non interactive classical verification of quantum
play

Non-interactive classical verification of quantum computation - PowerPoint PPT Presentation

Nov 01, 2023 •288 likes •808 views

Non-interactive classical verification of quantum computation Shih-Han Hung Gorjan Alagic Andrew M. Childs Alex B. Grilo QCrypt 2020 arXiv:1911.08101 Verifiable quantum advantage 1 Verifiable quantum advantage When a quantum cloud is

  1. � Non-interactive classical verification of quantum computation Shih-Han Hung Gorjan Alagic Andrew M. Childs Alex B. Grilo QCrypt 2020 arXiv:1911.08101

  2. Verifiable quantum advantage 1

  3. Verifiable quantum advantage When a quantum cloud is available for remote access... 1

  4. Verifiable quantum advantage When a quantum cloud is available for remote access... How do you know if you can trust it via classical communication (e.g., email messages)? 1

  5. Interactive proofs/arguments An interactive proof (or argument) system for language L is a protocol which is both complete and sound. Completeness: for x ∈ L yes , V ( x ) P ( x , w ) accept 2

  6. Interactive proofs/arguments An interactive proof (or argument) system for language L is a protocol which is both complete and sound. Soundness: for x ∈ L no , V ( x ) P ( x ) reject 3

  7. Interactive proofs/arguments An interactive proof (or argument) system for language L is a protocol which is both complete and sound. It is sometimes desirable that the interaction conveys no information about the witness. Zero knowledge : there exists a simulator S who outputs an indistinguishable view. V ( x ) P ( x , w ) ≈ S( V , x ) 4

  8. Testing quantum computers How do we classically verify quantum computers when classical simulation is impossible? Interactive proof systems with a limited quantum verifier. [B18, ABEM17, MHF18] Multiprover interactive proofs with pre-shared entanglements. ≤ LWE [RUV13, M16, GKW15, HPDF15, Interactive arguments with FH15, NV17, CGJV19, G19] a bounded quantum prover. [M18] 5

  9. An XZ verification protocol for BQP/QMA Verifier ( H ) : Prover ( H ) : • measures ρ in X or Z bases, • prepares the ground state ρ and checks the parity of 2 and sends it. qubits. For this approach to work [MHF18], • the ground state energy of Hamiltonian H = ∑ i p i Π i is either ≤ a or ≥ b with ( b − a ) > n − c ; • for every problem L in BQP there is a corresponding Hamiltonian for every instance; • for QMA, the prover is given access to a quantum witness. 6

  10. The Mahadev protocol pk y c m ≤ LWE Assuming LWE is hard against quantum adversaries, there is a 4-message protocol for BQP. [M18] • Verifier publicizes the key • Prover prepares state pk , and keeps sk secret; ∣ Ψ ⟩ = ∑ b α b ∣ b ⟩∣ x ⟩∣ f pk ( b , x )⟩ and performs partial • tosses a random coin c ; measurement; • checks m = ( b , x ) , • measures ∣ ψ y ⟩ • if c = 0, f pk ( b , x ) = y ; • if c = 0, in Z basis; • if c = 1, the decryption of • if c = 1, in X basis; b or y is accepted to the XZ verification protocol. to get m . 7

  11. The Mahadev protocol pk y c m ≤ LWE Assuming LWE is hard against quantum adversaries, there is a 4-message protocol for BQP. [M18] For this protocol to work, • The key pairs ( pk , sk ) encode the bases. • The function f pk is either 2-to-1 or 1-to-1. • Hard to prepare the preimage superposition for a fixed y without sk . There exists an instantiation based on plain LWE. [M18] The soundness error is constant. 8

  12. Overview of our protocols 9

  13. Overview of our protocols Question Can quantum computation be certified with a single message, up to instance-independent preprocessing? 9

  14. Overview of our protocols Question Can quantum computation be certified with a single message, up to instance-independent preprocessing? Question Can certified quantum computation be performed in zero knowledge? 9

