Skip to main content
SpringerLink
Log in

Multi-theorem Designated-Verifier NIZK for QMA

  • Conference paper
  • First Online:
Advances in Cryptology – CRYPTO 2021 (CRYPTO 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12825))

Included in the following conference series:

Abstract

We present a designated-verifier non-interactive zero-knowledge argument system for QMA with multi-theorem security under the Learning with Errors Assumption. All previous such protocols for QMA are only single-theorem secure. We also relax the setup assumption required in previous works. We prove security in the malicious designated-verifier (MDV-NIZK) model (Quach, Rothblum, and Wichs, EUROCRYPT 2019), where the setup consists of a mutually trusted random string and an untrusted verifier public key.

Our main technical contribution is a general compiler that given a NIZK for NP and a quantum sigma protocol for QMA generates an MDV-NIZK protocol for QMA.

O. Shmueli—Supported by ISF grants 18/484 and 19/2137, by Len Blavatnik and the Blavatnik Family Foundation, and by the European Union Horizon 2020 Research and Innovation Program via ERC Project REACT (Grant 756482).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    In particular, we do not assume that the message \(\alpha \) is classical.

  2. 2.

    That is, the prover commits to all of the cells in the adjacency matrix that represents the graph \(\varphi (G)\).

  3. 3.

    We take the Hamiltonicity protocol only as a concrete easy example and in fact any other sigma protocol can take the role of this protocol in our context of attacking the soundness.

  4. 4.

    in that protocol it is also needed that the verifier itself makes the Clifford operation and measurement, which makes the protocol more challenging to use for a NIZK protocol.

  5. 5.

    For a problem \(\mathcal {L}= (\mathcal {L}_{yes}, \mathcal {L}_{no})\) in QMA, for an instance \(x \in \mathcal {L}_{yes}\), the set \(\mathcal {R}_{\mathcal {L}}(x)\) is the (possibly infinite) set of quantum witnesses that make the BQP verification machine accept with some overwhelming probability \(1 - \mathrm {negl}(\lambda )\).

  6. 6.

    We assume that our gap problem \(\mathcal {L}\in \text{ QMA }\) has exponential-time algorithms that solve it, that is, for \(x \in \mathcal {L}\) we can decide whether \(x \in \mathcal {L}_{yes}\) or \(x \in \mathcal {L}_{no}\) in \(2^{O(|x|)}\) time. It is also enough for our proof to assume that \(\mathcal {L}\) is solvable in general exponential time i.e. \(O(2^{|x|^c})\) time for some constant \(c \in \mathbb {N}\).

  7. 7.

    the output bits of the hybrids are in fact statistically indistinguishable, because any two distributions over a bit are statistically indistinguishable if they are computationally indistinguishable, but we won’t care about this in our analysis.

  8. 8.

    As noted before, the proof is not sensitive to the fact that the time complexity is \(2^{O(|x|)}\) and not \(O(2^{|x|^c})\) time for some constant \(c \in \mathbb {N}\).

  9. 9.

    It would have been enough to show that the protocol is single-theorem adaptive computational zero-knowledge, and then by the single-to-multi-theorem compiler for NIZKs of [FLS99] get a MDV-NICZK argument with adaptive multi-theorem security, but for the sake of completeness, because our construction can be shown to be multi-theorem zero-knowledge without the FLS compilation and because it does not change the main ideas in the proof, we prove the multi-theorem case directly.

References

  1. Alagic, G., Childs, A.M., Grilo, A.B., Hung, S.H.: Non-interactive classical verification of quantum computation. arXiv, pages arXiv-1911 2019)

    Google Scholar 

  2. Bartusek, J., Coladangelo, A., Khurana, D., Ma, F.: On the round complexity of two-party quantum computation. arXiv preprint arXiv:2011.11212 (2020)

  3. Brakerski, Z., Döttling, N.: Two-message statistically sender-private OT from LWE. In: Beimel, A., Dziembowski, S. (eds.) TCC 2018. LNCS, vol. 11240, pp. 370–390. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03810-6_14

    Chapter  Google Scholar 

  4. Blum, M., Feldman, P., Micali, S.: Non-interactive zero-knowledge and its applications. In: Providing Sound Foundations for Cryptography: On the Work of Shafi Goldwasser and Silvio Micali, pP. 329–349 (2019)

    Google Scholar 

  5. Broadbent, A., Grilo, A.B.: Zero-knowledge for qma from locally simulatable proofs. arXiv preprint arXiv:1911.07782 (2019)

  6. Broadbent, A., Ji, Z., Song, F., Watrous, J.: Zero-knowledge proof systems for qma. In: 2016 IEEE 57th Annual Symposium on Foundations of Computer Science (FOCS), pp. 31–40. IEEE (2016)

