Experimental relativistic zero-knowledge proofs with unconditional security

TL;DR

The paper addresses unconditional security for zero-knowledge proofs against quantum adversaries by marrying subset relativistic bit commitments with a quantum nonlocality game. The authors implement a ZKP for the graph 3-coloring problem, proving perfect completeness, quantum soundness with an exponentially small failure probability $\\delta_s=e^{-k}$ after $k|E|$ rounds, and quantum perfect zero-knowledge via a simulator that operates without rewinding. A central achievement is reducing the round complexity to $O(|E|)$ and enabling practical, trustless verification resilient to quantum attacks, leveraging the non-signaling principle and relativistic constraints. The work advances robust, publicly verifiable ZKPs suitable for distrustful internet environments and demonstrates a concrete pathway toward unconditional security in quantum-era cryptography.

Abstract

Zero-knowledge proofs (ZKPs) are widely applied in digital economies, such as cryptocurrencies and smart contracts, for establishing trust and ensuring privacy between untrusted parties. However, almost all ZKPs rely on unproven computational assumptions or are vulnerable to quantum adversaries. We propose and experimentally implement an unconditionally secure ZKP for the graph three-coloring problem by combining subset relativistic bit commitments with quantum nonlocality game. Our protocol achieves a linear relationship between interactive rounds and the number of edges, reducing round complexity and storage requirements by thirteen orders of magnitude, thereby significantly enhancing practical feasibility. Our work illustrates the powerful potential of integrating special relativity with quantum theory in trustless cryptography, paving the way for robust applications against quantum attacks in distrustful internet environments.

Figures (5)

• Figure 1: A three-colorable graph with possible color permutations. Three-colorability requires that each vertex in a graph is assigned one of three colors such that no two adjacent vertices share the same color. This example graph, containing ten vertices, satisfies this condition, as illustrated by its three-coloring using blue, pink, and green. All adjacent vertices such as 1 and 6, or 8 and 10, are assigned different colors. Any permutation of a valid three-coloring is also valid. The permutations of blue, pink, and green coloring provide equivalent correct solutions. Thus, there are at least $|\Pi|=6$ such cyclic permutations.
• Figure 2: Illustration of a non-local game $G$ and its coupled game $G_{\rm{coup}}$.(A) Non-local game $G$. The physical systems of Alice and Bob share quantum entanglement. Alice gets an input $x \in I_A$ and Bob gets an input $y \in I_B$. Based on the received input, Alice and Bob choose a measurement on their systems and generate the output $a \in O_A$ and $b \in O_B$ respectively. They win the game if the valuation function produces 1, i.e., $V(x,y,a,b)=1$. (B) Coupled game $G_{\rm{coup}}$. In the coupled game, Alice maintains the same input and output condition, but Bob gets two distinct inputs $y,y^{\prime} \in I_B~(y \neq y^{\prime})$. Bob also generates two outputs $b,b^{\prime} \in O_B$, subsequent to measurement on his physical system. Alice and Bob win if $V(x,y,a,b)=V(x,y^{\prime},a,b^{\prime})=1$.
• Figure 3: Schematic of the $\mathbb{F}_P$-string relativistic bit commitment. P1 and P2 are spatially separated, but their physical systems may share quantum entanglement. P1 receives a uniformly random query $x \in \mathbb{F}_Q$ and makes measurements to produce an output $a \in \mathbb{F}_Q$. To reveal a committed value $y \in \mathbb{F}_P$, P2 makes measurements on the physical system and produces an output $b \in \mathbb{F}_P$. They successfully reveal $y$ if $x\cdot y = a+b$.
• Figure 4: Schematic of the $\mathbb{F}_P^{\otimes|D|}$ subset relativistic bit commitment. P1 and P2 are spatially separated, but their physical systems may share quantum entanglement. P1 receives $n$ uniformly random queries $X:=\{x_i\}_{i\in [n]}\in \mathbb{F}^{\otimes n}_Q$ and makes measurements to produce an output $A:=\{a_i\}_{i\in [n]}\in \mathbb{F}^{\otimes n}_Q$. To reveal a subset $D$ of the committed values $Y(D):=\{y_i\}_{i\in D}\in \mathbb{F}^{\otimes |D|}_Q$, P2 makes measurements on the physical system and produces an output $B(D):=\{b_i\}_{i\in D}\in \mathbb{F}^{\otimes |D|}_Q$. They successfully reveal $Y(D)$ if $x_i \cdot y_i = a_i + b_i,~\forall~i\in D$.
• Figure 5: Zero-knowledge. It can be defined using a simulator with no knowledge in the ideal world, which generates a view by simulating the interaction that is indistinguishable from the interaction in the real world. The symbol $\approx$ denotes that the two probability distributions are indistinguishable.

Theorems & Definitions (25)

• Definition 1
• Definition 2: Uniform distribution
• Definition 3: S-projective
• Definition 4: Winning probability
• Definition 5: The construction of $G_{\text{coup}}$
• Theorem 1: The relationship between $G$ and $G_{\text{coup}}$
• Theorem 2: Upper bound of $\omega^{*}$(CHSH$_{Q}(P)$)
• Theorem 3: Upper bound of $\omega^{*}$(CHSH$^{\otimes n}_{Q}(P)$)
• Definition 6: Relativistic bit commitment
• Definition 7: Perfect hiding (concealing)