We provide a generic construction to turn any classical Zero-Knowledge (ZK) protocol into a composable (quantum) oblivious transfer (OT) protocol, mostly lifting the round-complexity properties and security guarantees (plain-model/statistical security/unstructured functions...) of the ZK protocol to the resulting OT protocol. Such a construction is unlikely to exist classically as Cryptomania is believed to be different from Minicrypt. In particular, by instantiating our construction using Non-Interactive ZK (NIZK), we provide the first round-optimal (2-message) quantum OT protocol secure in the random oracle model, and round-optimal extensions to string and k-out-of-n OT. At the heart of our construction lies a new method that allows us to prove properties on a received quantum state without revealing (too much) information on it, even in a non-interactive way and/or with statistical guarantees when using an appropriate classical ZK protocol. We can notably prove that a state has been partially measured (with arbitrary constraints on the set of measured qubits), without revealing any additional information on this set. This notion can be seen as an analog of ZK to quantum states, and we expect it to be of independent interest as it extends complexity theory to quantum languages, as illustrated by the two new complexity classes we introduce, ZKstateQIP and ZKstateQMA.

翻译：我们提供一种通用构造方法，可将任意经典零知识（ZK）协议转化为可组合的（量子）不经意传输（OT）协议，并主要将ZK协议的轮复杂度属性和安全保证（明文模型/统计安全/非结构化函数等）继承至所生成的OT协议。此类构造在经典场景中难以存在，因为密码兽（Cryptomania）被认为与迷你密码（Minicrypt）存在本质区别。特别地，通过使用非交互式零知识（NIZK）实例化该构造，我们首次提出在随机预言机模型下安全的轮数最优（2轮消息）量子OT协议，并给出其至字符串OT及k选n OT的轮数最优扩展。该构造的核心是一种新方法，允许我们在不泄露（过多）信息的前提下，以非交互方式甚至借助经典ZK协议实现统计安全保证，证明接收到的量子态满足特定性质。我们能够显著证明某个量子态已被部分测量（对被测量子比特集合施加任意约束），同时不泄露该集合的额外信息。该概念可视为量子态版本的零知识证明，并预期具有独立研究价值——它通过我们引入的两个新复杂性类ZKstateQIP和ZKstateQMA，将复杂性理论拓展至量子语言领域。