete
Semi-Quantum Money
Quantum money allows a bank to mint quantum money states that can later be
verified and cannot be forged. Usually, this requires a quantum communication
infrastructure to transfer quantum states between the user and the bank. This
work combines the notion of classical verification -- introduced by Gavinsky
(CCC 2012) -- with the notion of user-generated money -- introduced here -- to
introduce Semi-Quantum Money, the first quantum money scheme to require only
classical communication with the (entirely classical) bank. This work features
constructions for both a public memory-dependent semi-quantum money scheme,
based on the works of Zhandry and Coladangelo, and for a private memoryless
semi-quantum money scheme, based on the notion of Noisy Trapdoor Claw Free
Functions (NTCF) introduced by Brakerski et al. (FOCS 2018).
In terms of technique, our main contribution is a strong parallel repetition
theorem for NTCF.Comment: 58 pages LaTeX; minor change