Skip to main content
SpringerLink
Log in
Book cover

Theory of Cryptography Conference

TCC 2021: Theory of Cryptography pp 121–148Cite as

The Round Complexity of Quantum Zero-Knowledge

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 13042))

Abstract

We study the round complexity of zero-knowledge for QMA (the quantum analogue of NP). Assuming the quantum quasi-polynomial hardness of the learning with errors (LWE) problem, we obtain the following results:

  • 2-Round statistical witness indistinguishable (WI) arguments for QMA.

  • 4-Round statistical zero-knowledge arguments for QMA in the plain model, additionally assuming the existence of quantum fully homomorphic encryption. This is the first protocol for constant-round statistical zero-knowledge arguments for QMA.

  • 2-Round computational (statistical, resp.) zero-knowledge for QMA in the timing model, additionally assuming the existence of post-quantum non-parallelizing functions (time-lock puzzles, resp.).

All of these protocols match the best round complexity known for the corresponding protocols for NP with post-quantum security. Along the way, we introduce and construct the notions of sometimes-extractable oblivious transfer and sometimes-simulatable zero-knowledge, which might be of independent interest.

O. Chardouvelis—Work done while the author was an intern at the Max Planck Institute for Security and Privacy.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    There is evidence [CCLY21] that non-blackbox simulation is necessary for constant-round ZK against quantum adversaries.

  2. 2.

    The astute reader may wonder why the WI guarantee is enough here. To prove receiver privacy we will add a trapdoor statement where the witness can be computed in exponential time. Since the argument is anyway statistical, this does not add any additional assumption.

  3. 3.

    Although [BG20] also claimed a statistical zero-knowledge variant, the analysis had a gap. See Sect. 2.4 for a more comprehensive discussion.

References

  1. Alagic, G., Childs, A.M., Grilo, A.B., Hung, S.-H.: Non-interactive classical verification of quantum computation. In: Pass, R., Pietrzak, K. (eds.) TCC 2020. LNCS, vol. 12552, pp. 153–180. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64381-2_6

    Chapter  Google Scholar 

  2. Ananth, P., Chung, K.-M., La Placa, R.L.: On the concurrent composition of quantum zero-knowledge. Cryptology ePrint Archive, Report 2020/1528 (2020). https://eprint.iacr.org/2020/1528

  3. Ananth, P., La Placa, R.L.: Secure quantum extraction protocols. In: Pass, R., Pietrzak, K. (eds.) TCC 2020. LNCS, vol. 12552, pp. 123–152. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64381-2_5

    Chapter  Google Scholar 

  4. Ambainis, A., Mosca, M., Tapp, A., Wolf, R.D.: Private quantum channels. In: Proceedings 41st Annual Symposium on Foundations of Computer Science, pp. 547–553. IEEE (2000)

    Google Scholar 

  5. Ambainis, A., Rosmanis, A., Unruh, D.: Quantum attacks on classical proof systems: The hardness of quantum rewinding. In: 55th FOCS, pp. 474–483. IEEE Computer Society Press (October 2014)

    Google Scholar 

  6. Brakerski, Z., Döttling, N.: Two-message statistically sender-private OT from LWE. In: Beimel, A., Dziembowski, S. (eds.) TCC 2018. LNCS, vol. 11240, pp. 370–390. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03810-6_14

    Chapter  Google Scholar 

  7. Brakerski, Z., Döttling, N., Garg, S., Malavolta, G.: Leveraging linear decryption: rate-1 fully-homomorphic encryption and time-lock puzzles. In: Hofheinz, D., Rosen, A. (eds.) TCC 2019. LNCS, vol. 11892, pp. 407–437. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-36033-7_16

    Chapter  Google Scholar 

  8. Badrinarayanan, S., Fernando, R., Jain, A., Khurana, D., Sahai, A.: Statistical ZAP arguments. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12107, pp. 642–667. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45727-3_22

    Chapter  Google Scholar 

  9. Broadbent, A., Grilo, AB.: QMA-hardness of consistency of local density matrices with applications to quantum zero-knowledge. In: 61st FOCS, pp. 196–205. IEEE Computer Society Press (November 2020)

    Google Scholar 

  10. Broadbent, A., Ji, Z., Song, F., Watrous, J.: Zero-knowledge proof systems for QMA. In: Dinur, I. (ed.), 57th FOCS, pap. 31–40. IEEE Computer Society Press (October 2016)

    Google Scholar 

  11. Bitansky, N., Tauman Kalai, Y., Paneth, O.: Multi-collision resistance: a paradigm for keyless hash functions. In: Diakonikolas, I., Kempe, D., Henzinger, M., (eds.), 50th ACM STOC, pp. 671–684. ACM Press (June 2018)

