Abstract
We present a designated-verifier non-interactive zero-knowledge argument system for QMA with multi-theorem security under the Learning with Errors Assumption. All previous such protocols for QMA are only single-theorem secure. We also relax the setup assumption required in previous works. We prove security in the malicious designated-verifier (MDV-NIZK) model (Quach, Rothblum, and Wichs, EUROCRYPT 2019), where the setup consists of a mutually trusted random string and an untrusted verifier public key.
Our main technical contribution is a general compiler that given a NIZK for NP and a quantum sigma protocol for QMA generates an MDV-NIZK protocol for QMA.
O. Shmueli—Supported by ISF grants 18/484 and 19/2137, by Len Blavatnik and the Blavatnik Family Foundation, and by the European Union Horizon 2020 Research and Innovation Program via ERC Project REACT (Grant 756482).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
In particular, we do not assume that the message \(\alpha \) is classical.
- 2.
That is, the prover commits to all of the cells in the adjacency matrix that represents the graph \(\varphi (G)\).
- 3.
We take the Hamiltonicity protocol only as a concrete easy example and in fact any other sigma protocol can take the role of this protocol in our context of attacking the soundness.
- 4.
in that protocol it is also needed that the verifier itself makes the Clifford operation and measurement, which makes the protocol more challenging to use for a NIZK protocol.
- 5.
For a problem \(\mathcal {L}= (\mathcal {L}_{yes}, \mathcal {L}_{no})\) in QMA, for an instance \(x \in \mathcal {L}_{yes}\), the set \(\mathcal {R}_{\mathcal {L}}(x)\) is the (possibly infinite) set of quantum witnesses that make the BQP verification machine accept with some overwhelming probability \(1 - \mathrm {negl}(\lambda )\).
- 6.
We assume that our gap problem \(\mathcal {L}\in \text{ QMA }\) has exponential-time algorithms that solve it, that is, for \(x \in \mathcal {L}\) we can decide whether \(x \in \mathcal {L}_{yes}\) or \(x \in \mathcal {L}_{no}\) in \(2^{O(|x|)}\) time. It is also enough for our proof to assume that \(\mathcal {L}\) is solvable in general exponential time i.e. \(O(2^{|x|^c})\) time for some constant \(c \in \mathbb {N}\).
- 7.
the output bits of the hybrids are in fact statistically indistinguishable, because any two distributions over a bit are statistically indistinguishable if they are computationally indistinguishable, but we won’t care about this in our analysis.
- 8.
As noted before, the proof is not sensitive to the fact that the time complexity is \(2^{O(|x|)}\) and not \(O(2^{|x|^c})\) time for some constant \(c \in \mathbb {N}\).
- 9.
It would have been enough to show that the protocol is single-theorem adaptive computational zero-knowledge, and then by the single-to-multi-theorem compiler for NIZKs of [FLS99] get a MDV-NICZK argument with adaptive multi-theorem security, but for the sake of completeness, because our construction can be shown to be multi-theorem zero-knowledge without the FLS compilation and because it does not change the main ideas in the proof, we prove the multi-theorem case directly.
