quantum zero knowledge from locally simulatable proofs
play

Quantum zero-knowledge from Locally Simulatable Proofs Alex - PowerPoint PPT Presentation

Jan 09, 2023 •166 likes •1.06k views

Quantum zero-knowledge from Locally Simulatable Proofs Alex Bredariol Grilo joint work with Anne Broadbent (U. of Ottawa) arxiv:1911.07782 Quantum found. QZK Crypto TCS 2 / 19 Interactive proofs 3 / 19 Interactive proofs L NP P V 0

  1. Quantum zero-knowledge from Locally Simulatable Proofs Alex Bredariol Grilo joint work with Anne Broadbent (U. of Ottawa) arxiv:1911.07782

  2. Quantum found. QZK Crypto TCS 2 / 19

  3. Interactive proofs 3 / 19

  4. Interactive proofs L ∈ NP P V 0 / 1 for x ∈ L , ∃ P V accepts for x �∈ L , ∀ P V rejects 3 / 19

  5. Interactive proofs L ∈ NP L ∈ IP P P ... V V 0 / 1 0 / 1 for x ∈ L , ∃ P for x ∈ L , ∃ P V accepts V accepts for x �∈ L , ∀ P for x �∈ L , ∀ P V rejects V rejects whp 3 / 19

  6. Interactive proofs L ∈ NP L ∈ IP = PSPACE P P ... V V 0 / 1 0 / 1 for x ∈ L , ∃ P for x ∈ L , ∃ P V accepts V accepts for x �∈ L , ∀ P for x �∈ L , ∀ P V rejects V rejects whp 3 / 19

  7. Zero-knowledge P ... V 0 / 1 4 / 19

  8. Zero-knowledge P ... ˜ V 4 / 19

  9. Zero-knowledge P ... ˜ V X 4 / 19

  10. Zero-knowledge P ... S ˜ ˜ V V X 4 / 19

  11. Zero-knowledge P ... S ˜ ˜ V V X Y 4 / 19

  12. Zero-knowledge P ... S ˜ ˜ V V X Y Computational zero-knowledge X and Y cannot be efficiently distinguished: 4 / 19

  13. Zero-knowledge P ... S ˜ ˜ V V X Y Computational zero-knowledge X and Y cannot be efficiently distinguished: ∀ poly-time A : | Pr x ∼ D X [ A ( x ) = 1] − Pr y ∼ D Y [ A ( y ) = 1] | ≤ negl ( n ) 4 / 19

  14. Zero-knowledge P ... S ˜ ˜ V V X Y Computational zero-knowledge X and Y cannot be efficiently distinguished: ∀ poly-time A : | Pr x ∼ D X [ A ( x ) = 1] − Pr y ∼ D Y [ A ( y ) = 1] | ≤ negl ( n ) Fundamental notion in modern cryptography! 4 / 19

  15. Example: ZK for 3-coloring V F G B A D E C 5 / 19

  16. Example: ZK for 3-coloring P V F G B A D E C 5 / 19

  17. Example: ZK for 3-coloring V 5 / 19

  18. Example: ZK for 3-coloring V Completeness ✓ Soundness ✓ ZK ✗ 5 / 19

  19. Example: ZK for 3-coloring P V F G B A D E C 6 / 19

  20. Example: ZK for 3-coloring P V F G B A D E C 6 / 19

  21. Example: ZK for 3-coloring P V F G B A D E C 6 / 19

  22. Example: ZK for 3-coloring P V A → 564651 B → 867132 C → 984565 D → 894102 E → 069732 F → 873210 G → 897966 6 / 19

  23. Example: ZK for 3-coloring P V A → 564651 B → 867132 C → 984565 D → 894102 E → 069732 F → 873210 G → 897966 6 / 19

  24. Example: ZK for 3-coloring P V A → 564651 B → 867132 { A , C } C → 984565 D → 894102 E → 069732 F → 873210 G → 897966 6 / 19

  25. Example: ZK for 3-coloring P V A → 564651 B → 867132 { A , C } C → 984565 D → 894102 E → 069732 F → 873210 564651 , 984565 G → 897966 6 / 19

  26. Example: ZK for 3-coloring P V A → 564651 B → 867132 { A , C } C → 984565 D → 894102 E → 069732 F → 873210 564651 , 984565 G → 897966 6 / 19

  27. Example: ZK for 3-coloring P V A → 564651 B → 867132 { A , C } C → 984565 D → 894102 E → 069732 F → 873210 564651 , 984565 G → 897966 bit-commitment 6 / 19

  28. Example: ZK for 3-coloring P V A → 564651 B → 867132 { A , C } C → 984565 D → 894102 E → 069732 F → 873210 564651 , 984565 G → 897966 bit-commitment Completeness ✓ Soundness ✓ CZK ✓ 6 / 19

  29. Quantum proofs 7 / 19

  30. Quantum proofs L ∈ QMA L ∈ QIP P P ... V V 0 / 1 0 / 1 for x ∈ L , ∃ P for x ∈ L , ∃ P V accepts whp V accepts for x �∈ L , ∀ P for x �∈ L , ∀ P V rejects whp V rejects whp 7 / 19

  31. Quantum proofs L ∈ QMA L ∈ QIP = PSPACE P P ... V V 0 / 1 0 / 1 for x ∈ L , ∃ P for x ∈ L , ∃ P V accepts whp V accepts for x �∈ L , ∀ P for x �∈ L , ∀ P V rejects whp V rejects whp 7 / 19

  32. Quantum Zero-knowledge P ... V 0 / 1 8 / 19

  33. Quantum Zero-knowledge P ... ˜ V 8 / 19

  34. Quantum Zero-knowledge P ... ˜ V ρ 8 / 19

  35. Quantum Zero-knowledge P ... ˜ S ˜ V V ρ 8 / 19

  36. Quantum Zero-knowledge P ... ˜ S ˜ V V ρ σ 8 / 19

  37. Quantum Zero-knowledge P ... ˜ S ˜ V V ρ σ Quantum computational zero-knowledge ρ and σ cannot be efficiently distinguished: 8 / 19

  38. Quantum Zero-knowledge P ... ˜ S ˜ V V ρ σ Quantum computational zero-knowledge ρ and σ cannot be efficiently distinguished: ∀ quantum poly-time A : | Pr [ A ( ρ ) = 1] − Pr [ A ( σ ) = 1] | ≤ negl ( n ) 8 / 19

  39. Zero-knowledge for quantum proofs 9 / 19

  40. Zero-knowledge for quantum proofs Assuming qOWF: QMA ⊆ QZK since PSPACE = CZK ⊆ QZK Need to go through QMA ⊆ PP Desired: Efficient prover with QMA witness 9 / 19

  41. Zero-knowledge for quantum proofs Assuming qOWF: QMA ⊆ QZK since PSPACE = CZK ⊆ QZK Need to go through QMA ⊆ PP Desired: Efficient prover with QMA witness BJSW’16: QMA ⊆ QZK with efficient prover Multiple rounds of communication Somewhat complicated 9 / 19

  42. Zero-knowledge for quantum proofs Assuming qOWF: QMA ⊆ QZK since PSPACE = CZK ⊆ QZK Need to go through QMA ⊆ PP Desired: Efficient prover with QMA witness BJSW’16: QMA ⊆ QZK with efficient prover Multiple rounds of communication Somewhat complicated B G 19: explore Locally Simulatable codes from G SY19 9 / 19

  43. Zero-knowledge for quantum proofs Assuming qOWF: QMA ⊆ QZK since PSPACE = CZK ⊆ QZK Need to go through QMA ⊆ PP Desired: Efficient prover with QMA witness BJSW’16: QMA ⊆ QZK with efficient prover Multiple rounds of communication Somewhat complicated B G 19: explore Locally Simulatable codes from G SY19 Applications in Cryptography ⋆ “commit-and-open” Proof of Knowledge QZK proof for QMA ⋆ “commit-and-open” Proof of Knowledge QSZK argument for QMA ⋆ QNISZK for QMA in the secret parameters setup 9 / 19

  44. Zero-knowledge for quantum proofs Assuming qOWF: QMA ⊆ QZK since PSPACE = CZK ⊆ QZK Need to go through QMA ⊆ PP Desired: Efficient prover with QMA witness BJSW’16: QMA ⊆ QZK with efficient prover Multiple rounds of communication Somewhat complicated B G 19: explore Locally Simulatable codes from G SY19 Applications in Cryptography ⋆ “commit-and-open” Proof of Knowledge QZK proof for QMA ⋆ “commit-and-open” Proof of Knowledge QSZK argument for QMA ⋆ QNISZK for QMA in the secret parameters setup Applications in Complexity theory ⋆ QMA-hardness of Consistency of local density matrices problem under Karp reductions (open for 15 years!) ⋆ Locally Simulatable proofs 9 / 19

  45. Zero-knowledge for quantum proofs Assuming qOWF: QMA ⊆ QZK since PSPACE = CZK ⊆ QZK Need to go through QMA ⊆ PP Desired: Efficient prover with QMA witness BJSW’16: QMA ⊆ QZK with efficient prover Multiple rounds of communication Somewhat complicated B G 19: explore Locally Simulatable codes from G SY19 Applications in Cryptography ⋆ “commit-and-open” Proof of Knowledge QZK proof for QMA ⋆ “commit-and-open” Proof of Knowledge QSZK argument for QMA ⋆ QNISZK for QMA in the secret parameters setup Applications in Complexity theory ⋆ QMA-hardness of Consistency of local density matrices problem under Karp reductions (open for 15 years!) ⋆ Locally Simulatable proofs 9 / 19

  46. Consistency of local density matrices problem 10 / 19

  47. Consistency of local density matrices problem Input: Reduced density matrices ρ 1 , ..., ρ m on k -qubits � � Output: yes: ∃ ψ such that ∀ i : � Tr S i ( ψ ) − ρ i � ≤ ε � � � � 1 no: ∀ ψ , ∃ i : � Tr S i ( ψ ) − ρ i � ≥ � � poly ( n ) 10 / 19

  48. Consistency of local density matrices problem Input: Reduced density matrices ρ 1 , ..., ρ m on k -qubits � � Output: yes: ∃ ψ such that ∀ i : � Tr S i ( ψ ) − ρ i � ≤ ε � � � � 1 no: ∀ ψ , ∃ i : � Tr S i ( ψ ) − ρ i � ≥ � � poly ( n ) Liu’06: containment in QMA, and partial result on QMA-hardness 10 / 19

  49. Consistency of local density matrices problem Input: Reduced density matrices ρ 1 , ..., ρ m on k -qubits � � Output: yes: ∃ ψ such that ∀ i : � Tr S i ( ψ ) − ρ i � ≤ ε � � � � 1 no: ∀ ψ , ∃ i : � Tr S i ( ψ ) − ρ i � ≥ � � poly ( n ) Liu’06: containment in QMA, and partial result on QMA-hardness B G ’19: QMA-hardness 10 / 19

  50. Very simple ZK proof for QMA P V ρ 1 , ..., ρ m 11 / 19

  51. Very simple ZK proof for QMA P V ψ ⊗ ℓ ρ 1 , ..., ρ m 11 / 19

  52. Very simple ZK proof for QMA P V X a Z b ψ ⊗ ℓ Z b X a ρ 1 , ..., ρ m a 1 , b 1 a 2 , b 2 ... a n − 1 , b n − 1 a n , b n 11 / 19

  53. Very simple ZK proof for QMA P V X a Z b ψ ⊗ ℓ Z b X a ρ 1 , ..., ρ m 11 / 19

  54. Very simple ZK proof for QMA P V a 1 , b 1 → 564651 ρ 1 , ..., ρ m a 2 , b 2 → 984565 ... X a Z b ψ ⊗ ℓ X a Z b a n , b n → 894102 ... 11 / 19

  55. Very simple ZK proof for QMA P V a 1 , b 1 → 564651 ρ 1 , ..., ρ m a 2 , b 2 → 984565 i ... X a Z b ψ ⊗ ℓ X a Z b a n , b n → 894102 ... 11 / 19

  56. Very simple ZK proof for QMA P V a 1 , b 1 → 564651 ρ 1 , ..., ρ m a 2 , b 2 → 984565 i ... X a Z b ψ ⊗ ℓ X a Z b a n , b n → 894102 984565 , 894102 keys to open otp of copies of ρ i ... 11 / 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Post-Quantum Zero-Knowledge Proofs for Accumulators with Applications to Ring Signatures from

Post-Quantum Zero-Knowledge Proofs for Accumulators with Applications to Ring Signatures from

Post-Quantum Zero-Knowledge Proofs for Accumulators with Applications to Ring Signatures from Symmetric-Key Primitives David Derler , Sebastian Ramacher , Daniel Slamanig PQC rypto 18, April 9, 2018 1 Ring Signatures P

612 views • 27 slides
Fast Zero-Knowledge Proofs and Post-Quantum Signatures Claudio Orlandi Aarhus University

Fast Zero-Knowledge Proofs and Post-Quantum Signatures Claudio Orlandi Aarhus University

Fast Zero-Knowledge Proofs and Post-Quantum Signatures Claudio Orlandi Aarhus University @claudiorlandi Based on joint work with: Meliisa Chase (Microsoft) David Derler (TU Graz) Tore Frederiksen (BIU) Irene Giacomelli

1.21k views • 77 slides
Picnic Post-Quantum Signatures from Zero Knowledge Proofs MELISSA CHASE, MSR THE PICNIC TEAM

Picnic Post-Quantum Signatures from Zero Knowledge Proofs MELISSA CHASE, MSR THE PICNIC TEAM

Picnic Post-Quantum Signatures from Zero Knowledge Proofs MELISSA CHASE, MSR THE PICNIC TEAM DAVID DERLER SEBASTIAN RAMACHER STEVEN GOLDFEDER CHRISTIAN RECHBERGER JONATHAN KATZ DANIEL SLAMANIG VLAD KOLESNIKOV XIAO WANG CLAUDIO ORLANDI

577 views • 37 slides
References Zero Knowledge Proofs on Wikipedia, Zero Knowledge

References Zero Knowledge Proofs on Wikipedia, Zero Knowledge

References Zero Knowledge Proofs on Wikipedia, Zero Knowledge https://en.wikipedia.org/wiki/Zero-knowledge_proof Protocols Zero Knowledge Proofs: An Illustrated Primer by M. Green. Part I: https://blog.cryptographyengineering.com/2014/11/27/ Jim

389 views • 18 slides
Locally Checkable Proofs Mika G o os & Jukka Suomela Helsinki Institute for Information

Locally Checkable Proofs Mika G o os & Jukka Suomela Helsinki Institute for Information

Locally Checkable Proofs Mika G o os & Jukka Suomela Helsinki Institute for Information Technology HIIT G o os, Suomela (HIIT) Locally Checkable Proofs 7th June 2011 1 / 15 Basic Question 1 What global information can we infer

727 views • 39 slides
Zero-Knowledge Proofs Joost van Amersfoort University of Amsterdam Teacher: Christian Schaffner

Zero-Knowledge Proofs Joost van Amersfoort University of Amsterdam Teacher: Christian Schaffner

Zero-Knowledge Proofs Joost van Amersfoort University of Amsterdam Teacher: Christian Schaffner TA: Malvin Gattinger October 22, 2014 1 / 27 Introduction Zero-knowledge proofs are proofs that yield nothing beyond the validity of the

415 views • 27 slides
Zero-Knowledge Proofs 1 Zero-Knowledge Proofs Lecture 15 1 Interactive Proofs 2 Interactive

Zero-Knowledge Proofs 1 Zero-Knowledge Proofs Lecture 15 1 Interactive Proofs 2 Interactive

Zero-Knowledge Proofs 1 Zero-Knowledge Proofs Lecture 15 1 Interactive Proofs 2 Interactive Proofs 2 Interactive Proofs Prover wants to convince verifier that x has some property 2 Interactive Proofs Prover wants to convince verifier

1.9k views • 174 slides
Semi-regularity of Locally Compact Quantum Groups Stefaan Vaes Institute of Mathematics Jussieu,

Semi-regularity of Locally Compact Quantum Groups Stefaan Vaes Institute of Mathematics Jussieu,

Semi-regularity of Locally Compact Quantum Groups Stefaan Vaes Institute of Mathematics Jussieu, Paris Department of Mathematics, K.U.Leuven 1 L.c. quantum groups (joint work with J. Kustermans) We call (M, ) a locally compact quantum

366 views • 14 slides
Proofs of Retrievability Using Locally Decodable Codes Julien Lavauzelle, Franoise

Proofs of Retrievability Using Locally Decodable Codes Julien Lavauzelle, Franoise

Proofs of Retrievability Using Locally Decodable Codes Julien Lavauzelle, Franoise Levy-dit-Vehel GRACE team, LIX & INRIA, Palaiseau, France 2016 IEEE International Symposium on Information Theory July 13, 2016 Issue Server Client Huge

529 views • 42 slides
Zero-Knowledge Proofs I Lelantus Oct. 16, 2019 Overview Zero-Knowledge Proving a

Zero-Knowledge Proofs I Lelantus Oct. 16, 2019 Overview Zero-Knowledge Proving a

Zero-Knowledge Proofs I Lelantus Oct. 16, 2019 Overview Zero-Knowledge Proving a property about an element without revealing Lelantus ZCoins Zero-Knowledge protocol Prove that transactions are valid, without revealing

1.37k views • 72 slides
Efficient Delegation of Zero-Knowledge Proofs of Knowledge in a Pairing-Friendly Setting ebastien

Efficient Delegation of Zero-Knowledge Proofs of Knowledge in a Pairing-Friendly Setting ebastien

Efficient Delegation of Zero-Knowledge Proofs of Knowledge in a Pairing-Friendly Setting ebastien Canard (1) , David Pointcheval (2) and Olivier Sanders (1 , 2) S (1) Orange Labs, Caen, France (2) Ecole Normale Sup erieure, Paris,

556 views • 31 slides
Foundation of Cryptography (0368-4162-01), Lecture 5 Interactive Proofs and Zero Knowledge

Foundation of Cryptography (0368-4162-01), Lecture 5 Interactive Proofs and Zero Knowledge

Foundation of Cryptography (0368-4162-01), Lecture 5 Interactive Proofs and Zero Knowledge Iftach Haitner, Tel Aviv University December 4, 2011 IP for GNI Part I Interactive Proofs IP for GNI Interactive Vs. Interactive Proofs Definition 1 (

1.51k views • 110 slides
Efficient Designated-Verifier Non- Interactive Zero-Knowledge Proofs of Knowledge Pyrros Chaidos,

Efficient Designated-Verifier Non- Interactive Zero-Knowledge Proofs of Knowledge Pyrros Chaidos,

Efficient Designated-Verifier Non- Interactive Zero-Knowledge Proofs of Knowledge Pyrros Chaidos, Geoffroy Couteau 1 /11 Zero-Knowledge Proof prover verifier Complete: if P knows a solution, V accepts Sound: if there is no solution, P

1.25k views • 27 slides
Arya: Nearly Linear-Time Zero-Knowledge Proofs for Correct Program Execution Jonathan Bootle,

Arya: Nearly Linear-Time Zero-Knowledge Proofs for Correct Program Execution Jonathan Bootle,

Arya: Nearly Linear-Time Zero-Knowledge Proofs for Correct Program Execution Jonathan Bootle, Andrea Cerulli, Jens Groth, Sune Jakobsen, Mary Maller Zero-Knowledge Proofs for Statement Correct Program Execution Witness Prover Verifier

332 views • 32 slides
Zero-Knowledge Proofs Lecture 15 Interactive Proofs Interactive Proofs Interactive Proofs

Zero-Knowledge Proofs Lecture 15 Interactive Proofs Interactive Proofs Interactive Proofs

Zero-Knowledge Proofs Lecture 15 Interactive Proofs Interactive Proofs Interactive Proofs Prover wants to convince verifier that x has some property Interactive Proofs Prover wants to convince verifier that x has some property i.e. x is in

3.29k views • 145 slides
Zero-Knowledge Proofs II zk-SNARKs Oct. 21, 2019 Overview Recap Lelantus One e ffi cient

Zero-Knowledge Proofs II zk-SNARKs Oct. 21, 2019 Overview Recap Lelantus One e ffi cient

Zero-Knowledge Proofs II zk-SNARKs Oct. 21, 2019 Overview Recap Lelantus One e ffi cient way to do 1-in-N proofs zk-SNARKs A general way to prove anything in Zero-Knowledge (if you dont know how to do it any other way, use

3.26k views • 68 slides
Multidimensional Quasi-Cyclic and Convolutional Codes Buket Ozkaya joint work with Cem G

Multidimensional Quasi-Cyclic and Convolutional Codes Buket Ozkaya joint work with Cem G

Quasi-Cyclic and Convolutional Codes Multidimensional QC Codes Links to Multidimensional Convolutional Codes Multidimensional Quasi-Cyclic and Convolutional Codes Buket Ozkaya joint work with Cem G uneri 7 May 2015 Buket Ozkaya

756 views • 58 slides
Quantum Codes G. Eric Moorhouse, UW Math Corrected copies of transparencies for this sem- inar

Quantum Codes G. Eric Moorhouse, UW Math Corrected copies of transparencies for this sem- inar

Quantum Codes G. Eric Moorhouse, UW Math Corrected copies of transparencies for this sem- inar series should soon be available at http://math.uwyo.edu/~moorhous/quantum/ References P. Shor, Quantum computing, proceedings of the

331 views • 13 slides
15-853:Algorithms in the Real World Reed Solomon Codes (Cont.) Concatenation of codes

15-853:Algorithms in the Real World Reed Solomon Codes (Cont.) Concatenation of codes

15-853:Algorithms in the Real World Reed Solomon Codes (Cont.) Concatenation of codes Start with LDPC codes Announcements: 1. No class this Thursday, Sept. 19. Rescheduled to Friday, Sept 27. 2. Homework1 on ECC will be released on

384 views • 27 slides
LAWCI 2018 Thomas Jerkovits, thomas.jerkovits@dlr.de German Aerospace Center, DLR Outline 1

LAWCI 2018 Thomas Jerkovits, thomas.jerkovits@dlr.de German Aerospace Center, DLR Outline 1

July 2018 LAWCI 2018 Thomas Jerkovits, thomas.jerkovits@dlr.de German Aerospace Center, DLR Outline 1 Introduction: About Me 2 Poster: Concatenated Polar Code Ensembles Page 1/5 T. Jerkovits LAWCI 2018 Introduction: About Me July 2018

566 views • 8 slides
Information Transmission Chapter 5, Convolutional codes FREDRIK TUFVESSON ELECTRICAL AND

Information Transmission Chapter 5, Convolutional codes FREDRIK TUFVESSON ELECTRICAL AND

1 Information Transmission Chapter 5, Convolutional codes FREDRIK TUFVESSON ELECTRICAL AND INFORMATION TECHNOLOGY 2 Convolutional codes When we study convolutional codes we regard the information sequence and the code sequence as

452 views • 23 slides
(Dynamic Strings) Personal Software Engineering Memory Organization The call stack grows from

(Dynamic Strings) Personal Software Engineering Memory Organization The call stack grows from

Memory Management in C (Dynamic Strings) Personal Software Engineering Memory Organization The call stack grows from the Function Call The top of memory down. Stack Frames sp Code is at the bottom of memory. Available The

772 views • 39 slides
Concatenating data CLEAN IN G DATA IN P YTH ON Daniel Chen Instructor Combining data Data may

Concatenating data CLEAN IN G DATA IN P YTH ON Daniel Chen Instructor Combining data Data may

Concatenating data CLEAN IN G DATA IN P YTH ON Daniel Chen Instructor Combining data Data may not always come in 1 huge le 5 million row dataset may be broken into 5 separate datasets Easier to store and share May have new data for each

555 views • 31 slides
Regular Expressions Definitions Equivalence to Finite Automata 1 REs: Introduction

Regular Expressions Definitions Equivalence to Finite Automata 1 REs: Introduction

Regular Expressions Definitions Equivalence to Finite Automata 1 REs: Introduction Regular expressions are an algebraic way to describe languages. They describe exactly the regular languages. If E is a regular expression, then

835 views • 26 slides

More recommend