Classically Verifiable (Dual-Mode) NIZK for QMA with Preprocessing
share
We propose three constructions of classically verifiable non-interactive proofs (CV-NIP) and non-interactive zero-knowledge proofs and arguments (CV-NIZK) for QMA in various preprocessing models. - We construct an information theoretically sound CV-NIP for QMA in the secret parameter model where a trusted party generates a quantum proving key and classical verification key and gives them to the corresponding parties while keeping it secret from the other party. Alternatively, we can think of the protocol as one in a model where the verifier sends an instance-independent quantum message to the prover as preprocessing. - We construct a CV-NIZK for QMA in the secret parameter model. It is information theoretically sound and zero-knowledge. - Assuming the quantum hardness of the leaning with errors problem, we construct a CV-NIZK for QMA in a model where a trusted party generates a CRS and the verifier sends an instance-independent quantum message to the prover as preprocessing. This model is the same as one considered in the recent work by Coladangelo, Vidick, and Zhang (CRYPTO '20). Our construction has the so-called dual-mode property, which means that there are two computationally indistinguishable modes of generating CRS, and we have information theoretical soundness in one mode and information theoretical zero-knowledge property in the other. This answers an open problem left by Coladangelo et al, which is to achieve either of soundness or zero-knowledge information theoretically. To the best of our knowledge, ours is the first dual-mode NIZK for QMA in any kind of model.
READ FULL TEXT