International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Succinct Classical Verification of Quantum Computation

Authors:
James Bartusek , UC Berkeley
Yael Tauman Kalai , Microsoft Research and MIT
Alex Lombardi , MIT
Fermi Ma , Simons Institute and UC Berkeley
Giulio Malavolta , Max Planck Institute for Security and Privacy
Vinod Vaikuntanathan , MIT
Thomas Vidick , Caltech
Lisa Yang , MIT
Download:
Search ePrint
Search Google
Conference: CRYPTO 2022
Abstract: We construct a classically verifiable succinct interactive argument for quantum computation (BQP) with communication complexity and verifier runtime that are poly-logarithmic in the runtime of the BQP computation (and polynomial in the security parameter). Our protocol is secure assuming the post-quantum security of indistinguishability obfuscation (iO) and Learning with Errors (LWE). This is the first succinct argument for quantum computation in the plain model; prior work (Chia-Chung-Yamakawa, TCC ’20) requires both a long common reference string and non-black-box use of a hash function modeled as a random oracle. At a technical level, we revisit the framework for constructing classically verifiable quantum computation (Mahadev, FOCS ’18). We give a self-contained, modular proof of security for Mahadev’s protocol, which we believe is of independent interest. Our proof readily generalizes to a setting in which the verifier’s first message (which consists of many public keys) is compressed. Next, we formalize this notion of compressed public keys; we view the object as a generalization of constrained/programmable PRFs and instantiate it based on indistinguishability obfuscation. Finally, we compile the above protocol into a fully succinct argument using a (sufficiently composable) succinct argument of knowledge for NP. Using our framework, we achieve several additional results, including – Succinct arguments for QMA (given multiple copies of the witness), – Succinct non-interactive arguments for BQP (or QMA) in the quantum random oracle model, and – Succinct batch arguments for BQP (or QMA) assuming post-quantum LWE (without iO).
Video from CRYPTO 2022
BibTeX
@inproceedings{crypto-2022-32234,
  title={Succinct Classical Verification of Quantum Computation},
  publisher={Springer-Verlag},
  author={James Bartusek and Yael Tauman Kalai and Alex Lombardi and Fermi Ma and Giulio Malavolta and Vinod Vaikuntanathan and Thomas Vidick and Lisa Yang},
  year=2022
}