References
Alagic, G., Childs, A.M., Grilo, A.B., Hung, S.H.: Non-interactive classical verification of quantum computation. arXiv, pages arXiv-1911 2019)
Bartusek, J., Coladangelo, A., Khurana, D., Ma, F.: On the round complexity of two-party quantum computation. arXiv preprint arXiv:2011.11212 (2020)
Brakerski, Z., Döttling, N.: Two-message statistically sender-private OT from LWE. In: Beimel, A., Dziembowski, S. (eds.) TCC 2018. LNCS, vol. 11240, pp. 370–390. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03810-6_14
Blum, M., Feldman, P., Micali, S.: Non-interactive zero-knowledge and its applications. In: Providing Sound Foundations for Cryptography: On the Work of Shafi Goldwasser and Silvio Micali, pP. 329–349 (2019)
Broadbent, A., Grilo, A.B.: Zero-knowledge for qma from locally simulatable proofs. arXiv preprint arXiv:1911.07782 (2019)
Broadbent, A., Ji, Z., Song, F., Watrous, J.: Zero-knowledge proof systems for qma. In: 2016 IEEE 57th Annual Symposium on Foundations of Computer Science (FOCS), pp. 31–40. IEEE (2016)
Brakerski, Z., Koppula, V., Mour, T.: Nizk from lpn and trapdoor hash via correlation intractability for approximable relations. IACR Cryptol. ePrint Arch. 2020, 258 (2020)
Blum, M.: How to prove a theorem so no one else can claim it. In: Proceedings of the International Congress of Mathematicians, vol. 1, p. 2. Citeseer (1986)
Bitansky, N., Paneth, O.: ZAPs and non-interactive witness indistinguishability from indistinguishability obfuscation. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9015, pp. 401–427. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46497-7_16
Canetti, R., et al.: Fiat-shamir: from practice to theory. In: Proceedings of the 51st Annual ACM SIGACT Symposium on Theory of Computing, pp. 1082–1090 (2019)
Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited. J. ACM (JACM) 51(4), 557–594 (2004)
Coladangelo, A., Vidick, A., Zhang, T.: Non-interactive zero-knowledge arguments for qma, with preprocessing. arXiv preprint arXiv:1911.07546 (2019)
Feige, U., Lapidot, D., Shamir, A.: Multiple noninteractive zero knowledge proofs under general assumptions. SIAM J. Comput. 29(1), 1–28 (1999)
Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM J. Comput. 18(1), 186–208 (1989)
Kim, S., Wu, D.J.: Multi-theorem preprocessing nizks from lattices. J. Cryptol., pp. 1–84 (2019)
Liu, Y.-K.: Consistency of local density matrices is QMA-complete. In: Díaz, J., Jansen, K., Rolim, J.D.P., Zwick, U. (eds.) APPROX/RANDOM -2006. LNCS, vol. 4110, pp. 438–449. Springer, Heidelberg (2006). https://doi.org/10.1007/11830924_40
Lombardi, A., Quach, W., Rothblum, R.D., Wichs, D., Wu, D.J.: New constructions of reusable designated-verifier NIZKs. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11694, pp. 670–700. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26954-8_22
Morimae, T.: Information-theoretically-sound non-interactive classical verification of quantum computing with trusted center. arXiv preprint arXiv:2003.10712 (2020)
Morimae, T., Yamakawa, T.: Classically verifiable (dual-mode) nizk for qma with preprocessing. arXiv preprint arXiv:2102.09149, 2021
Ostrovsky, R., Paskin-Cherniavsky, A., Paskin-Cherniavsky, B.: Maliciously circuit-private FHE. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 536–553. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44371-2_30
Peikert, C., Shiehian, S.: Noninteractive zero knowledge for NP from (plain) learning with errors. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11692, pp. 89–114. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26948-7_4
Pass, R., Vaikuntanathan, V., et al.: Construction of a non-malleable encryption scheme from any semantically secure one. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 271–289. Springer, Heidelberg (2006). https://doi.org/10.1007/11818175_16
Quach, W., Rothblum, R.D., Wichs, D.: Reusable designated-verifier NIZKs for all NP from CDH. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11477, pp. 593–621. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17656-3_21
Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. J. ACM 56(6), 34:1–34:40 (2009)
Acknowledgments
We thank Nir Bitansky and Zvika Brakerski for helpful discussions during the preparation of this work.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 International Association for Cryptologic Research
About this paper
Cite this paper
Shmueli, O. (2021). Multi-theorem Designated-Verifier NIZK for QMA. In: Malkin, T., Peikert, C. (eds) Advances in Cryptology – CRYPTO 2021. CRYPTO 2021. Lecture Notes in Computer Science(), vol 12825. Springer, Cham. https://doi.org/10.1007/978-3-030-84242-0_14
Download citation
DOI: https://doi.org/10.1007/978-3-030-84242-0_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-84241-3
Online ISBN: 978-3-030-84242-0
eBook Packages: Computer ScienceComputer Science (R0)