quantum zero knowledge from locally simulatable proofs
play

Quantum zero-knowledge from Locally Simulatable Proofs Alex - PowerPoint PPT Presentation

Jan 09, 2023 •166 likes •1.06k views

Quantum zero-knowledge from Locally Simulatable Proofs Alex Bredariol Grilo joint work with Anne Broadbent (U. of Ottawa) arxiv:1911.07782 Quantum found. QZK Crypto TCS 2 / 19 Interactive proofs 3 / 19 Interactive proofs L NP P V 0

  1. Quantum zero-knowledge from Locally Simulatable Proofs Alex Bredariol Grilo joint work with Anne Broadbent (U. of Ottawa) arxiv:1911.07782

  2. Quantum found. QZK Crypto TCS 2 / 19

  3. Interactive proofs 3 / 19

  4. Interactive proofs L ∈ NP P V 0 / 1 for x ∈ L , ∃ P V accepts for x �∈ L , ∀ P V rejects 3 / 19

  5. Interactive proofs L ∈ NP L ∈ IP P P ... V V 0 / 1 0 / 1 for x ∈ L , ∃ P for x ∈ L , ∃ P V accepts V accepts for x �∈ L , ∀ P for x �∈ L , ∀ P V rejects V rejects whp 3 / 19

  6. Interactive proofs L ∈ NP L ∈ IP = PSPACE P P ... V V 0 / 1 0 / 1 for x ∈ L , ∃ P for x ∈ L , ∃ P V accepts V accepts for x �∈ L , ∀ P for x �∈ L , ∀ P V rejects V rejects whp 3 / 19

  7. Zero-knowledge P ... V 0 / 1 4 / 19

  8. Zero-knowledge P ... ˜ V 4 / 19

  9. Zero-knowledge P ... ˜ V X 4 / 19

  10. Zero-knowledge P ... S ˜ ˜ V V X 4 / 19

  11. Zero-knowledge P ... S ˜ ˜ V V X Y 4 / 19

  12. Zero-knowledge P ... S ˜ ˜ V V X Y Computational zero-knowledge X and Y cannot be efficiently distinguished: 4 / 19

  13. Zero-knowledge P ... S ˜ ˜ V V X Y Computational zero-knowledge X and Y cannot be efficiently distinguished: ∀ poly-time A : | Pr x ∼ D X [ A ( x ) = 1] − Pr y ∼ D Y [ A ( y ) = 1] | ≤ negl ( n ) 4 / 19

  14. Zero-knowledge P ... S ˜ ˜ V V X Y Computational zero-knowledge X and Y cannot be efficiently distinguished: ∀ poly-time A : | Pr x ∼ D X [ A ( x ) = 1] − Pr y ∼ D Y [ A ( y ) = 1] | ≤ negl ( n ) Fundamental notion in modern cryptography! 4 / 19

  15. Example: ZK for 3-coloring V F G B A D E C 5 / 19

  16. Example: ZK for 3-coloring P V F G B A D E C 5 / 19

  17. Example: ZK for 3-coloring V 5 / 19

  18. Example: ZK for 3-coloring V Completeness ✓ Soundness ✓ ZK ✗ 5 / 19

  19. Example: ZK for 3-coloring P V F G B A D E C 6 / 19

  20. Example: ZK for 3-coloring P V F G B A D E C 6 / 19

  21. Example: ZK for 3-coloring P V F G B A D E C 6 / 19

  22. Example: ZK for 3-coloring P V A → 564651 B → 867132 C → 984565 D → 894102 E → 069732 F → 873210 G → 897966 6 / 19

  23. Example: ZK for 3-coloring P V A → 564651 B → 867132 C → 984565 D → 894102 E → 069732 F → 873210 G → 897966 6 / 19

  24. Example: ZK for 3-coloring P V A → 564651 B → 867132 { A , C } C → 984565 D → 894102 E → 069732 F → 873210 G → 897966 6 / 19

  25. Example: ZK for 3-coloring P V A → 564651 B → 867132 { A , C } C → 984565 D → 894102 E → 069732 F → 873210 564651 , 984565 G → 897966 6 / 19

  26. Example: ZK for 3-coloring P V A → 564651 B → 867132 { A , C } C → 984565 D → 894102 E → 069732 F → 873210 564651 , 984565 G → 897966 6 / 19

  27. Example: ZK for 3-coloring P V A → 564651 B → 867132 { A , C } C → 984565 D → 894102 E → 069732 F → 873210 564651 , 984565 G → 897966 bit-commitment 6 / 19

  28. Example: ZK for 3-coloring P V A → 564651 B → 867132 { A , C } C → 984565 D → 894102 E → 069732 F → 873210 564651 , 984565 G → 897966 bit-commitment Completeness ✓ Soundness ✓ CZK ✓ 6 / 19

  29. Quantum proofs 7 / 19

  30. Quantum proofs L ∈ QMA L ∈ QIP P P ... V V 0 / 1 0 / 1 for x ∈ L , ∃ P for x ∈ L , ∃ P V accepts whp V accepts for x �∈ L , ∀ P for x �∈ L , ∀ P V rejects whp V rejects whp 7 / 19

  31. Quantum proofs L ∈ QMA L ∈ QIP = PSPACE P P ... V V 0 / 1 0 / 1 for x ∈ L , ∃ P for x ∈ L , ∃ P V accepts whp V accepts for x �∈ L , ∀ P for x �∈ L , ∀ P V rejects whp V rejects whp 7 / 19

  32. Quantum Zero-knowledge P ... V 0 / 1 8 / 19

  33. Quantum Zero-knowledge P ... ˜ V 8 / 19

  34. Quantum Zero-knowledge P ... ˜ V ρ 8 / 19

  35. Quantum Zero-knowledge P ... ˜ S ˜ V V ρ 8 / 19

  36. Quantum Zero-knowledge P ... ˜ S ˜ V V ρ σ 8 / 19

  37. Quantum Zero-knowledge P ... ˜ S ˜ V V ρ σ Quantum computational zero-knowledge ρ and σ cannot be efficiently distinguished: 8 / 19

  38. Quantum Zero-knowledge P ... ˜ S ˜ V V ρ σ Quantum computational zero-knowledge ρ and σ cannot be efficiently distinguished: ∀ quantum poly-time A : | Pr [ A ( ρ ) = 1] − Pr [ A ( σ ) = 1] | ≤ negl ( n ) 8 / 19

  39. Zero-knowledge for quantum proofs 9 / 19

  40. Zero-knowledge for quantum proofs Assuming qOWF: QMA ⊆ QZK since PSPACE = CZK ⊆ QZK Need to go through QMA ⊆ PP Desired: Efficient prover with QMA witness 9 / 19

  41. Zero-knowledge for quantum proofs Assuming qOWF: QMA ⊆ QZK since PSPACE = CZK ⊆ QZK Need to go through QMA ⊆ PP Desired: Efficient prover with QMA witness BJSW’16: QMA ⊆ QZK with efficient prover Multiple rounds of communication Somewhat complicated 9 / 19

  42. Zero-knowledge for quantum proofs Assuming qOWF: QMA ⊆ QZK since PSPACE = CZK ⊆ QZK Need to go through QMA ⊆ PP Desired: Efficient prover with QMA witness BJSW’16: QMA ⊆ QZK with efficient prover Multiple rounds of communication Somewhat complicated B G 19: explore Locally Simulatable codes from G SY19 9 / 19

  43. Zero-knowledge for quantum proofs Assuming qOWF: QMA ⊆ QZK since PSPACE = CZK ⊆ QZK Need to go through QMA ⊆ PP Desired: Efficient prover with QMA witness BJSW’16: QMA ⊆ QZK with efficient prover Multiple rounds of communication Somewhat complicated B G 19: explore Locally Simulatable codes from G SY19 Applications in Cryptography ⋆ “commit-and-open” Proof of Knowledge QZK proof for QMA ⋆ “commit-and-open” Proof of Knowledge QSZK argument for QMA ⋆ QNISZK for QMA in the secret parameters setup 9 / 19

  44. Zero-knowledge for quantum proofs Assuming qOWF: QMA ⊆ QZK since PSPACE = CZK ⊆ QZK Need to go through QMA ⊆ PP Desired: Efficient prover with QMA witness BJSW’16: QMA ⊆ QZK with efficient prover Multiple rounds of communication Somewhat complicated B G 19: explore Locally Simulatable codes from G SY19 Applications in Cryptography ⋆ “commit-and-open” Proof of Knowledge QZK proof for QMA ⋆ “commit-and-open” Proof of Knowledge QSZK argument for QMA ⋆ QNISZK for QMA in the secret parameters setup Applications in Complexity theory ⋆ QMA-hardness of Consistency of local density matrices problem under Karp reductions (open for 15 years!) ⋆ Locally Simulatable proofs 9 / 19

  45. Zero-knowledge for quantum proofs Assuming qOWF: QMA ⊆ QZK since PSPACE = CZK ⊆ QZK Need to go through QMA ⊆ PP Desired: Efficient prover with QMA witness BJSW’16: QMA ⊆ QZK with efficient prover Multiple rounds of communication Somewhat complicated B G 19: explore Locally Simulatable codes from G SY19 Applications in Cryptography ⋆ “commit-and-open” Proof of Knowledge QZK proof for QMA ⋆ “commit-and-open” Proof of Knowledge QSZK argument for QMA ⋆ QNISZK for QMA in the secret parameters setup Applications in Complexity theory ⋆ QMA-hardness of Consistency of local density matrices problem under Karp reductions (open for 15 years!) ⋆ Locally Simulatable proofs 9 / 19

  46. Consistency of local density matrices problem 10 / 19

  47. Consistency of local density matrices problem Input: Reduced density matrices ρ 1 , ..., ρ m on k -qubits � � Output: yes: ∃ ψ such that ∀ i : � Tr S i ( ψ ) − ρ i � ≤ ε � � � � 1 no: ∀ ψ , ∃ i : � Tr S i ( ψ ) − ρ i � ≥ � � poly ( n ) 10 / 19

  48. Consistency of local density matrices problem Input: Reduced density matrices ρ 1 , ..., ρ m on k -qubits � � Output: yes: ∃ ψ such that ∀ i : � Tr S i ( ψ ) − ρ i � ≤ ε � � � � 1 no: ∀ ψ , ∃ i : � Tr S i ( ψ ) − ρ i � ≥ � � poly ( n ) Liu’06: containment in QMA, and partial result on QMA-hardness 10 / 19

  49. Consistency of local density matrices problem Input: Reduced density matrices ρ 1 , ..., ρ m on k -qubits � � Output: yes: ∃ ψ such that ∀ i : � Tr S i ( ψ ) − ρ i � ≤ ε � � � � 1 no: ∀ ψ , ∃ i : � Tr S i ( ψ ) − ρ i � ≥ � � poly ( n ) Liu’06: containment in QMA, and partial result on QMA-hardness B G ’19: QMA-hardness 10 / 19

  50. Very simple ZK proof for QMA P V ρ 1 , ..., ρ m 11 / 19

  51. Very simple ZK proof for QMA P V ψ ⊗ ℓ ρ 1 , ..., ρ m 11 / 19

  52. Very simple ZK proof for QMA P V X a Z b ψ ⊗ ℓ Z b X a ρ 1 , ..., ρ m a 1 , b 1 a 2 , b 2 ... a n − 1 , b n − 1 a n , b n 11 / 19

  53. Very simple ZK proof for QMA P V X a Z b ψ ⊗ ℓ Z b X a ρ 1 , ..., ρ m 11 / 19

  54. Very simple ZK proof for QMA P V a 1 , b 1 → 564651 ρ 1 , ..., ρ m a 2 , b 2 → 984565 ... X a Z b ψ ⊗ ℓ X a Z b a n , b n → 894102 ... 11 / 19

  55. Very simple ZK proof for QMA P V a 1 , b 1 → 564651 ρ 1 , ..., ρ m a 2 , b 2 → 984565 i ... X a Z b ψ ⊗ ℓ X a Z b a n , b n → 894102 ... 11 / 19

  56. Very simple ZK proof for QMA P V a 1 , b 1 → 564651 ρ 1 , ..., ρ m a 2 , b 2 → 984565 i ... X a Z b ψ ⊗ ℓ X a Z b a n , b n → 894102 984565 , 894102 keys to open otp of copies of ρ i ... 11 / 19

Recommend

Post-Quantum Zero-Knowledge Proofs for Accumulators with Applications to Ring Signatures from

Post-Quantum Zero-Knowledge Proofs for Accumulators with Applications to Ring Signatures from

Post-Quantum Zero-Knowledge Proofs for Accumulators with Applications to Ring Signatures from Symmetric-Key Primitives David Derler , Sebastian Ramacher , Daniel Slamanig PQC rypto 18, April 9, 2018 1 Ring Signatures P

612 views • 27 slides
Fast Zero-Knowledge Proofs and Post-Quantum Signatures Claudio Orlandi Aarhus University

Fast Zero-Knowledge Proofs and Post-Quantum Signatures Claudio Orlandi Aarhus University

Fast Zero-Knowledge Proofs and Post-Quantum Signatures Claudio Orlandi Aarhus University @claudiorlandi Based on joint work with: Meliisa Chase (Microsoft) David Derler (TU Graz) Tore Frederiksen (BIU) Irene Giacomelli

1.21k views • 77 slides
Picnic Post-Quantum Signatures from Zero Knowledge Proofs MELISSA CHASE, MSR THE PICNIC TEAM

Picnic Post-Quantum Signatures from Zero Knowledge Proofs MELISSA CHASE, MSR THE PICNIC TEAM

Picnic Post-Quantum Signatures from Zero Knowledge Proofs MELISSA CHASE, MSR THE PICNIC TEAM DAVID DERLER SEBASTIAN RAMACHER STEVEN GOLDFEDER CHRISTIAN RECHBERGER JONATHAN KATZ DANIEL SLAMANIG VLAD KOLESNIKOV XIAO WANG CLAUDIO ORLANDI

577 views • 37 slides
References Zero Knowledge Proofs on Wikipedia, Zero Knowledge

References Zero Knowledge Proofs on Wikipedia, Zero Knowledge

References Zero Knowledge Proofs on Wikipedia, Zero Knowledge https://en.wikipedia.org/wiki/Zero-knowledge_proof Protocols Zero Knowledge Proofs: An Illustrated Primer by M. Green. Part I: https://blog.cryptographyengineering.com/2014/11/27/ Jim

389 views • 18 slides
Locally Checkable Proofs Mika G o os & Jukka Suomela Helsinki Institute for Information

Locally Checkable Proofs Mika G o os & Jukka Suomela Helsinki Institute for Information

Locally Checkable Proofs Mika G o os & Jukka Suomela Helsinki Institute for Information Technology HIIT G o os, Suomela (HIIT) Locally Checkable Proofs 7th June 2011 1 / 15 Basic Question 1 What global information can we infer

727 views • 39 slides
Zero-Knowledge Proofs Joost van Amersfoort University of Amsterdam Teacher: Christian Schaffner

Zero-Knowledge Proofs Joost van Amersfoort University of Amsterdam Teacher: Christian Schaffner

Zero-Knowledge Proofs Joost van Amersfoort University of Amsterdam Teacher: Christian Schaffner TA: Malvin Gattinger October 22, 2014 1 / 27 Introduction Zero-knowledge proofs are proofs that yield nothing beyond the validity of the

415 views • 27 slides
Zero-Knowledge Proofs 1 Zero-Knowledge Proofs Lecture 15 1 Interactive Proofs 2 Interactive

Zero-Knowledge Proofs 1 Zero-Knowledge Proofs Lecture 15 1 Interactive Proofs 2 Interactive

Zero-Knowledge Proofs 1 Zero-Knowledge Proofs Lecture 15 1 Interactive Proofs 2 Interactive Proofs 2 Interactive Proofs Prover wants to convince verifier that x has some property 2 Interactive Proofs Prover wants to convince verifier

1.9k views • 174 slides
Semi-regularity of Locally Compact Quantum Groups Stefaan Vaes Institute of Mathematics Jussieu,

Semi-regularity of Locally Compact Quantum Groups Stefaan Vaes Institute of Mathematics Jussieu,

Semi-regularity of Locally Compact Quantum Groups Stefaan Vaes Institute of Mathematics Jussieu, Paris Department of Mathematics, K.U.Leuven 1 L.c. quantum groups (joint work with J. Kustermans) We call (M, ) a locally compact quantum

366 views • 14 slides
Proofs of Retrievability Using Locally Decodable Codes Julien Lavauzelle, Franoise

Proofs of Retrievability Using Locally Decodable Codes Julien Lavauzelle, Franoise

Proofs of Retrievability Using Locally Decodable Codes Julien Lavauzelle, Franoise Levy-dit-Vehel GRACE team, LIX & INRIA, Palaiseau, France 2016 IEEE International Symposium on Information Theory July 13, 2016 Issue Server Client Huge

529 views • 42 slides
Zero-Knowledge Proofs I Lelantus Oct. 16, 2019 Overview Zero-Knowledge Proving a

Zero-Knowledge Proofs I Lelantus Oct. 16, 2019 Overview Zero-Knowledge Proving a

Zero-Knowledge Proofs I Lelantus Oct. 16, 2019 Overview Zero-Knowledge Proving a property about an element without revealing Lelantus ZCoins Zero-Knowledge protocol Prove that transactions are valid, without revealing

1.37k views • 72 slides
Efficient Delegation of Zero-Knowledge Proofs of Knowledge in a Pairing-Friendly Setting ebastien

Efficient Delegation of Zero-Knowledge Proofs of Knowledge in a Pairing-Friendly Setting ebastien

Efficient Delegation of Zero-Knowledge Proofs of Knowledge in a Pairing-Friendly Setting ebastien Canard (1) , David Pointcheval (2) and Olivier Sanders (1 , 2) S (1) Orange Labs, Caen, France (2) Ecole Normale Sup erieure, Paris,

556 views • 31 slides
Foundation of Cryptography (0368-4162-01), Lecture 5 Interactive Proofs and Zero Knowledge

Foundation of Cryptography (0368-4162-01), Lecture 5 Interactive Proofs and Zero Knowledge

Foundation of Cryptography (0368-4162-01), Lecture 5 Interactive Proofs and Zero Knowledge Iftach Haitner, Tel Aviv University December 4, 2011 IP for GNI Part I Interactive Proofs IP for GNI Interactive Vs. Interactive Proofs Definition 1 (

1.51k views • 110 slides
Efficient Designated-Verifier Non- Interactive Zero-Knowledge Proofs of Knowledge Pyrros Chaidos,

Efficient Designated-Verifier Non- Interactive Zero-Knowledge Proofs of Knowledge Pyrros Chaidos,

Efficient Designated-Verifier Non- Interactive Zero-Knowledge Proofs of Knowledge Pyrros Chaidos, Geoffroy Couteau 1 /11 Zero-Knowledge Proof prover verifier Complete: if P knows a solution, V accepts Sound: if there is no solution, P

1.25k views • 27 slides
Arya: Nearly Linear-Time Zero-Knowledge Proofs for Correct Program Execution Jonathan Bootle,

Arya: Nearly Linear-Time Zero-Knowledge Proofs for Correct Program Execution Jonathan Bootle,

Arya: Nearly Linear-Time Zero-Knowledge Proofs for Correct Program Execution Jonathan Bootle, Andrea Cerulli, Jens Groth, Sune Jakobsen, Mary Maller Zero-Knowledge Proofs for Statement Correct Program Execution Witness Prover Verifier

332 views • 32 slides
Zero-Knowledge Proofs Lecture 15 Interactive Proofs Interactive Proofs Interactive Proofs

Zero-Knowledge Proofs Lecture 15 Interactive Proofs Interactive Proofs Interactive Proofs

Zero-Knowledge Proofs Lecture 15 Interactive Proofs Interactive Proofs Interactive Proofs Prover wants to convince verifier that x has some property Interactive Proofs Prover wants to convince verifier that x has some property i.e. x is in

3.29k views • 145 slides
Zero-Knowledge Proofs II zk-SNARKs Oct. 21, 2019 Overview Recap Lelantus One e ffi cient

Zero-Knowledge Proofs II zk-SNARKs Oct. 21, 2019 Overview Recap Lelantus One e ffi cient

Zero-Knowledge Proofs II zk-SNARKs Oct. 21, 2019 Overview Recap Lelantus One e ffi cient way to do 1-in-N proofs zk-SNARKs A general way to prove anything in Zero-Knowledge (if you dont know how to do it any other way, use

3.26k views • 68 slides
One-Shot Verifiable Encryption from Lattices Vadim Lyubashevsky and Gregory Neven IBM Research

One-Shot Verifiable Encryption from Lattices Vadim Lyubashevsky and Gregory Neven IBM Research

One-Shot Verifiable Encryption from Lattices Vadim Lyubashevsky and Gregory Neven IBM Research -- Zurich Zero-Knowledge Proofs Zero-Knowledge Proofs Relation f(s)=t, and want to prove knowledge of s Zero-Knowledge Proofs Relation f(s)=t, and

1.04k views • 72 slides
Spectral theory of weighted Fourier algebras of (locally) compact quantum groups Hun Hee Lee (

Spectral theory of weighted Fourier algebras of (locally) compact quantum groups Hun Hee Lee (

Motivations The case of compact quantum groups and SU q (2) The case of non-compact (quantum) groups Spectral theory of weighted Fourier algebras of (locally) compact quantum groups Hun Hee Lee ( ) Seoul National University Based on

596 views • 30 slides
Simulatable Channels: Extended Security that is Universally Composable and Easier to Prove.

Simulatable Channels: Extended Security that is Universally Composable and Easier to Prove.

Simulatable Channels: Extended Security that is Universally Composable and Easier to Prove. ASIACRYPT 2018 J. P. Degabriele M. Fischlin 1 What this talk is about We propose and explore new security definitions for symmetric encryption

819 views • 24 slides
On the Existence of Three Round Zero-Knowledge Proofs Nils Fleischhacker, Vipul Goyal, Abhishek

On the Existence of Three Round Zero-Knowledge Proofs Nils Fleischhacker, Vipul Goyal, Abhishek

On the Existence of Three Round Zero-Knowledge Proofs Nils Fleischhacker, Vipul Goyal, Abhishek Jain Tel Aviv, May 2, 2018 Round-Complexity of ZK-Proofs for NP 2 Round-Complexity of ZK-Proofs for NP 2 Round-Complexity of ZK-Proofs for NP

835 views • 56 slides
Quantum gravity from the point of view of locally covariant QFT Katarzyna Rejzner 1 INdAM (Marie

Quantum gravity from the point of view of locally covariant QFT Katarzyna Rejzner 1 INdAM (Marie

Introduction Classical theory Quantization Quantum gravity from the point of view of locally covariant QFT Katarzyna Rejzner 1 INdAM (Marie Curie) fellow University of Rome Tor Vergata Wuppertal, 01.06.2013 1 Based on the joint work with

1.06k views • 82 slides
Tighter Security Proofs for GPV-IBE in the Quantum Random Oracle Model (The University of Tokyo

Tighter Security Proofs for GPV-IBE in the Quantum Random Oracle Model (The University of Tokyo

Tighter Security Proofs for GPV-IBE in the Quantum Random Oracle Model (The University of Tokyo /AIST) *Pronounced as Shu ichi Katsumata (The University of Tokyo /AIST) Shota Yamada Takashi Yamakawa (AIST) (NTT) 1 Post Quantum Cryptography

1.22k views • 86 slides
Zero Knowledge Proofs Muthuramakrishnan Venkitasubramaniam An example An example I (re)solved

Zero Knowledge Proofs Muthuramakrishnan Venkitasubramaniam An example An example I (re)solved

Zero Knowledge Proofs Muthuramakrishnan Venkitasubramaniam An example An example I (re)solved P vs NP? S I How? Here is the proof Can I convince someone the validity of something Clay without revealing the proof? Institute

619 views • 46 slides
Zero-Knowledge Proofs III Beyond zk-SNARKs & Accumulators Oct. 23, 2019 Recap zk-SNARKs

Zero-Knowledge Proofs III Beyond zk-SNARKs & Accumulators Oct. 23, 2019 Recap zk-SNARKs

Zero-Knowledge Proofs III Beyond zk-SNARKs & Accumulators Oct. 23, 2019 Recap zk-SNARKs Flattening the computation x 4 + x + 2 = 86 Proof: We know so that (hint ) x x = 3 We can verify all basic operations (+,-,*,assignment) We

1.28k views • 62 slides

More recommend