Table of Contents
Fetching ...

Classical Verification of Quantum Computations in Linear Time

Jiayu Zhang

TL;DR

The paper addresses CVQC with a classical verifier by constructing a linear-time verification protocol in the quantum random oracle model (QROM) that relies on post-quantum noisy trapdoor claw-free functions (NTCF). The core strategy introduces a fast Remote State Preparation with Verifiability (RSPV) as an intermediate primitive, implemented via the switch gadget and RO-padded Hadamard tests, enabling parallel preparation of many gadget states and scalable verification. It then composes a full CVQC protocol by aggregating RSPV with collective and individual phase tests (CoPhTest, InPhTest, BUTest) to maintain provable verifiability up to a complex-conjugate ambiguity, and amplifies pre-RSPV into a full RSPV protocol in constant rounds. The work provides a detailed security architecture, leveraging random-oracle-based encryption tables, gadget decryption, and carefully crafted randomization operators to preserve state invariants, achieving a total runtime of $O( ext{poly}(\,\kappa\,)|C|)$ for circuit verification and linear-time RSPV in $L$ gadgets, with completeness $2/3$ and soundness $1/3$ against BQP adversaries. This advances practical CVQC by reducing dependence on circuit size and clarifying the cryptographic foundations for efficient, verifiable quantum outsourcing in the QROM. The methods offer a blueprint for fast, auditable quantum delegation using cryptographic primitives, potentially enabling scalable secure quantum cloud services.

Abstract

In the quantum computation verification problem, a quantum server wants to convince a client that the output of evaluating a quantum circuit $C$ is some result that it claims. This problem is considered very important both theoretically and practically in quantum computation [arXiv:1709.06984], [arXiv:1704.04487], [arXiv:1209.0449]. The client is considered to be limited in computational power, and one desirable property is that the client can be completely classical, which leads to the classical verification of quantum computation (CVQC) problem. In terms of the total time complexity, the fastest single-server CVQC protocol so far has complexity $O(poly(κ)|C|^3)$ where $|C|$ is the size of the circuit to be verified and $κ$ is the security parameter, given by Mahadev [arXiv:1804.01082]. In this work, by developing new techniques, we give a new CVQC protocol with complexity $O(poly(κ)|C|)$, which is significantly faster than existing protocols. Our protocol is secure in the quantum random oracle model [arXiv:1008.0931] assuming the existence of noisy trapdoor claw-free functions [arXiv:1804.00640], which are both extensively used assumptions in quantum cryptography. Along the way, we also give a new classical channel remote state preparation protocol for states in $\{|+_θ\rangle=\frac{1}{\sqrt{2}}(|0\rangle+e^{iθπ/4}|1\rangle):θ\in \{0,1\cdots 7\}\}$, another basic primitive in quantum cryptography. Our protocol allows for parallel verifiable preparation of $L$ independently random states in this form (up to a constant overall error and a possibly unbounded server-side simulator), and runs in only $O(poly(κ)L)$ time and constant rounds; for comparison, existing works (even for possibly simpler state families) all require very large or unestimated time and round complexities [arXiv:1904.06320][arXiv:1904.06303][arXiv:2201.13445][arXiv:2201.13430].

Classical Verification of Quantum Computations in Linear Time

TL;DR

The paper addresses CVQC with a classical verifier by constructing a linear-time verification protocol in the quantum random oracle model (QROM) that relies on post-quantum noisy trapdoor claw-free functions (NTCF). The core strategy introduces a fast Remote State Preparation with Verifiability (RSPV) as an intermediate primitive, implemented via the switch gadget and RO-padded Hadamard tests, enabling parallel preparation of many gadget states and scalable verification. It then composes a full CVQC protocol by aggregating RSPV with collective and individual phase tests (CoPhTest, InPhTest, BUTest) to maintain provable verifiability up to a complex-conjugate ambiguity, and amplifies pre-RSPV into a full RSPV protocol in constant rounds. The work provides a detailed security architecture, leveraging random-oracle-based encryption tables, gadget decryption, and carefully crafted randomization operators to preserve state invariants, achieving a total runtime of for circuit verification and linear-time RSPV in gadgets, with completeness and soundness against BQP adversaries. This advances practical CVQC by reducing dependence on circuit size and clarifying the cryptographic foundations for efficient, verifiable quantum outsourcing in the QROM. The methods offer a blueprint for fast, auditable quantum delegation using cryptographic primitives, potentially enabling scalable secure quantum cloud services.

Abstract

In the quantum computation verification problem, a quantum server wants to convince a client that the output of evaluating a quantum circuit is some result that it claims. This problem is considered very important both theoretically and practically in quantum computation [arXiv:1709.06984], [arXiv:1704.04487], [arXiv:1209.0449]. The client is considered to be limited in computational power, and one desirable property is that the client can be completely classical, which leads to the classical verification of quantum computation (CVQC) problem. In terms of the total time complexity, the fastest single-server CVQC protocol so far has complexity where is the size of the circuit to be verified and is the security parameter, given by Mahadev [arXiv:1804.01082]. In this work, by developing new techniques, we give a new CVQC protocol with complexity , which is significantly faster than existing protocols. Our protocol is secure in the quantum random oracle model [arXiv:1008.0931] assuming the existence of noisy trapdoor claw-free functions [arXiv:1804.00640], which are both extensively used assumptions in quantum cryptography. Along the way, we also give a new classical channel remote state preparation protocol for states in , another basic primitive in quantum cryptography. Our protocol allows for parallel verifiable preparation of independently random states in this form (up to a constant overall error and a possibly unbounded server-side simulator), and runs in only time and constant rounds; for comparison, existing works (even for possibly simpler state families) all require very large or unestimated time and round complexities [arXiv:1904.06320][arXiv:1904.06303][arXiv:2201.13445][arXiv:2201.13430].
Paper Structure (153 sections, 46 theorems, 472 equations, 3 figures)

This paper contains 153 sections, 46 theorems, 472 equations, 3 figures.

Key Result

Theorem 1.1

Assuming the existence of post-quantum noisy trapdoor claw-free functions, there exists a single server CVQC protocol in QROM such that:

Figures (3)

  • Figure 1: Simplified gadget creation and testing outline in previous worksGVRSPqfactory
  • Figure 2: Simplified gadget creation and testing outline in our protocol, for a single gadget
  • Figure 3: Simplified gadget creation and testing outline in our protocol, for multiple gadgets

Theorems & Definitions (136)

  • Definition 1.1: Quantum computation verification, review of ABEM
  • Definition 1.2: Informal
  • Theorem 1.1
  • Theorem 1.2: Informal
  • Claim 2.1: Successful Hadamard test destroys keys
  • Definition 2.1: Basis-honest form
  • Claim 2.2
  • Theorem 2.3: Properties of ${\mathsf{InPhTest}}$, informal
  • Theorem 2.4: Properties of ${\mathsf{CoPhTest}}$, informal
  • Definition 2.2: Pre-Phase-honest form
  • ...and 126 more