2012/1/25 Complete Problem for Perfect Zero-Knowledge Quantum Interactive Proof Jun Yan State Key Laboratory of Computer Science, Institute.

Slides:



Advertisements
Similar presentations
Quantum Versus Classical Proofs and Advice Scott Aaronson Waterloo MIT Greg Kuperberg UC Davis | x {0,1} n ?
Advertisements

Quantum Software Copy-Protection Scott Aaronson (MIT) |
QMA/qpoly PSPACE/poly: De-Merlinizing Quantum Protocols Scott Aaronson University of Waterloo.
Lower Bounds for Non-Black-Box Zero Knowledge Boaz Barak (IAS*) Yehuda Lindell (IBM) Salil Vadhan (Harvard) *Work done while in Weizmann Institute. Short.
University of Queensland
Local Hamiltonians in Quantum Computation Funding: Slovak Research and Development Agency, contract No. APVV , European Project QAP 2004-IST- FETPI-15848,
Quantum Money from Hidden Subspaces Scott Aaronson and Paul Christiano.
Quantum Information and the PCP Theorem Ran Raz Weizmann Institute.
Lecture 24 MAS 714 Hartmut Klauck
The Complexity of Zero-Knowledge Proofs Salil Vadhan Harvard University.
Efficient Zero-Knowledge Proof Systems Jens Groth University College London.
Lecture 15 Zero-Knowledge Techniques. Peggy: “I know the password to the Federal Reserve System computer, the ingredients in McDonald’s secret sauce,
How to Delegate Computations: The Power of No-Signaling Proofs Ron Rothblum Weizmann Institute Joint work with Yael Kalai and Ran Raz.
1 Vipul Goyal Abhishek Jain Rafail Ostrovsky Silas Richelson Ivan Visconti Microsoft Research India MIT and BU UCLA University of Salerno, Italy Constant.
Short course on quantum computing Andris Ambainis University of Latvia.
Nir Bitansky and Omer Paneth. Interactive Proofs.
Nathan Brunelle Department of Computer Science University of Virginia Theory of Computation CS3102 – Spring 2014 A tale.
Zero-Knowledge Proofs J.W. Pope M.S. – Mathematics May 2004.
Complexity 11-1 Complexity Andrei Bulatov Space Complexity.
Complexity 26-1 Complexity Andrei Bulatov Interactive Proofs.
Complexity 18-1 Complexity Andrei Bulatov Probabilistic Algorithms.
Computability and Complexity 13-1 Computability and Complexity Andrei Bulatov The Class NP.
1 Introduction to Computability Theory Lecture12: Reductions Prof. Amos Israeli.
1 Introduction to Computability Theory Lecture13: Mapping Reductions Prof. Amos Israeli.
1 Slides by Roel Apfelbaum & Eti Ezra. Enhanced by Amit Kagan. Adapted from Oded Goldreich’s course lecture notes.
1 Adapted from Oded Goldreich’s course lecture notes.
Advanced Computer Architecture Lab University of Michigan Quantum Operations and Quantum Noise Dan Ernst Quantum Noise and Quantum Operations Dan Ernst.
Phase in Quantum Computing. Main concepts of computing illustrated with simple examples.
University of Queensland
Interactive Proofs For Quantum Computations Dorit Aharonov, Michael Ben-Or, Elad Eban School of Computer Science and Engineering The Hebrew University.
Zero Knowledge Proofs. Interactive proof An Interactive Proof System for a language L is a two-party game between a verifier and a prover that interact.
A Brief Introduction To The Theory of Computer Science and The PCP Theorem By Dana Moshkovitz Faculty of Mathematics and Computer Science The Weizmann.
Generalized Quantum Arthur-Merlin Games Hirotada Kobayashi (NII) Francois Le Gall (U. Tokyo) Harumichi Nishimura (Nagoya U.) June 19,
1 Quantum NP Dorit Aharonov & Tomer Naveh Presented by Alex Rapaport.