  15. Overview of our protocols Question Can quantum computation be certified with a single message, up to instance-independent preprocessing? Question Can certified quantum computation be performed in zero knowledge? Our contributions: 9

  16. Overview of our protocols Question Can quantum computation be certified with a single message, up to instance-independent preprocessing? Question Can certified quantum computation be performed in zero knowledge? Our contributions: Instance- Mahadev Parallel Zero Round independent protocol repetition knowledge reduction setup 10

  17. Overview of our protocols Question Can quantum computation be certified with a single message, up to instance-independent preprocessing? Question Can certified quantum computation be performed in zero knowledge? Our contributions: Instance- Mahadev Parallel Zero Round independent protocol repetition knowledge reduction setup 10

  18. Overview of our protocols Question Can quantum computation be certified with a single message, up to instance-independent preprocessing? Question Can certified quantum computation be performed in zero knowledge? Our contributions: Instance- Mahadev Parallel Zero Round independent protocol repetition knowledge reduction setup 10

  19. Overview of our protocols Question Can quantum computation be certified with a single message, up to instance-independent preprocessing? Question Can certified quantum computation be performed in zero knowledge? Our contributions: Instance- Mahadev Parallel Zero Round independent protocol repetition knowledge reduction setup 10

  20. Overview of our protocols Question Can quantum computation be certified with a single message, up to instance-independent preprocessing? Question Can certified quantum computation be performed in zero knowledge? Our contributions: Instance- Mahadev Parallel Zero Round independent protocol repetition knowledge reduction setup 10

  21. Instance independent setup

  22. Instance independent setup sk pk y c m ≤ LWE Theorem The key sampling can be preprocessed prior to verification. Proof. 11

  23. Instance independent setup sk pk y c m ≤ LWE Theorem The key sampling can be preprocessed prior to verification. Proof. • Sample bases S randomly and the keys according to the bases. 11

  24. Instance independent setup sk pk y c m ≤ LWE Theorem The key sampling can be preprocessed prior to verification. Proof. • Sample bases S randomly and the keys according to the bases. • V samples the real bases S ′ according to the Hamiltonian. 11

  25. Instance independent setup sk pk y c m ≤ LWE Theorem The key sampling can be preprocessed prior to verification. Proof. • Sample bases S randomly and the keys according to the bases. • V samples the real bases S ′ according to the Hamiltonian. • If S ≠ S ′ , the verifier accepts; otherwise run the same verification protocol as before. 11

  26. Instance independent setup sk pk y c m ≤ LWE Theorem The key sampling can be preprocessed prior to verification. Proof. • Sample bases S randomly and the keys according to the bases. • V samples the real bases S ′ according to the Hamiltonian. • If S ≠ S ′ , the verifier accepts; otherwise run the same verification protocol as before. • Since the Hamiltonian is 2-local, with probability 1/4 they match ⇒ the gap decreases by a factor of 1/4. 11

  27. A parallel repetition theorem

  28. Hardness amplification Given a protocol Π with small completeness-soundness gap, two possibilities to amplify the gap: 12

  29. Hardness amplification Given a protocol Π with small completeness-soundness gap, two possibilities to amplify the gap: • Sequential repetition Run Π sequentially, accept if many rounds are accepted. � Always amplifies the gap. � Requires more interaction. 12

  30. Hardness amplification Given a protocol Π with small completeness-soundness gap, two possibilities to amplify the gap: • Sequential repetition Run Π sequentially, accept if many rounds are accepted. � Always amplifies the gap. � Requires more interaction. • Parallel repetition (PR) Run Π in parallel, accept if many copies are accepted. � Additional interaction is not required. � Not always reduce the soundness error. 12

