Commitment scheme is a central task in cryptography, where a party (typically called a prover) stores a piece of information (e.g., a bit string) with the promise of not changing it. This information can be accessed by another party (typically called the verifier), who can later learn the information and verify that it was not meddled with. Merkle tree is a well-known construction for doing so in a succinct manner, in which the verifier can learn any part of the information by receiving a short proof from the honest prover. Despite its significance in classical cryptography, there was no quantum analog of the Merkle tree. A direct generalization using the Quantum Random Oracle Model (QROM) does not seem to be secure. In this work, we propose the quantum Merkle tree. It is based on what we call the Quantum Haar Random Oracle Model (QHROM). In QHROM, both the prover and the verifier have access to a Haar random quantum oracle G and its inverse. Using the quantum Merkle tree, we propose a succinct quantum argument for the Gap-k-Local-Hamiltonian problem. We prove it is secure against semi-honest provers in QHROM and conjecture its general security. Assuming the Quantum PCP conjecture is true, this succinct argument extends to all of QMA. This work raises a number of interesting open research problems.

翻译：承诺方案是密码学中的核心任务，其中一方（通常称为证明者）存储一条信息（例如比特串）并承诺不更改它。该信息可由另一方（通常称为验证者）访问，后者随后可获取信息并验证其未被篡改。默克尔树是一种以简洁方式实现此目的的著名构造，验证者可通过接收来自诚实证明者的简短证明来获取信息的任意部分。尽管默克尔树在经典密码学中具有重要意义，但此前尚无其量子对应物。直接采用量子随机预言机模型（QROM）进行推广似乎并不安全。在本工作中，我们提出了量子默克尔树。该构造基于我们所谓的量子哈尔随机预言机模型（QHROM）。在QHROM中，证明者和验证者均可访问哈尔随机量子预言机G及其逆。利用量子默克尔树，我们针对Gap-k-局域哈密顿量问题提出了一种简洁量子论证。我们证明了该方案在QHROM下对半诚实证明者是安全的，并推测其具有通用安全性。若量子PCP猜想成立，则该简洁论证可推广至所有QMA问题。本研究提出了若干值得探索的开放性研究问题。