    Google Scholar 

  12. Bitansky, N., Khurana, D., Paneth, O.: Weak zero-knowledge beyond the black-box barrier. In: Charikar, M., Cohen, E. (eds.), 51st ACM STOC, pp. 1091–1102. ACM Press (June 2019)

    Google Scholar 

  13. Bartusek, J., Malavolta, G.: Candidate obfuscation of null quantum circuits and witness encryption for qma. Cryptology ePrint Archive, Report 2021/421 (2021). https://eprint.iacr.org/2021/421

  14. Bitansky, N., Paneth, O.: On round optimal statistical zero knowledge arguments. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11694, pp. 128–156. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26954-8_5

    Chapter  Google Scholar 

  15. Bitansky, N., Shmueli, O.: Post-quantum zero knowledge in constant rounds. In: Makarychev, K., Makarychev, Y., Tulsiani, M., Kamath, G., Chuzhoy, J. (eds.), 52nd ACM STOC, pp. 269–279. ACM Press (June 2020)

    Google Scholar 

  16. Brakerski, Z., Vaikuntanathan, V.: Efficient fully homomorphic encryption from (standard) LWE. In: Ostrovsky, R. (ed.), 52nd FOCS, pp. 97–106. IEEE Computer Society Press (October 2011)

    Google Scholar 

  17. Brakerski, Z., Vaikuntanathan, V.: Lattice-based FHE as secure as PKE. In: Naor, M. (ed.), ITCS 2014, pp. 1–12. ACM (January 2014)

    Google Scholar 

  18. Chia, N.H., Chung, K.M., Liu, Q., Yamakawa, T.: On the impossibility of post-quantum black-box zero-knowledge in constant rounds. Cryptology ePrint Archive, Report 2021/376 (2021). https://eprint.iacr.org/2021/376

  19. Chia, N.-H., Chung, K.-M., Yamakawa, T.: Classical verification of quantum computations with efficient verifier. In: Pass, R., Pietrzak, K. (eds.) TCC 2020. LNCS, vol. 12552, pp. 181–206. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64381-2_7

    Chapter  Google Scholar 

  20. Chardouvelis, O., Döttling, N., Malavolta, G.: Rate-1 secure function evaluation for bqp. Cryptology ePrint Archive, Report 2020/1454 (2020). https://eprint.iacr.org/2020/1454

  21. Chiesa, A., Forbes, M., Gur, T., Spooner, N.: Spatial isolation implies zero knowledge even in a quantum world. In: Thorup, M. (ed.), 59th FOCS, pp. 755–765. IEEE Computer Society Press (October 2018)

    Google Scholar 

  22. Chardouvelis, O., Malavolta, G.: The round complexity of quantum zero-knowledge. Cryptology ePrint Archive, Report 2021/918 (2021). https://ia.cr/2021/918

  23. Coladangelo, A., Vidick, T., Zhang, T.: Non-interactive zero-knowledge arguments for QMA, with preprocessing. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12172, pp. 799–828. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56877-1_28

    Chapter  Google Scholar 

  24. Döttling, N., Garg, S., Ishai, Y., Malavolta, G., Mour, T., Ostrovsky, R.: Trapdoor hash functions and their applications. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11694, pp. 3–32. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26954-8_1

    Chapter  Google Scholar 

  25. Dwork, C., Stockmeyer, L.J.: 2-round zero knowledge and proof auditors. In: 34th ACM STOC, pp. 322–331. ACM Press (May 2002)

    Google Scholar 

  26. Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Mitzenmacher, M. (ed.), 41st ACM STOC, pp. 169–178. ACM Press (May/June 2009)

    Google Scholar 

  27. Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. J. ACM 33(4), 792–807 (1986)

    Article  MathSciNet  Google Scholar 

  28. Goyal, V., Jain, A., Jin, Z., Malavolta, G.: Statistical zaps and new oblivious transfer protocols. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12107, pp. 668–699. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45727-3_23

    Chapter  Google Scholar 

  29. Goldreich, O., Kahan, A.: How to construct constant-round zero-knowledge proof systems for NP. J. Cryptology 9(3), 167–190 (1996)

    Article  MathSciNet  Google Scholar 

  30. Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM J. Comput. 18(1), 186–208 (1989)

    Article  MathSciNet  Google Scholar 

  31. Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity and a methodology of cryptographic protocol design (extended abstract). In: 27th FOCS, pp. 174–187. IEEE Computer Society Press (October 1986)

    Google Scholar 

  32. Goldreich, O., Oren, Y.: Definitions and properties of zero-knowledge proof systems. J. Cryptology 7(1), 1–32 (1994)

    Article  MathSciNet  Google Scholar 

  33. Grilo, A.B., Slofstra, W., Yuen, H.: Perfect zero knowledge for quantum multiprover interactive proofs. In: Zuckerman, D. (ed.), 60th FOCS, pp. 611–635. IEEE Computer Society Press (November 2019)

