MPC in the Quantum Head (or: Superposition-Secure (Quantum) Zero-Knowledge)

TL;DR

This paper extends the MPC-in-the-head technique to quantum settings, enabling zero-knowledge protocols secure against superposition-verifier attacks, with new protocols based on standard cryptographic assumptions like LWE.

Contribution

It generalizes MPC-in-the-head to quantum computations and introduces new zero-knowledge protocols secure against superposition attacks under standard assumptions.

Findings

Quantum MPC-in-the-head framework developed

Protocols secure against superposition attacks constructed

Security based on LWE assumption

Abstract

The MPC-in-the-head technique (Ishai et al., STOC 2007) is a celebrated method to build zero-knowledge protocols with desirable theoretical properties and high practical efficiency. This technique has generated a large body of research and has influenced the design of real-world post-quantum cryptographic signatures. In this work, we present a generalization of the MPC-in-the-head paradigm to the quantum setting, where the MPC is running a quantum computation. As an application of our framework, we propose a new approach to build zero-knowledge protocols where security holds even against a verifier that can obtain a superposition of transcripts. This notion was pioneered by Damgard et al., who built a zero-knowledge protocol for NP (in the common reference string model) secure against superposition attacks, by relying on perfectly hiding and unconditionally binding dual-mode commitments. Unfortunately, no such commitments are known from standard cryptographic assumptions. In this work we revisit this problem, and present two new three-round protocols in the common reference string model: (i) A zero-knowledge argument for NP, whose security reduces to the standard learning with errors (LWE) problem. (ii) A zero-knowledge argument for QMA from the same assumption.