Cramer-Shoup is Plaintext Aware in the Standard Model Alexander W. Dent Information Security Group Royal Holloway, University of London.
1 Cross-Domain Secure Computation Chongwon Cho (HRL Laboratories) Sanjam Garg (IBM T.J. Watson) Rafail Ostrovsky (UCLA)
A Few Simple Applications to Cryptography Louis Salvail BRICS, Aarhus University.
Impossibility and Feasibility Results for Zero Knowledge with Public Keys Joël Alwen Tech. Univ. Vienna AUSTRIA Giuseppe Persiano Univ. Salerno ITALY Ivan.
13. Oktober 2010 | Dr.Marc Fischlin | Kryptosicherheit | 1 Rate-Limited Secure Function Evaluation 21. Public Key Cryptography, March 1 st, 2013 Özgür.
Fall 2004/Lecture 201 Cryptography CS 555 Lecture 20-b Zero-Knowledge Proof.
Cryptography In the Bounded Quantum-Storage Model Christian Schaffner, BRICS University of Århus, Denmark ECRYPT Autumn School, Bertinoro Wednesday, October.
Cryptography In the Bounded Quantum-Storage Model Christian Schaffner, BRICS University of Århus, Denmark 9 th workshop on QIP 2006, Paris Tuesday, January.
Presented by: Suparita Parakarn Kinzang Wangdi Research Report Presentation Computer Network Security.
PROBABILISTIC COMPUTATION By Remanth Dabbati. INDEX  Probabilistic Turing Machine  Probabilistic Complexity Classes  Probabilistic Algorithms.
Introduction to Modern Cryptography Sharif University Spring 2015 Data and Network Security Lab Sharif University of Technology Department of Computer.
Interactive proof systems Section 10.4 Giorgi Japaridze Theory of Computability.
Statistical Zero-Knowledge:
André Chailloux, Université Paris 7 and UC Berkeley Or Sattath, the Hebrew University QIP 2012.
Zero-knowledge proof protocols 1 CHAPTER 12: Zero-knowledge proof protocols One of the most important, and at the same time very counterintuitive, primitives.
Umans Complexity Theory Lectures Lecture 1a: Problems and Languages.
The Computational Complexity of Satisfiability Lance Fortnow NEC Laboratories America.
Zero Knowledge Proofs Matthew Pouliotte Anthony Pringle Cryptography November 22, 2005 “A proof is whatever convinces me.” -~ Shimon Even.
1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 3524 Course.
Honest-Verifier Statistical Zero-Knowledge Equals General Statistical Zero-Knowledge Oded Goldreich (Weizmann) Amit Sahai (MIT) Salil Vadhan (MIT)
Boaz Barak, Nir Bitansky, Ran Canetti, Yael Tauman Kalai, Omer Paneth, Amit Sahai.
Quantum Cryptography Antonio Acín
Complexity 24-1 Complexity Andrei Bulatov Interactive Proofs.
Quantum Computation Stephen Jordan. Church-Turing Thesis ● Weak Form: Anything we would regard as “computable” can be computed by a Turing machine. ●
NP ⊆ PCP(n 3, 1) Theory of Computation. NP ⊆ PCP(n 3,1) What is that? NP ⊆ PCP(n 3,1) What is that?
Dominique Unruh Quantum Proofs of Knowledge Dominique Unruh University of Tartu Tartu, April 12, 2012.
IP, (NON)ISOGRAPH and Zero Knowledge Protocol COSC 6111 Advanced Algorithm Design and Analysis Daniel Stübig.
Topic 36: Zero-Knowledge Proofs
Randomness and Computation
Zero Knowledge Anupam Datta CMU Fall 2017
Interactive Proofs Adapted from Oded Goldreich’s course lecture notes.
Fiat-Shamir for Highly Sound Protocols is Instantiable
Interactive Proofs Adapted from Oded Goldreich’s course lecture notes.
Interactive Proofs Adapted from Oded Goldreich’s course lecture notes.
Post-Quantum Security of Fiat-Shamir
Interactive Proofs Adapted from Oded Goldreich’s course lecture notes.
Presentation transcript:

