Abstract
We propose three constructions of classically verifiable non-interactive zero-knowledge proofs and arguments (CV-NIZK) for \(\textbf{QMA}\) in various preprocessing models.
-
1.
We construct a CV-NIZK for \(\textbf{QMA}\) in the quantum secret parameter model where a trusted setup sends a quantum proving key to the prover and a classical verification key to the verifier. It is information theoretically sound and zero-knowledge.
-
2.
Assuming the quantum hardness of the learning with errors problem, we construct a CV-NIZK for \(\textbf{QMA}\) in a model where a trusted party generates a CRS and the verifier sends an instance-independent quantum message to the prover as preprocessing. This model is the same as one considered in the recent work by Coladangelo, Vidick, and Zhang (CRYPTO ’20). Our construction has the so-called dual-mode property, which means that there are two computationally indistinguishable modes of generating CRS, and we have information theoretical soundness in one mode and information theoretical zero-knowledge property in the other. This answers an open problem left by Coladangelo et al., which is to achieve either of soundness or zero-knowledge information theoretically. To the best of our knowledge, ours is the first dual-mode NIZK for \(\textbf{QMA}\) in any kind of model.
-
3.
We construct a CV-NIZK for \(\textbf{QMA}\) with quantum preprocessing in the quantum random oracle model. This quantum preprocessing is the one where the verifier sends a random Pauli-basis states to the prover. Our construction uses the Fiat-Shamir transformation. The quantum preprocessing can be replaced with the setup that distributes Bell pairs among the prover and the verifier, and therefore we solve the open problem by Broadbent and Grilo (FOCS ’20) about the possibility of NIZK for \(\textbf{QMA}\) in the shared Bell pair model via the Fiat-Shamir transformation.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
The SP model is also often referred to as preprocessing model [DMP90].
- 2.
In the latest version, they give a candidate instantiation based on indistinguishability obfuscation and random oracles. However, the instantiation is heuristic since they obfuscate circuits that involve the random oracle, which cannot be done in the quantum random oracle model.
- 3.
There is a subtle issue that the probability depends on the number of qubits on which \(P_i\) non-trivially acts. We adjust this by an additional biased coin flipping.
- 4.
The indistinguishability-based receiver’s security is also often referred to as half-simulation security [CNs07].
- 5.
- 6.
Though our protocols are likely to remain secure even if they can be entangled, we assume that they are unentangled for simplicity. To the best of our knowledge, none of existing works on interactive or non-interactive zero-knowledge for \(\textbf{QMA}\) [BJSW20, CVZ20, BS20, BG20, Shm21, BCKM21] considered entanglement between a witness and distinguisher’s internal register.
- 7.
We remark that \(k_P\) is allowed to be entangled with \(\mathcal {D}\)’s internal registers unlike \(\texttt{w}^{\otimes k}\). See also footnote 6.
- 8.
Alternatively, it may be possible to directly construct 1-out-of-n dual-mode oblivious transfer by appropriately modifying the construction by Quach [Qua20].
- 9.
We remark that \(k_P\) is allowed to be entangled with \(\mathcal {D}\)’s internal registers unlike \(\texttt{w}^{\otimes k}\). See also footnote 6.
References
Alagic, G., Childs, A.M., Grilo, A.B., Hung, S.-H.: Non-interactive classical verification of quantum computation. In: TCC 2020, Part III, pp. 153–180 (2020)
Bartusek, J., Coladangelo, A., Khurana, D., Ma, F.: On the round complexity of secure quantum computation. In: CRYPTO 2021, Part I, pp. 406–435, Virtual Event (2021)
Brassard, G., Crépeau, C., Robert, J.-M.: Information theoretic reductions among disclosure problems. In: 27th FOCS, pp. 168–173 (1986)
Brassard, G., Crépeau, C., Robert, J.-M.: All-or-nothing disclosure of secrets. In: CRYPTO’86, pp. 234–238 (1987)
Brakerski, Z., Döttling, N.: Two-message statistically sender-private OT from LWE. In: TCC 2018, Part II, pp. 370–390 (2018)
Blum, M., Feldman, P., Micali, S.: Non-interactive zero-knowledge and its applications (extended abstract). In: 20th ACM STOC, pp. 103–112 (1988)
Broadbent, A., Grilo, A.B.: QMA-hardness of consistency of local density matrices with applications to quantum zero-knowledge. In: 61st FOCS, pp. 196–205 (2020)
Bellare, M., Hofheinz, D., Yilek, S.: Possibility and impossibility results for encryption and commitment secure under selective opening. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 1–35. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-01001-9_1
