Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

The Round Complexity of Proofs in the Bounded Quantum Storage Model

Alex B. Grilo, Philippe Lamontagne

TL;DR

The work analyzes how the round complexity of interactive proofs can be dramatically reduced in the bounded quantum storage model (BQSM). It introduces two compilers: NIP, which yields non-interactive witness-indistinguishable proofs for NP (and QMA) against BQS verifiers, and RR, which collapses poly-round protocols to a single round while preserving soundness and (statistical) zero-knowledge; from this, PSPACE collapses to QIP(2) under BQSM assumptions. The authors also provide tightness evidence, including negative results for plain-model NIZK in the BQSM and impossibility results without BQSM, and they develop a new weak non-interactive bit-commitment and Hamiltonian-cycle WI proofs. Collectively, these results establish that memory-bounded quantum adversaries enable strong round-reduction of interactive proofs, with potential applications to delegation of computation and efficient ZK in quantum settings, while clarifying the limitations in settings without BQSM.

Abstract

The round complexity of interactive proof systems is a key question of practical and theoretical relevance in complexity theory and cryptography. Moreover, results such as QIP = QIP(3) (STOC'00) show that quantum resources significantly help in such a task. In this work, we initiate the study of round compression of protocols in the bounded quantum storage model (BQSM). In this model, the malicious parties have a bounded quantum memory and they cannot store the all the qubits that are transmitted in the protocol. Our main results in this setting are the following: 1. There is a non-interactive (statistical) witness indistinguishable proof for any language in NP (and even QMA) in BQSM in the plain model. We notice that in this protocol, only the memory of the verifier is bounded. 2. Any classical proof system can be compressed in a two-message quantum proof system in BQSM. Moreover, if the original proof system is zero-knowledge, the quantum protocol is zero-knowledge too. In this result, we assume that the prover has bounded memory. Finally, we give evidence towards the "tightness" of our results. First, we show that NIZK in the plain model against BQS adversaries is unlikely with standard techniques. Second, we prove that without the BQS model there is no 2-message zero-knowledge quantum interactive proof, even under computational assumptions.

The Round Complexity of Proofs in the Bounded Quantum Storage Model

TL;DR

The work analyzes how the round complexity of interactive proofs can be dramatically reduced in the bounded quantum storage model (BQSM). It introduces two compilers: NIP, which yields non-interactive witness-indistinguishable proofs for NP (and QMA) against BQS verifiers, and RR, which collapses poly-round protocols to a single round while preserving soundness and (statistical) zero-knowledge; from this, PSPACE collapses to QIP(2) under BQSM assumptions. The authors also provide tightness evidence, including negative results for plain-model NIZK in the BQSM and impossibility results without BQSM, and they develop a new weak non-interactive bit-commitment and Hamiltonian-cycle WI proofs. Collectively, these results establish that memory-bounded quantum adversaries enable strong round-reduction of interactive proofs, with potential applications to delegation of computation and efficient ZK in quantum settings, while clarifying the limitations in settings without BQSM.

Abstract

The round complexity of interactive proof systems is a key question of practical and theoretical relevance in complexity theory and cryptography. Moreover, results such as QIP = QIP(3) (STOC'00) show that quantum resources significantly help in such a task. In this work, we initiate the study of round compression of protocols in the bounded quantum storage model (BQSM). In this model, the malicious parties have a bounded quantum memory and they cannot store the all the qubits that are transmitted in the protocol. Our main results in this setting are the following: 1. There is a non-interactive (statistical) witness indistinguishable proof for any language in NP (and even QMA) in BQSM in the plain model. We notice that in this protocol, only the memory of the verifier is bounded. 2. Any classical proof system can be compressed in a two-message quantum proof system in BQSM. Moreover, if the original proof system is zero-knowledge, the quantum protocol is zero-knowledge too. In this result, we assume that the prover has bounded memory. Finally, we give evidence towards the "tightness" of our results. First, we show that NIZK in the plain model against BQS adversaries is unlikely with standard techniques. Second, we prove that without the BQS model there is no 2-message zero-knowledge quantum interactive proof, even under computational assumptions.
Paper Structure (31 sections, 24 theorems, 38 equations)

This paper contains 31 sections, 24 theorems, 38 equations.

Table of Contents

  1. Introduction
  2. Our Results
  3. Non-interactive proof for .
  4. A Round Collapse Theorem in the BQSM.
  5. Other Contributions.
  6. Related Work
  7. Preliminaries
  8. The Bounded Quantum Storage Model
  9. Bit Commitment in the BQSM.
  10. Binding Property of BC in the BQSM.
  11. Oblivious Transfer in the BQSM.
  12. Parallel repetition of dfrss-ot.
  13. Quantum Interactive Proofs and Quantum Zero-Knowledge
  14. Non-Interactive Proofs in the BQSM
  15. Security Against Malicious Verifier
  16. ...and 16 more sections

Key Result

lemma 1

Let $X_0$, $X_1$ and $Z$ be random variables with $H_\infty(X_0X_1|Z)\geq \alpha$. Then there exists a random variable $C$ with support over $\{0,1\}$ such that $H_\infty(X_{1-C}|ZC)\geq \alpha/2-1$.

Theorems & Definitions (46)

  • lemma 1: Min-entropy splitting
  • definition 1
  • theorem 1: Security of DFSS-BC
  • theorem 2: Security of DFRSS-OT damgard_tight_2007
  • corollary 1: Parallel repetition of DFRSS-OT
  • proof
  • definition 2: Indistinguishability of Quantum States
  • definition 3: Indistinguishability of Quantum Channels
  • definition 4: Quantum Zero-Knowledge
  • definition 5: $\Xi$--protocols
  • ...and 36 more