Two-message verification of quantum computation
arxiv(2019)
摘要
We describe a two-message protocol that enables a purely classical verifier to delegate any quantum computation to an untrusted quantum prover. The protocol begins with the verifier publishing a problem instance together with a public cryptographic key. The prover then transmits the computation result, appropriately encoded. Finally, the verifier uses their private key to detect any cheating and extract the result. We achieve this by upgrading the verification protocol of Mahadev in two steps. First, the protocol is repeated many times in parallel, yielding a four-message protocol with negligible soundness error. This enables the second step: the "challenge round" is eliminated via the Fiat-Shamir transform, in which the prover computes their own challenges using a public hash function. We show that this protocol is secure under the same assumptions underlying many candidate schemes for post-quantum public-key cryptography. Specifically, it is secure in the Quantum Random Oracle Model, and assuming the quantum hardness of the Learning with Errors problem. The main technical advance in our security proof is a parallel repetition theorem for the Mahadev protocol.
更多查看译文
关键词
quantum,computation,verification,non-interactive
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络