A New Approach to Arguments of Quantum Knowledge

TL;DR

This work advances publicly-verifiable non-interactive zero-knowledge for quantum arithmetic by constructing a NIZK argument of quantum knowledge for QMA under transparent setups (URS). It introduces a ZX-verifier with strong completeness, coset-state authentication, and a post-quantum obfuscation framework whose security is mediated by a quantum pseudorandom oracle (QPrO); crucially, the obfuscation is shown to be provably correct, and a game-derived evasive composability property is used to manage composition. The paper also develops post-quantum NIZK arguments for NP, and shows how to replace obfuscation with hash-based PrO techniques under FE assumptions, yielding broad implications such as witness encryption and CVQC results in the QPrO model. Overall, it provides a path toward standard-assumption NIZKs for QMA, with practical URS setups and robust knowledge-extraction guarantees, potentially simplifying the quest for quantum-secure, publicly-verifiable quantum proofs.

Abstract

We construct a publicly-verifiable non-interactive zero-knowledge argument system for QMA with the following properties. 1. Transparent setup. Our protocol only requires a uniformly random string (URS) setup. The only prior publicly-verifiable NIZK for QMA (Bartusek and Malavolta, ITCS 2022) requires an entire obfuscated program as the common reference string. 2. Extractability. Valid QMA witnesses can be extracted directly from our accepting proofs. That is, we obtain a publicly-verifiable non-interactive argument of quantum knowledge, previously only known in a privately-verifiable setting (Coladangelo, Vidick, and Zhang, CRYPTO 2020). Our construction introduces a novel ZX QMA verifier with "strong completeness" and builds upon the coset state authentication scheme from (Bartusek, Brakerski, and Vaikuntanathan, STOC 2024) within the context of QMA verification. Along the way, we establish new properties of the authentication scheme. The security of our construction rests on the heuristic use of a post-quantum indistinguishability obfuscator. Rather than rely on the full-fledged classical oracle model (i.e. ideal obfuscation), we isolate a particular game-based property of the obfuscator that suffices for our proof, which we dub the evasive composability heuristic. As an additional contribution, we study a general method for replacing heuristic use of obfuscation with heuristic use of hash functions in the post-quantum setting. In particular, we establish security of the ideal obfuscation scheme of Jain, Lin, Luo, and Wichs (CRYPTO 2023) in the quantum pseudorandom oracle model (QPrO), which can be heuristically instantiated with a hash function. This gives us NIZK arguments of quantum knowledge for QMA in the QPrO, and additionally allows us to translate several quantum-cryptographic results that were only known in the classical oracle model to results in the QPrO.

Figures (2)

• Figure 1: $\mathsf{Hyb}\xspace_{\delta,\$\$}$: Shared state of algorithms $\mathsf{Sim}^{(\delta,\$\$)}_1, \mathsf{Sim}^{(\delta,\$\$)}_2, \mathsf{Sim}_3^{(\delta,\$\$)}$. Differences from $\mathsf{Hyb}\xspace_{\mathsf{real}}$ and dependence on $\delta$ highlighted.
• Figure 2: $\mathsf{Hyb}\xspace_{{\color{red} \delta},\$\$}$: Specification of algorithms $\mathsf{Sim}^{(\delta,\$\$)}_1, \mathsf{Sim}^{(\delta,\$\$)}_2, \mathsf{Sim}_3^{(\delta,\$\$)}$. Differences from $\mathsf{Hyb}\xspace_{\mathsf{real}}$ and dependence on $\delta$ highlighted.

Theorems & Definitions (111)

• Definition 1.2: Evasive Composability Heuristic, simplified and informal
• Theorem 3.1: Rectangular Matrix Bernstein InequalityFTML:Tropp15
• Lemma 3.2
• proof
• Definition 3.3: Binary-outcome ZX measurement
• Lemma 3.4: Gentle measurement DBLP:journals/tit/Winter99
• Lemma 3.5: Oracle indistinguishability
• Lemma 3.6: State decomposition
• Lemma 3.7
• proof : Proof Sketch