  31. Hardness amplification Given a protocol Π with small completeness-soundness gap, two possibilities to amplify the gap: • Sequential repetition Run Π sequentially, accept if many rounds are accepted. � Always amplifies the gap. � Requires more interaction. • Parallel repetition (PR) Run Π in parallel, accept if many copies are accepted. � Additional interaction is not required. � Not always reduce the soundness error. • There exists a protocol for which the soundness error stays the same using two-fold PR. 12

  32. A parallel repetition theorem Theorem The soundness error of a k-fold protocol is 2 − k + ǫ for negligible ǫ . Proof. 1 In the sense that P is quantum efficient and only knows the public keys. 13

  33. A parallel repetition theorem Theorem The soundness error of a k-fold protocol is 2 − k + ǫ for negligible ǫ . Proof. • P prepares a quantum state ρ pk , fixed by V by requesting a partial measurement. 1 In the sense that P is quantum efficient and only knows the public keys. 13

Recommend

Urmila Mahadevs work on classical verification of quantum computations Jaikumar Radhakrishnan

Urmila Mahadevs work on classical verification of quantum computations Jaikumar Radhakrishnan

Urmila Mahadevs work on classical verification of quantum computations Jaikumar Radhakrishnan Tata Institute of Fundamental Research, Mumbai February 7, 2019 Urmila Mahadev, PhD student, UC Berkeley Urmila Mahadev: Classical Verification of

315 views • 13 slides
From quantum hardware to quantum AI School of Electrical and Electronic Engineering University

From quantum hardware to quantum AI School of Electrical and Electronic Engineering University

CLASSICAL BIT vs QUBIT Computation as physical process Concept of programmable matter Classical neural network Distance between quantum states Quantum algorithms Quantum Neural Networks From quantum hardware to quantum AI School of

322 views • 31 slides
Quantum Error Correction On a quantum computer, a single electron or nucleus Peter J. Cameron in

Quantum Error Correction On a quantum computer, a single electron or nucleus Peter J. Cameron in

Classical v quantum In a classical computer, each bit of information is stored by a transistor containing trillions of electrons. Quantum Error Correction On a quantum

457 views • 3 slides
Simulating quantum and classical field theories on a quantum computer Stephen Jordan With: John

Simulating quantum and classical field theories on a quantum computer Stephen Jordan With: John

Simulating quantum and classical field theories on a quantum computer Stephen Jordan With: John Preskill, Keith Lee, Ali Moosavian Pedro Costa, Aaron Ostrander Field Theory Classical Quantum Value at each point in space Qubit(s) at

447 views • 34 slides
Quantum cryptanalysis: How to break some classical cryptosystems with quantum computers? Miklos

Quantum cryptanalysis: How to break some classical cryptosystems with quantum computers? Miklos

Quantum cryptanalysis: How to break some classical cryptosystems with quantum computers? Miklos Santha CNRS, IRIF, Universit Paris Diderot, France and Centre for Quantum Technologies, NUS, Singapore 1/36 Plan of the talk 1 Crash course on

543 views • 36 slides
EP 228: Quantum Mechanics Lecture 11: Classical Vs Quantum Mechanics Probabilistic

EP 228: Quantum Mechanics Lecture 11: Classical Vs Quantum Mechanics Probabilistic

EP 228: Quantum Mechanics Lecture 11: Classical Vs Quantum Mechanics Probabilistic interpretation For large number of identically prepared system, we can say the probability of measuring enery E n will be |C n | 2 . Recall the definition

521 views • 13 slides
On canonical coupling of classical geometry to quantum matter 1. Introduction R ab 1 2 g ab R

On canonical coupling of classical geometry to quantum matter 1. Introduction R ab 1 2 g ab R

On canonical coupling of classical geometry to quantum matter 1. Introduction R ab 1 2 g ab R = 8 G c 4 T ab 1.1 classical T , classical R fine. 1.2 quantum T , quantum R nobody knows. 1.3 quantum T , classical R try it

239 views • 6 slides
A Survey of Classical, Real-Time, and Time-Bounded Verification Jol Ouaknine Department of