Broadbent, A., Ji, Z., Song, F., Watrous, J.: Zero-knowledge proof systems for QMA. SIAM J. Comput. 49(2), 245–283 (2020)
Bartusek, J., Malavolta, G.: Candidate obfuscation of null quantum circuits and witness encryption for QMA. IACR Cryptology ePrint Archive 2021, 421 (2021)
Bitansky, N., Shmueli, O.: Post-quantum zero knowledge in constant rounds. In: 52nd ACM STOC, pp. 269–279 (2020)
Canetti, R.: Universally Composable Security. J. ACM 67(5), 28:1–28:94 (2020)
Camenisch, J., Neven, G., Shelat, A.: Simulatable adaptive oblivious transfer. In: EUROCRYPT 2007, pp. 573–590 (2007)
Coladangelo, A., Vidick, T., Zhang, T.: Non-interactive zero-knowledge arguments for QMA, with preprocessing. In: CRYPTO 2020, Part III, pp. 799–828 (2020)
Don, J., Fehr, S., Majenz, C.: The measure-and-reprogram technique 2.0: multi-round Fiat-Shamir and more. In: CRYPTO 2020, Part III, pp. 602–631 (2020)
Don, J., Fehr, S., Majenz, C., Schaffner, C.: Security of the Fiat-Shamir transformation in the quantum random-oracle model. In: CRYPTO 2019, Part II, pp. 356–383 (2019)
De Santis, A., Micali, S., Persiano, G.: Non-interactive zero-knowledge with preprocessing. In: CRYPTO’88, pp. 269–282 (1990)
Fitzsimons, J.F., Hajdušek, M., Morimae, T.: Post hoc verification with a single prover. Phys. Rev. Lett. 120, 040501 (2018)
Feige, U., Lapidot, D., Shamir, A.: Multiple non interactive zero knowledge proofs under general assumptions. SIAM J. Comput. 29(1), 1–28 (1999)
Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: CRYPTO’86, pp. 186–194 (1987)
Grilo, A.B., Hövelmanns, K., Hülsing, A., Majenz, C.: Tight adaptive reprogramming in the QROM. arXiv:2010.15103 (2020)
Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM J. Comput. 18(1), 186–208 (1989)
Groth, J., Ostrovsky, R., Sahai, A.: New techniques for noninteractive zero-knowledge. J. ACM 59(3), 11:1–11:35 (2012)
Groth, J., Sahai, A.: Efficient noninteractive proof systems for bilinear groups. SIAM J. Comput. 41(5), 1193–1232 (2012)
Grilo, A.B., Slofstra, W., Yuen, H.: Perfect zero knowledge for quantum multiprover interactive proofs. In: 60th FOCS, pp. 611–635 (2019)
Ishai, Y., Kushilevitz, E., Lindell, Y., Petrank, E.: Black-box constructions for secure computation. In: 38th ACM STOC, pp. 99–108 (2006)
Kobayashi, H.: Non-interactive quantum perfect and statistical zero-knowledge. In: Algorithms and Computation, 14th International Symposium, ISAAC 2003, Kyoto, Japan, 15–17 December 2003, Proceedings, pp. 178–188 (2003)
Lindell, A.Y.: Efficient fully-simulatable oblivious transfer. In: CT-RSA 2008, pp. 52–70 (2008)
Liu, Q., Zhandry, M.: Revisiting post-quantum Fiat-Shamir. In: CRYPTO 2019, Part II, pp. 326–355 (2019)
Mahadev, U.: Classical homomorphic encryption for quantum circuits. In: 59th FOCS, pp. 332–338 (2018)
Morimae, T., Nagaj, D., Schuch, N.: Quantum proofs can be verified using only single-qubit measurements. Phys. Rev. A 93, 022326 (2018)
Naor, M., Pinkas, B.: Efficient oblivious transfer protocols. In: Proceedings of the Twelfth Annual Symposium on Discrete Algorithms, 7–9 January 2001, Washington, DC, USA, pp. 448–457 (2001)
Pass, R., Shelat, A.: Unconditional characterizations of non-interactive zero-knowledge. In: CRYPTO 2005, pp. 118–134 (2005)
Peikert, C., Shiehian, S.: Noninteractive zero knowledge for NP from (plain) learning with errors. In: CRYPTO 2019, Part I, pp. 89–114 (2019)
Peikert, C., Vaikuntanathan, V., Waters, B.: A framework for efficient and composable oblivious transfer. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 554–571. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85174-5_31
Quach, W.: UC-Secure OT from LWE. Revisited. In SCN 20, 192–211 (2020)
Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. J. ACM 56(6), 34:1–34:40 (2009)
Shmueli, O.: Multi-theorem designated-verifier NIZK for QMA. In: CRYPTO 2021 Part I, pp. 375–405, Virtual Event (2021)
Unruh, D.: Non-interactive zero-knowledge proofs in the quantum random oracle model. In: EUROCRYPT 2015, Part II, pp. 755–784 (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 International Association for Cryptologic Research
About this paper
Cite this paper
Morimae, T., Yamakawa, T. (2022). Classically Verifiable NIZK for QMA with Preprocessing. In: Agrawal, S., Lin, D. (eds) Advances in Cryptology – ASIACRYPT 2022. ASIACRYPT 2022. Lecture Notes in Computer Science, vol 13794. Springer, Cham. https://doi.org/10.1007/978-3-031-22972-5_21
Download citation
DOI: https://doi.org/10.1007/978-3-031-22972-5_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-22971-8
Online ISBN: 978-3-031-22972-5
eBook Packages: Computer ScienceComputer Science (R0)