Results 1  10
of
39
Zeroknowledge against quantum attacks
 STOC
, 2006
"... This paper proves that several interactive proof systems are zeroknowledge against general quantum attacks. This includes the wellknown GoldreichMicaliWigderson classical zeroknowledge protocols for Graph Isomorphism and Graph 3Coloring (assuming the existence of quantum computationally conce ..."
Abstract

Cited by 54 (0 self)
 Add to MetaCart
(Show Context)
This paper proves that several interactive proof systems are zeroknowledge against general quantum attacks. This includes the wellknown GoldreichMicaliWigderson classical zeroknowledge protocols for Graph Isomorphism and Graph 3Coloring (assuming the existence of quantum computationally concealing commitment schemes in the second case). Also included is a quantum interactive protocol for a complete problem for the complexity class of problems having "honest verifier" quantum statistical zeroknowledge proofs, which therefore establishes that honest verifier and general quantum statistical zeroknowledge are equal: QSZK = QSZKHV. Previously no nontrivial proof systems were known to be zeroknowledge against quantum attacks, except in restricted settings such as the honestverifier and common reference string models. This paper therefore establishes for the first time that true zeroknowledge is indeed possible in the presence of quantum information and computation.
On the hardness of distinguishing mixedstate quantum computations
, 2004
"... This paper considers the following problem. Two mixedstate quantum circuits Q0 and Q1 are given, and the goal is to determine which of two possibilities holds: (i) Q0 and Q1 act nearly identically on all possible quantum state inputs, or (ii) there exists some input state ρ that Q0 and Q1 transform ..."
Abstract

Cited by 24 (10 self)
 Add to MetaCart
(Show Context)
This paper considers the following problem. Two mixedstate quantum circuits Q0 and Q1 are given, and the goal is to determine which of two possibilities holds: (i) Q0 and Q1 act nearly identically on all possible quantum state inputs, or (ii) there exists some input state ρ that Q0 and Q1 transform into almost perfectly distinguishable outputs. This may be viewed as an abstraction of the problem that asks, given two discrete quantum mechanical processes described by sequences of local interactions, are the processes effectively the same or are they different? We prove that this promise problem is complete for the class QIP of problems having quantum interactive proof systems, and is therefore PSPACEhard. This is in contrast to the fact that the analogous problem for classical (probabilistic) circuits is in AM, and for unitary quantum circuits is in QMA.
New Limits to Classical and Quantum Instance Compression
 ELECTRONIC COLLOQUIUM ON COMPUTATIONAL COMPLEXITY, REPORT NO. 112
, 2012
"... Given an instance of a hard decision problem, a limited goal is to compress that instance into a smaller, equivalent instance of a second problem. As one example, consider the problem where, given Boolean formulas ψ 1,...,ψ t, we must determine if at least one ψ j is satisfiable. An ORcompression s ..."
Abstract

Cited by 20 (1 self)
 Add to MetaCart
Given an instance of a hard decision problem, a limited goal is to compress that instance into a smaller, equivalent instance of a second problem. As one example, consider the problem where, given Boolean formulas ψ 1,...,ψ t, we must determine if at least one ψ j is satisfiable. An ORcompression scheme for SAT is a polynomialtime reduction R that maps (ψ 1,...,ψ t) to a string z, such that z lies in some “target ” language L ′ if and only if ∨ j [ψj ∈ SAT] holds. (Here, L ′ can be arbitrarily complex.) ANDcompression schemes are defined similarly. A compression scheme is strong if z  is polynomially bounded in n = maxj ψ j , independent of t. Strong compression for SAT seems unlikely. Work of Harnik and Naor (FOCS ’06/SICOMP ’10) and Bodlaender, Downey, Fellows, and Hermelin (ICALP ’08/JCSS ’09) showed that the infeasibility of strong ORcompression for SAT would show limits to instance compression for a large number of natural problems. Bodlaender et al. also showed that the infeasibility of strong ANDcompression for SAT would have consequences for a different list of problems. Motivated by this, Fortnow and Santhanam (STOC ’08/JCSS ’11) showed that if SAT is strongly ORcompressible,
Computational Collapse of Quantum State with Application to Oblivious Transfer
, 2003
"... ..."
(Show Context)
Computational indistinguishability between quantum states and its cryptographic application
 Advances in Cryptology – EUROCRYPT 2005
, 2005
"... We introduce a computational problem of distinguishing between two specific quantum states as a new cryptographic problem to design a quantum cryptographic scheme that is “secure ” against any polynomialtime quantum adversary. Our problem QSCDff is to distinguish between two types of random coset s ..."
Abstract

Cited by 14 (6 self)
 Add to MetaCart
(Show Context)
We introduce a computational problem of distinguishing between two specific quantum states as a new cryptographic problem to design a quantum cryptographic scheme that is “secure ” against any polynomialtime quantum adversary. Our problem QSCDff is to distinguish between two types of random coset states with a hidden permutation over the symmetric group of finite degree. This naturally generalizes the commonlyused distinction problem between two probability distributions in computational cryptography. As our major contribution, we show three cryptographic properties: (i) QSCDff has the trapdoor property; (ii) the averagecase hardness of QSCDff coincides with its worstcase hardness; and (iii) QSCDff is computationally at least as hard in the worst case as the graph automorphism problem. These cryptographic properties enable us to construct a quantum publickey cryptosystem, which is likely to withstand any chosen plaintext attack of a polynomialtime quantum adversary. We further discuss a generalization of QSCDff, called QSCDcyc, and introduce a multibit encryption scheme relying on the cryptographic properties of QSCDcyc.
Quantum expanders and the quantum entropy difference problem
, 2007
"... Classical expanders and extractors have numerous applications in computer science. However, it seems these classical objects have no meaningful quantum generalization. This is because it is easy to generate entropy in quantum computation simply by tracing out registers. In this paper we define quant ..."
Abstract

Cited by 9 (2 self)
 Add to MetaCart
(Show Context)
Classical expanders and extractors have numerous applications in computer science. However, it seems these classical objects have no meaningful quantum generalization. This is because it is easy to generate entropy in quantum computation simply by tracing out registers. In this paper we define quantum expanders and extractors in a natural way. We show that this definition is exactly what is needed for showing that QED, the quantum analogue of ED (the entropy difference problem) is QSZKcomplete. We also show that quantum expanders exist and with very good parameters in the high minentropy regime. The first construction is derived from the work of Ambainis and Smith and is based on expander graphs that are based on Cayley graphs of Abelian groups. The drawback of this construction is that it uses logarithmic seed length (yet, this already suffices for showing that QED is QSZKcomplete). We also show a quantum analogue of the Lubotzky, Philips and Sarnak construction of Ramanujan expanders from Cayley graphs of PGL(2, q). Our construction is a sequence of two steps on the Cayley graph with a basis change in between steps. We believe this quantum analogue of classical Ramanujan expanders is of independent interest.
An application of quantum finite automata to interactive proof systems
 in Proc. 9th International Conference on Implementation and Application of Automata, LNCS, Vol.3317
, 2004
"... Abstract: Quantum finite automata have been studied intensively since their introduction in late 1990s as a natural model of a quantum computer with finitedimensional quantum memory space. This paper seeks their direct application to interactive proof systems in which a mighty quantum prover commun ..."
Abstract

Cited by 9 (2 self)
 Add to MetaCart
(Show Context)
Abstract: Quantum finite automata have been studied intensively since their introduction in late 1990s as a natural model of a quantum computer with finitedimensional quantum memory space. This paper seeks their direct application to interactive proof systems in which a mighty quantum prover communicates with a quantumautomaton verifier through a common communication cell. Our quantum interactive proof systems are juxtaposed to DworkStockmeyer’s classical interactive proof systems whose verifiers are twoway probabilistic automata. We demonstrate strengths and weaknesses of our systems and further study how various restrictions on the behaviors of quantumautomaton verifiers affect the power of quantum interactive proof systems.
L.: Secure twoparty quantum evaluation of unitaries against specious adversaries
 Advances in Cryptology, Proceedings of Crypto 2010
, 2010
"... ar ..."
(Show Context)
Making classical honest verifier zero knowledge protocols secure against quantum attacks
 In 35th International Colloquium on Automata, Languages and Programming (ICALP), volume 5126 of Lecture Notes in Computer Science
, 2008
"... We show that any problem that has a classical zeroknowledge protocol against the honest verifier also has, under a reasonable condition, a classical zeroknowledge protocol which is secure against all, possibly cheating classical and quantum polynomial time verifiers. Here we refer to the generaliz ..."
Abstract

Cited by 7 (1 self)
 Add to MetaCart
We show that any problem that has a classical zeroknowledge protocol against the honest verifier also has, under a reasonable condition, a classical zeroknowledge protocol which is secure against all, possibly cheating classical and quantum polynomial time verifiers. Here we refer to the generalized notion of zeroknowledge with classical and quantum auxiliary inputs respectively. Our condition on the original protocol is that, for positive instances of the problem, the simulated message transcript should be quantum computationally indistinguishable from the actual message transcript. This is a natural strengthening of the notion of honest verifier computational zeroknowledge, and includes in particular, the complexity class of honest verifier statistical zeroknowledge. Our result answers an open question of Watrous [Wat06], and generalizes classical results by Goldreich, Sahai and Vadhan [GSV98], and Vadhan [Vad06] who showed that honest verifier statistical, respectively computational, One of the main impacts of quantum computation thus far has been its potential implications for cryptography. Public key cryptography, a central concept in cryptography, is used to protect web transactions, and its security relies on the hardness of certain number theory problems. Exponential speedups by quantum computers