A Survey of Classical, Real-Time, and Time-Bounded Verification Jol Ouaknine Department of

A Survey of Classical, Real-Time, and Time-Bounded Verification Jol Ouaknine Department of Computer Science Oxford University Quantitative Model Checking Winter School, February 2012 The Classical Theory of Verification Automata e T t a

1.6k views • 137 slides
the local Hamiltonian problem Thomas Vidick Caltech Joint work with Joseph Fitzsimons SUTD and

the local Hamiltonian problem Thomas Vidick Caltech Joint work with Joseph Fitzsimons SUTD and

A multiprover interactive proof system for the local Hamiltonian problem Thomas Vidick Caltech Joint work with Joseph Fitzsimons SUTD and CQT, Singapore Outline 1. Local verification of classical & quantum proofs 2. Quantum multiplayer

391 views • 23 slides
Quantum Lecture 11 The classical wiretap channel The quantum wiretap channel Quantum

Quantum Lecture 11 The classical wiretap channel The quantum wiretap channel Quantum

Quantum Lecture 11 The classical wiretap channel The quantum wiretap channel Quantum key distribution Mikael Skoglund, Quantum Info 1/16 The Classical Wiretap Channel The degraded wiretap channel p ( y | x ) X n Y n W W

422 views • 8 slides
Optimizing quantum circuits with classical thinking Craig Gidney Google Quantum AI QPL/MFPS

Optimizing quantum circuits with classical thinking Craig Gidney Google Quantum AI QPL/MFPS

Optimizing quantum circuits with classical thinking Craig Gidney Google Quantum AI QPL/MFPS 2018 Goal: explain section 3-D of arXiv:1805.03662 [...] [...] Key ideas we'll cover 1. Cost of error corrected quantum computation 2. Preparing

993 views • 45 slides
Fabio Sebastiano Interfacing qubits with classical (non-quantum) systems A real-life quantum

Fabio Sebastiano Interfacing qubits with classical (non-quantum) systems A real-life quantum

Fabio Sebastiano Interfacing qubits with classical (non-quantum) systems A real-life quantum computer Electronic interface Quantum processor Example Single-qubit rotation Microwave pulse I f ~ 5 GHz 20 GHz Example Read-out

164 views • 12 slides
A Quantum Route to Hamilton-Jacobi Theory: Considerations on the Quantum-to-Classical Transition

A Quantum Route to Hamilton-Jacobi Theory: Considerations on the Quantum-to-Classical Transition

A Quantum Route to Hamilton-Jacobi Theory: Considerations on the Quantum-to-Classical Transition Collaborators : J. F. Cari nena, A. Ibort, G. Morandi N. Mukunda, G. Sudarshan, G. Esposito, J. Clemente-Gallardo X. Gr` acia, E. Mart

429 views • 19 slides
Quantum decoupling via efficient classical operations and the entanglement cost of one-shot

Quantum decoupling via efficient classical operations and the entanglement cost of one-shot

Review of some classical tasks Quantum tasks Efficient decoupling and entanglement optimization Quantum decoupling via efficient classical operations and the entanglement cost of one-shot quantum protocols Anurag Anshu (joint work with

707 views • 67 slides
The many classical faces of quantum structures Chris Heunen University of Oxford November 30,

The many classical faces of quantum structures Chris Heunen University of Oxford November 30,

The many classical faces of quantum structures Chris Heunen University of Oxford November 30, 2013 1 / 31 Relationship between classical and quantum 2 / 31 Relationship between classical and quantum 2 / 31 Relationship between classical and

1.07k views • 88 slides
Classical simulations of quantum circuits Resource-theoretic approach to quantum computing Kamil

Classical simulations of quantum circuits Resource-theoretic approach to quantum computing Kamil

Classical simulations of quantum circuits Resource-theoretic approach to quantum computing Kamil Korzekwa Faculty of Physics, Astronomy and Applied Computer Science, Jagiellonian University, Poland Outline 1. Motivation 2. Background 3.