2012/1/25 Complete Problem for Perfect Zero-Knowledge Quantum Interactive Proof Jun Yan State Key Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences SOFSEM 20121

Outline I. Backgrounds II. Our complete problem III. Completeness proof IV. Conclusion V. Future works 2012/1/25SOFSEM 20122

I. Backgrounds(1) (Classical) interactive proof system was introduced in 1980’s [GMW89, BM88]. (Classical) interactive proof system was introduced in 1980’s [GMW89, BM88]. Two players: prover (unbounded) and verifier (polynomial-time Turing machine), where prover tries to convince verifier to accept some common input by exchanging messages. It leads to many interesting and important results in complexity and cryptography: It leads to many interesting and important results in complexity and cryptography: IP=PSPACE, PCP theorem, zero-knowledge proof/argument, algebrizing barrier… 2012/1/25SOFSEM What verifier learns from the interaction is trivial (polynomial- time computable)

I. Backgrounds(2) Quantum interactive proof system was introduced around 2000 [Wat99, KW00, Wat02]. It turns out that Quantum interactive proof system was introduced around 2000 [Wat99, KW00, Wat02]. It turns out thatQIP=QIP[3]=QMAM=IP=PSPACE We can also introduce the notion of zero knowledge for quantum interactive proof system [Wat03, Wat06]. We can also introduce the notion of zero knowledge for quantum interactive proof system [Wat03, Wat06]. 2012/1/25SOFSEM 20124

I. Backgrounds(3) Two generic approaches: 1. Transformation E.g. achieve perfect completeness while preserving statistical zero-knowledge property [Oka96, KW00, Kob08] 2. Complete problem E.g. problem (Q)SD is (Q)SZK-complete [SV97, Wat02] 2012/1/25SOFSEM 20125

II. Our Complete Problem(1) 2012/1/25SOFSEM 20126

II. Our Complete Problem(2) 2012/1/25SOFSEM Q m

II. Our Complete Problem(3) 2012/1/25SOFSEM 20128

II. Our Complete Problem(4) 2012/1/25SOFSEM QPZK- complete The complete problem A BQP instance

III. Completeness Proof(1) 2012/1/25SOFSEM Prover Verifier GO U

III. Completeness Proof(2) Verifier’s view Quantum state of all qubits other than those at prover’s hands immediately after each message is sent. (Including message qubits and qubits at Verifier’s hands.) Quantum state of all qubits other than those at prover’s hands immediately after each message is sent. (Including message qubits and qubits at Verifier’s hands.) Denote by view( i ) the verifier’ view immediately after the i th message is sent. Denote by view( i ) the verifier’ view immediately after the i th message is sent. 2012/1/25SOFSEM

III. Completeness Proof(3) 2012/1/25SOFSEM

III. Completeness Proof(4) Formulate quantum interactive proof system in terms of quantum circuits: 2012/1/25SOFSEM

III. Completeness Proof(5) 2012/1/25SOFSEM

III. Completeness Proof(6) Verifier’s views can be approximated by simulator, if we have zero-knowledge property. Verifier’s views can be approximated by simulator, if we have zero-knowledge property. Simplifications ([Wat02]) : Simplifications ([Wat02]) : 1. Initial condition can be removed. 2. Half of propagation condition can be removed. 3. Final condition can be removed if there is no completeness error. 2012/1/25SOFSEM

III. Completeness Proof(7) 2012/1/25SOFSEM Malka proposed using an extra circuit to encode completeness error Watrous’ construction

III. Completeness Proof(8) Why does it work? yes instance: by perfect zero-knowledge property. yes instance: by perfect zero-knowledge property. no instance: by soundness property. no instance: by soundness property. Devise a simulation-based strategy according to a simple fact (unitary equivalence of purifications) in quantum information. 2012/1/25SOFSEM

IV. Conclusion Completeness error does not make much difference for QPZK. Completeness error does not make much difference for QPZK. We get a complete problem for QPZK which accords with our intuition. (In classical case, we do not know.) We get a complete problem for QPZK which accords with our intuition. (In classical case, we do not know.) We can prove several interesting properties of QPZK via our complete problem. We can prove several interesting properties of QPZK via our complete problem. 2012/1/25SOFSEM

V. Future works Study computational zero-knowledge quantum proof (QCZK) via complete problem or similar unconditional characterization (resembling unconditional study of CZK [Vad03].) Study computational zero-knowledge quantum proof (QCZK) via complete problem or similar unconditional characterization (resembling unconditional study of CZK [Vad03].) QZK vs Quantum Bit Commitment Scheme: are they equivalent? QZK vs Quantum Bit Commitment Scheme: are they equivalent? Limitation of “black-box” zero-knowledge quatum proof [GK96, Wat02, JKMR09]. Limitation of “black-box” zero-knowledge quatum proof [GK96, Wat02, JKMR09]. 2012/1/25SOFSEM

The End 2012/1/25SOFSEM

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.