On the Concurrent Composition of Quantum Zero-Knowledge

TL;DR

This paper initiates the study of concurrent quantum zero-knowledge, establishing protocols for NP and QMA under certain assumptions, and introduces quantum proof of knowledge with improved extractability and simulatability.

Contribution

It provides the first formal framework for concurrent quantum zero-knowledge and constructs protocols for NP and QMA, along with quantum proof of knowledge with enhanced properties.

Findings

Existence of bounded concurrent QZK protocols for NP and QMA assuming post-quantum one-way functions.

Construction of quantum proof of knowledge for NP with near-perfect extractability and simulatability.

Improved parameters for quantum proof of knowledge for QMA compared to prior works.

Abstract

We study the notion of zero-knowledge secure against quantum polynomial-time verifiers (referred to as quantum zero-knowledge) in the concurrent composition setting. Despite being extensively studied in the classical setting, concurrent composition in the quantum setting has hardly been studied. We initiate a formal study of concurrent quantum zero-knowledge. Our results are as follows: -Bounded Concurrent QZK for NP and QMA: Assuming post-quantum one-way functions, there exists a quantum zero-knowledge proof system for NP in the bounded concurrent setting. In this setting, we fix a priori the number of verifiers that can simultaneously interact with the prover. Under the same assumption, we also show that there exists a quantum zero-knowledge proof system for QMA in the bounded concurrency setting. -Quantum Proofs of Knowledge: Assuming quantum hardness of learning with errors (QLWE), there exists a bounded concurrent zero-knowledge proof system for NP satisfying quantum proof of knowledge property. Our extraction mechanism simultaneously allows for extraction probability to be negligibly close to acceptance probability (extractability) and also ensures that the prover's state after extraction is statistically close to the prover's state after interacting with the verifier (simulatability). The seminal work of [Unruh EUROCRYPT'12], and all its followups, satisfied a weaker version of extractability property and moreover, did not achieve simulatability. Our result yields a proof of quantum knowledge system for QMA with better parameters than prior works.