We provide a generic construction to turn any classical Zero-Knowledge (ZK) protocol into a composable (quantum) oblivious transfer (OT) protocol, mostly lifting the round-complexity properties and security guarantees (plain-model/statistical security/unstructured functions...) of the ZK protocol to the resulting OT protocol. Such a construction is unlikely to exist classically as Cryptomania is believed to be different from Minicrypt. In particular, by instantiating our construction using Non-Interactive ZK (NIZK), we provide the first round-optimal (2-message) quantum OT protocol secure in the random oracle model, and round-optimal extensions to string and k-out-of-n OT. At the heart of our construction lies a new method that allows us to prove properties on a received quantum state without revealing (too much) information on it, even in a non-interactive way and/or with statistical guarantees when using an appropriate classical ZK protocol. We can notably prove that a state has been partially measured (with arbitrary constraints on the set of measured qubits), without revealing any additional information on this set. This notion can be seen as an analog of ZK to quantum states, and we expect it to be of independent interest as it extends complexity theory to quantum languages, as illustrated by the two new complexity classes we introduce, ZKstatesQIP and ZKstatesQMA.

翻译：我们提出一种通用构造方法，可将任何经典零知识（ZK）协议转化为可组合的（量子）不经意传输（OT）协议，从而将ZK协议的轮复杂度属性与安全保证（如普通模型/统计安全性/非结构化函数等）大部分提升至所得OT协议。此类构造在经典框架中不可能存在，因为通常认为密码学万能（Cryptomania）与极小密码学（Minicrypt）属于不同领域。特别地，通过使用非交互式零知识证明（NIZK）实例化该构造，我们首次在随机谕言模型下实现了轮数最优（2轮消息）的量子OT协议，并拓展至字符串OT及k选n OT的轮数最优扩展。该构造的核心在于一种新方法，可对接收到的量子态证明特定性质而不泄露（过多）相关信息——既能以非交互方式实现，也可在适用经典ZK协议时提供统计安全保证。我们尤其能证明一个量子态已部分测量（对测量量子比特集合施加任意约束），且不泄露该集合的任何额外信息。该概念可视为量子态版本的零知识证明，预期具有独立研究价值——正如我们引入的两个新复杂度类ZKstatesQIP和ZKstatesQMA所揭示的，它延伸了量子语言的复杂度理论。