492 views • 18 slides
Verification of Quantum Computing Elham Kashefi Paris Centre for Quantum Computing Laboratoire

Verification of Quantum Computing Elham Kashefi Paris Centre for Quantum Computing Laboratoire

Verification of Quantum Computing Elham Kashefi Paris Centre for Quantum Computing Laboratoire traitement et communication de l'information Adjoint with University of Edinburgh & Oxford Quantum Technology Hub Google Martinis Lab

982 views • 55 slides
Quantum to Classical Randomness Extractors Mario Berta, Omar Fawzi, Stephanie Wehner - Full

Quantum to Classical Randomness Extractors Mario Berta, Omar Fawzi, Stephanie Wehner - Full

Quantum to Classical Randomness Extractors Mario Berta, Omar Fawzi, Stephanie Wehner - Full version preprint available at arXiv: 1111.2026v3 08/23/2012 - CRYPTO University of California, Santa Barbara Outline (Classical to Classical)

558 views • 53 slides
A quantum dynamical simulator Classical digital meets quantum analog Ulrich Schollwck Jens

A quantum dynamical simulator Classical digital meets quantum analog Ulrich Schollwck Jens

A quantum dynamical simulator Classical digital meets quantum analog Ulrich Schollwck Jens Eisert LMU Munich Freie Universitt Berlin Mentions joint work with I. Bloch, S. Trotzky, I. McCulloch, A. Flesch, Y.-U. Chen, C. Gogolin, M.

361 views • 35 slides
Normally hyperbolic trapping: from quantum dispersion to classical mixing S. Nonnenmacher

Normally hyperbolic trapping: from quantum dispersion to classical mixing S. Nonnenmacher

Normally hyperbolic trapping: from quantum dispersion to classical mixing S. Nonnenmacher (CEA-Saclay) + M. Zworski (Berkeley) Quantum chaos: fundamentals and applications, Luchon, March 2015 E+ E E+ t () t () K 0

674 views • 20 slides
Classical Quantum Physics Quantum Mechanics over Phase-Space; Feynman-Hibbs Path-Integrals;

Classical Quantum Physics Quantum Mechanics over Phase-Space; Feynman-Hibbs Path-Integrals;

Quantum Mechanics II Classical Quantum Physics Quantum Mechanics over Phase-Space; Feynman-Hibbs Path-Integrals; Quantization and Anomalies Tristan Hbsch Department of Physics and Astronomy, Howard University, Washington DC

494 views • 14 slides
Toward Automatic Verification of Quantum Programs Xiaodi Wu QuICS, University of Maryland

Toward Automatic Verification of Quantum Programs Xiaodi Wu QuICS, University of Maryland

Toward Automatic Verification of Quantum Programs Xiaodi Wu QuICS, University of Maryland Outline Motivation A Quantum Programming Language Floyd-Hoare Logic for Quantum Programs Invariant Generation Recent Developments Summary My

1.24k views • 79 slides
The Classical Behavior of Quantum Systems James Hartle, Santa Barbara Murray Gell-Mann, Mark

The Classical Behavior of Quantum Systems James Hartle, Santa Barbara Murray Gell-Mann, Mark

The Classical Behavior of Quantum Systems James Hartle, Santa Barbara Murray Gell-Mann, Mark Srednicki IBM Watson Labs, August 12, 2014 The Questions When can a quantum state, pure or mixed, be said to be classical? What properties of

1.09k views • 40 slides
quantum mechanics arises? Experimental results could not be explained by classical mechanics

quantum mechanics arises? Experimental results could not be explained by classical mechanics

Where classical mechanics fails and quantum mechanics arises? Experimental results could not be explained by classical mechanics Numerous places: 1. Black-Body radiation spectrum. 2. Photo-electric effect 3. Compton scattering. 4.

444 views • 23 slides

More recommend