    Google Scholar 

  7. Brakerski, Z., Koppula, V., Mour, T.: Nizk from lpn and trapdoor hash via correlation intractability for approximable relations. IACR Cryptol. ePrint Arch. 2020, 258 (2020)

    Google Scholar 

  8. Blum, M.: How to prove a theorem so no one else can claim it. In: Proceedings of the International Congress of Mathematicians, vol. 1, p. 2. Citeseer (1986)

    Google Scholar 

  9. Bitansky, N., Paneth, O.: ZAPs and non-interactive witness indistinguishability from indistinguishability obfuscation. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9015, pp. 401–427. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46497-7_16

    Chapter  MATH  Google Scholar 

  10. Canetti, R., et al.: Fiat-shamir: from practice to theory. In: Proceedings of the 51st Annual ACM SIGACT Symposium on Theory of Computing, pp. 1082–1090 (2019)

    Google Scholar 

  11. Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited. J. ACM (JACM) 51(4), 557–594 (2004)

    Google Scholar 

  12. Coladangelo, A., Vidick, A., Zhang, T.: Non-interactive zero-knowledge arguments for qma, with preprocessing. arXiv preprint arXiv:1911.07546 (2019)

  13. Feige, U., Lapidot, D., Shamir, A.: Multiple noninteractive zero knowledge proofs under general assumptions. SIAM J. Comput. 29(1), 1–28 (1999)

    Google Scholar 

  14. Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM J. Comput. 18(1), 186–208 (1989)

    Article  MathSciNet  Google Scholar 

  15. Kim, S., Wu, D.J.: Multi-theorem preprocessing nizks from lattices. J. Cryptol., pp. 1–84 (2019)

    Google Scholar 

  16. Liu, Y.-K.: Consistency of local density matrices is QMA-complete. In: Díaz, J., Jansen, K., Rolim, J.D.P., Zwick, U. (eds.) APPROX/RANDOM -2006. LNCS, vol. 4110, pp. 438–449. Springer, Heidelberg (2006). https://doi.org/10.1007/11830924_40

    Chapter  Google Scholar 

  17. Lombardi, A., Quach, W., Rothblum, R.D., Wichs, D., Wu, D.J.: New constructions of reusable designated-verifier NIZKs. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11694, pp. 670–700. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26954-8_22

    Chapter  Google Scholar 

  18. Morimae, T.: Information-theoretically-sound non-interactive classical verification of quantum computing with trusted center. arXiv preprint arXiv:2003.10712 (2020)

  19. Morimae, T., Yamakawa, T.: Classically verifiable (dual-mode) nizk for qma with preprocessing. arXiv preprint arXiv:2102.09149, 2021

  20. Ostrovsky, R., Paskin-Cherniavsky, A., Paskin-Cherniavsky, B.: Maliciously circuit-private FHE. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 536–553. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44371-2_30

    Chapter  Google Scholar 

  21. Peikert, C., Shiehian, S.: Noninteractive zero knowledge for NP from (plain) learning with errors. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11692, pp. 89–114. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26948-7_4

    Chapter  Google Scholar 

  22. Pass, R., Vaikuntanathan, V., et al.: Construction of a non-malleable encryption scheme from any semantically secure one. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 271–289. Springer, Heidelberg (2006). https://doi.org/10.1007/11818175_16

    Chapter  Google Scholar 

  23. Quach, W., Rothblum, R.D., Wichs, D.: Reusable designated-verifier NIZKs for all NP from CDH. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11477, pp. 593–621. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17656-3_21

    Chapter  Google Scholar 

  24. Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. J. ACM 56(6), 34:1–34:40 (2009)

    Google Scholar 

Download references

Acknowledgments

We thank Nir Bitansky and Zvika Brakerski for helpful discussions during the preparation of this work.

Author information

Authors and Affiliations

  1. Tel Aviv University, Tel Aviv, Israel

    Omri Shmueli

Authors
  1. Omri Shmueli
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Omri Shmueli .

Editor information

Editors and Affiliations

  1. Columbia University, New York City, NY, USA

    Tal Malkin

  2. University of Michigan, Ann Arbor, MI, USA

    Chris Peikert

Rights and permissions

Reprints and permissions

Copyright information

© 2021 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Shmueli, O. (2021). Multi-theorem Designated-Verifier NIZK for QMA. In: Malkin, T., Peikert, C. (eds) Advances in Cryptology – CRYPTO 2021. CRYPTO 2021. Lecture Notes in Computer Science(), vol 12825. Springer, Cham. https://doi.org/10.1007/978-3-030-84242-0_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-84242-0_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-84241-3

  • Online ISBN: 978-3-030-84242-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation