Non-interactive classical verification of quantum computation

TL;DR

This paper transforms Mahadev's interactive quantum verification protocol into a non-interactive, zero-knowledge system using classical cryptographic techniques, enabling classical parties to verify quantum computations securely.

Contribution

It introduces the first non-interactive, zero-knowledge verification protocol for quantum computations based solely on classical cryptography, improving upon Mahadev's original interactive protocol.

Findings

First non-interactive quantum verification protocol

Achieves zero-knowledge property for quantum verification

Secure under standard quantum cryptographic assumptions

Abstract

In a recent breakthrough, Mahadev constructed an interactive protocol that enables a purely classical party to delegate any quantum computation to an untrusted quantum prover. In this work, we show that this same task can in fact be performed non-interactively and in zero-knowledge. Our protocols result from a sequence of significant improvements to the original four-message protocol of Mahadev. We begin by making the first message instance-independent and moving it to an offline setup phase. We then establish a parallel repetition theorem for the resulting three-message protocol, with an asymptotically optimal rate. This, in turn, enables an application of the Fiat-Shamir heuristic, eliminating the second message and giving a non-interactive protocol. Finally, we employ classical non-interactive zero-knowledge (NIZK) arguments and classical fully homomorphic encryption (FHE) to give a zero-knowledge variant of this construction. This yields the first purely classical NIZK argument system for QMA, a quantum analogue of NP. We establish the security of our protocols under standard assumptions in quantum-secure cryptography. Specifically, our protocols are secure in the Quantum Random Oracle Model, under the assumption that Learning with Errors is quantumly hard. The NIZK construction also requires circuit-private FHE.