Results 1 - 10
of
39
Zero-knowledge against quantum attacks
- STOC
, 2006
"... This paper proves that several interactive proof systems are zero-knowledge against general quantum attacks. This includes the well-known Goldreich-Micali-Wigderson classical zero-knowledge protocols for Graph Isomorphism and Graph 3-Coloring (assuming the existence of quantum computationally conce ..."
Abstract
-
Cited by 54 (0 self)
- Add to MetaCart
(Show Context)
This paper proves that several interactive proof systems are zero-knowledge against general quantum attacks. This includes the well-known Goldreich-Micali-Wigderson classical zero-knowledge protocols for Graph Isomorphism and Graph 3-Coloring (assuming the existence of quantum computationally concealing commitment schemes in the second case). Also included is a quantum interactive protocol for a complete problem for the complexity class of problems having "honest verifier" quantum statistical zero-knowledge proofs, which therefore establishes that honest verifier and general quantum statistical zero-knowledge are equal: QSZK = QSZKHV. Previously no non-trivial proof systems were known to be zero-knowledge against quantum attacks, except in restricted settings such as the honest-verifier and common reference string models. This paper therefore establishes for the first time that true zero-knowledge is indeed possible in the presence of quantum information and computation.
On the hardness of distinguishing mixed-state quantum computations
, 2004
"... This paper considers the following problem. Two mixedstate quantum circuits Q0 and Q1 are given, and the goal is to determine which of two possibilities holds: (i) Q0 and Q1 act nearly identically on all possible quantum state inputs, or (ii) there exists some input state ρ that Q0 and Q1 transform ..."
Abstract
-
Cited by 24 (10 self)
- Add to MetaCart
(Show Context)
This paper considers the following problem. Two mixedstate quantum circuits Q0 and Q1 are given, and the goal is to determine which of two possibilities holds: (i) Q0 and Q1 act nearly identically on all possible quantum state inputs, or (ii) there exists some input state ρ that Q0 and Q1 transform into almost perfectly distinguishable outputs. This may be viewed as an abstraction of the problem that asks, given two discrete quantum mechanical processes described by sequences of local interactions, are the processes effectively the same or are they different? We prove that this promise problem is complete for the class QIP of problems having quantum interactive proof systems, and is therefore PSPACE-hard. This is in contrast to the fact that the analogous problem for classical (probabilistic) circuits is in AM, and for unitary quantum circuits is in QMA.
New Limits to Classical and Quantum Instance Compression
- ELECTRONIC COLLOQUIUM ON COMPUTATIONAL COMPLEXITY, REPORT NO. 112
, 2012
"... Given an instance of a hard decision problem, a limited goal is to compress that instance into a smaller, equivalent instance of a second problem. As one example, consider the problem where, given Boolean formulas ψ 1,...,ψ t, we must determine if at least one ψ j is satisfiable. An OR-compression s ..."
Abstract
-
Cited by 20 (1 self)
- Add to MetaCart
Given an instance of a hard decision problem, a limited goal is to compress that instance into a smaller, equivalent instance of a second problem. As one example, consider the problem where, given Boolean formulas ψ 1,...,ψ t, we must determine if at least one ψ j is satisfiable. An OR-compression scheme for SAT is a polynomial-time reduction R that maps (ψ 1,...,ψ t) to a string z, such that z lies in some “target ” language L ′ if and only if ∨ j [ψj ∈ SAT] holds. (Here, L ′ can be arbitrarily complex.) AND-compression schemes are defined similarly. A compression scheme is strong if |z | is polynomially bounded in n = maxj |ψ j |, independent of t. Strong compression for SAT seems unlikely. Work of Harnik and Naor (FOCS ’06/SICOMP ’10) and Bodlaender, Downey, Fellows, and Hermelin (ICALP ’08/JCSS ’09) showed that the infeasibility of strong OR-compression for SAT would show limits to instance compression for a large number of natural problems. Bodlaender et al. also showed that the infeasibility of strong AND-compression for SAT would have consequences for a different list of problems. Motivated by this, Fortnow and Santhanam (STOC ’08/JCSS ’11) showed that if SAT is strongly OR-compressible,
Computational Collapse of Quantum State with Application to Oblivious Transfer
, 2003
"... ..."
(Show Context)
Computational indistinguishability between quantum states and its cryptographic application
- Advances in Cryptology – EUROCRYPT 2005
, 2005
"... We introduce a computational problem of distinguishing between two specific quantum states as a new cryptographic problem to design a quantum cryptographic scheme that is “secure ” against any polynomial-time quantum adversary. Our problem QSCDff is to distinguish between two types of random coset s ..."
Abstract
-
Cited by 14 (6 self)
- Add to MetaCart
(Show Context)
We introduce a computational problem of distinguishing between two specific quantum states as a new cryptographic problem to design a quantum cryptographic scheme that is “secure ” against any polynomial-time quantum adversary. Our problem QSCDff is to distinguish between two types of random coset states with a hidden permutation over the symmetric group of finite degree. This naturally generalizes the commonly-used distinction problem between two probability distributions in computational cryptography. As our major contribution, we show three cryptographic properties: (i) QSCDff has the trapdoor property; (ii) the average-case hardness of QSCDff coincides with its worst-case hardness; and (iii) QSCDff is computationally at least as hard in the worst case as the graph automorphism problem. These cryptographic properties enable us to construct a quantum public-key cryptosystem, which is likely to withstand any chosen plaintext attack of a polynomialtime quantum adversary. We further discuss a generalization of QSCDff, called QSCDcyc, and introduce a multi-bit encryption scheme relying on the cryptographic properties of QSCDcyc.
Quantum expanders and the quantum entropy difference problem
, 2007
"... Classical expanders and extractors have numerous applications in computer science. However, it seems these classical objects have no meaningful quantum generalization. This is because it is easy to generate entropy in quantum computation simply by tracing out registers. In this paper we define quant ..."
Abstract
-
Cited by 9 (2 self)
- Add to MetaCart
(Show Context)
Classical expanders and extractors have numerous applications in computer science. However, it seems these classical objects have no meaningful quantum generalization. This is because it is easy to generate entropy in quantum computation simply by tracing out registers. In this paper we define quantum expanders and extractors in a natural way. We show that this definition is exactly what is needed for showing that QED, the quantum analogue of ED (the entropy difference problem) is QSZK-complete. We also show that quantum expanders exist and with very good parameters in the high min-entropy regime. The first construction is derived from the work of Ambainis and Smith and is based on expander graphs that are based on Cayley graphs of Abelian groups. The drawback of this construction is that it uses logarithmic seed length (yet, this already suffices for showing that QED is QSZK-complete). We also show a quantum analogue of the Lubotzky, Philips and Sarnak construction of Ramanujan expanders from Cayley graphs of PGL(2, q). Our construction is a sequence of two steps on the Cayley graph with a basis change in between steps. We believe this quantum analogue of classical Ramanujan expanders is of independent interest.
An application of quantum finite automata to interactive proof systems
- in Proc. 9th International Conference on Implementation and Application of Automata, LNCS, Vol.3317
, 2004
"... Abstract: Quantum finite automata have been studied intensively since their introduction in late 1990s as a natural model of a quantum computer with finite-dimensional quantum memory space. This paper seeks their direct application to interactive proof systems in which a mighty quantum prover commun ..."
Abstract
-
Cited by 9 (2 self)
- Add to MetaCart
(Show Context)
Abstract: Quantum finite automata have been studied intensively since their introduction in late 1990s as a natural model of a quantum computer with finite-dimensional quantum memory space. This paper seeks their direct application to interactive proof systems in which a mighty quantum prover communicates with a quantum-automaton verifier through a common communication cell. Our quantum interactive proof systems are juxtaposed to Dwork-Stockmeyer’s classical interactive proof systems whose verifiers are two-way probabilistic automata. We demonstrate strengths and weaknesses of our systems and further study how various restrictions on the behaviors of quantum-automaton verifiers affect the power of quantum interactive proof systems.
L.: Secure two-party quantum evaluation of unitaries against specious adversaries
- Advances in Cryptology, Proceedings of Crypto 2010
, 2010
"... ar ..."
(Show Context)
Making classical honest verifier zero knowledge protocols secure against quantum attacks
- In 35th International Colloquium on Automata, Languages and Programming (ICALP), volume 5126 of Lecture Notes in Computer Science
, 2008
"... We show that any problem that has a classical zero-knowledge protocol against the honest verifier also has, under a reasonable condition, a classical zero-knowledge protocol which is secure against all, possibly cheating classical and quantum polynomial time verifiers. Here we refer to the generaliz ..."
Abstract
-
Cited by 7 (1 self)
- Add to MetaCart
We show that any problem that has a classical zero-knowledge protocol against the honest verifier also has, under a reasonable condition, a classical zero-knowledge protocol which is secure against all, possibly cheating classical and quantum polynomial time verifiers. Here we refer to the generalized notion of zero-knowledge with classical and quantum auxiliary inputs respectively. Our condition on the original protocol is that, for positive instances of the problem, the simulated message transcript should be quantum computationally indistinguishable from the actual message transcript. This is a natural strengthening of the notion of honest verifier computational zero-knowledge, and includes in particular, the complexity class of honest verifier statistical zero-knowledge. Our result answers an open question of Watrous [Wat06], and generalizes classical results by Goldreich, Sahai and Vadhan [GSV98], and Vadhan [Vad06] who showed that honest verifier statistical, respectively computational, One of the main impacts of quantum computation thus far has been its potential implications for cryptography. Public key cryptography, a central concept in cryptography, is used to protect web transactions, and its security relies on the hardness of certain number theory problems. Exponential speedups by quantum computers