    Google Scholar 

  34. Hallgren, S., Smith, A., Song, F.: Classical cryptographic protocols in a quantum world. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 411–428. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22792-9_23

    Chapter  MATH  Google Scholar 

  35. Hohenberger, S., Waters, B.: Synchronized aggregate signatures from the RSA assumption. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 197–229. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78375-8_7

    Chapter  Google Scholar 

  36. Jain, A., Kalai, Y.T., Khurana, D., Rothblum, R.: Distinguisher-dependent simulation in two rounds and its applications. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10402, pp. 158–189. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63715-0_6

    Chapter  MATH  Google Scholar 

  37. Kalai, Y.T., Khurana, D., Sahai, A.: Statistical witness indistinguishability (and more) in two messages. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10822, pp. 34–65. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78372-7_2

    Chapter  MATH  Google Scholar 

  38. Khurana, D., Sahai, A.: How to achieve non-malleability in one or two rounds. In: Umans, C., (ed.), 58th FOCS, pp. 564–575. IEEE Computer Society Press (October 2017)

    Google Scholar 

  39. Lunemann, C., Nielsen, J.B.: Fully simulatable quantum-secure coin-flipping and applications. In: Nitaj, A., Pointcheval, D. (eds.) AFRICACRYPT 2011. LNCS, vol. 6737, pp. 21–40. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21969-6_2

    Chapter  Google Scholar 

  40. Lombardi, A., Schaeffer, L.: A note on key agreement and non-interactive commitments. Cryptology ePrint Archive, Report 2019/279 (2019). https://eprint.iacr.org/2019/279

  41. Lombardi, A., Vaikuntanathan, V., Wichs, D.: Statistical ZAPR arguments from bilinear maps. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12107, pp. 620–641. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45727-3_21

    Chapter  Google Scholar 

  42. Ostrovsky, R., Paskin-Cherniavsky, A., Paskin-Cherniavsky, B.: Maliciously circuit-private FHE. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 536–553. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44371-2_30

    Chapter  Google Scholar 

  43. Pass, R.: On deniability in the common reference string and random oracle model. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 316–337. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45146-4_19

    Chapter  MATH  Google Scholar 

  44. Peikert, C., Regev, O., Stephens-Davidowitz, N.: Pseudorandomness of ring-LWE for any ring and modulus. In: Hatami, H., McKenzie, P., King, V. (eds.), 49th ACM STOC, pp. 461–473. ACM Press (June 2017)

    Google Scholar 

  45. Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Gabow, H.N., Fagin, R. (eds.), 37th ACM STOC, pp. 84–93. ACM Press (May 2005)

    Google Scholar 

  46. Shmueli, O.: Multi-theorem (malicious) designated-verifier NIZK for QMA. Cryptology ePrint Archive, Report 2020/928 (2020). https://eprint.iacr.org/2020/928

  47. Unruh, D.: Quantum proofs of knowledge. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 135–152. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29011-4_10

    Chapter  Google Scholar 

  48. Watrous, J.: Zero-knowledge against quantum attacks. SIAM J. Comput. 39(1), 25–58 (2009)

    Article  MathSciNet  Google Scholar 

Download references

Acknowledgements

G.M. wishes to thank James Bartusek and Dakshita Khurana for many insightful discussions and helpful comments at an early stage of this work. The authors are also thankful to Alex Lombardi, Fermi Ma, and the anonymous reviewers of TCC 2021 for pointing out a bug in the analysis of the statistically zero-knowledge sigma protocol in [BG20] and for their many insightful comments. The fix (Sect. 4.2) is included here with their permission.

Author information

Authors and Affiliations

  1. National Technical University of Athens, Athens, Greece

    Orestis Chardouvelis

  2. Max Planck Institute for Security and Privacy, Bochum, Germany

    Giulio Malavolta

Authors
  1. Orestis Chardouvelis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Giulio Malavolta
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Georgetown University, Washington, WA, USA

    Kobbi Nissim

  2. The University of Texas at Austin, Austin, TX, USA

    Brent Waters

Rights and permissions

Reprints and permissions

Copyright information

© 2021 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Chardouvelis, O., Malavolta, G. (2021). The Round Complexity of Quantum Zero-Knowledge. In: Nissim, K., Waters, B. (eds) Theory of Cryptography. TCC 2021. Lecture Notes in Computer Science(), vol 13042. Springer, Cham. https://doi.org/10.1007/978-3-030-90459-3_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-90459-3_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-90458-6

  • Online ISBN: 978-3-030-90459-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation