In the quantum computation verification problem, a quantum server wants to convince a client that the output of evaluating a quantum circuit $C$ is some result that it claims. This problem is considered very important both theoretically and practically in quantum computation [arXiv:1709.06984], [arXiv:1704.04487], [arXiv:1209.0449]. The client is considered to be limited in computational power, and one desirable property is that the client can be completely classical, which leads to the classical verification of quantum computation (CVQC) problem. In terms of the total time complexity, the fastest single-server CVQC protocol so far has complexity $O(poly(\kappa)|C|^3)$ where $|C|$ is the size of the circuit to be verified and $\kappa$ is the security parameter, given by Mahadev [arXiv:1804.01082]. In this work, by developing new techniques, we give a new CVQC protocol with complexity $O(poly(\kappa)|C|)$, which is significantly faster than existing protocols. Our protocol is secure in the quantum random oracle model [arXiv:1008.0931] assuming the existence of noisy trapdoor claw-free functions [arXiv:1804.00640], which are both extensively used assumptions in quantum cryptography. Along the way, we also give a new classical channel remote state preparation protocol for states in $\{|+_\theta\rangle=\frac{1}{\sqrt{2}}(|0\rangle+e^{i\theta\pi/4}|1\rangle):\theta\in \{0,1\cdots 7\}\}$, another basic primitive in quantum cryptography. Our protocol allows for parallel verifiable preparation of $L$ independently random states in this form (up to a constant overall error and a possibly unbounded server-side simulator), and runs in only $O(poly(\kappa)L)$ time and constant rounds; for comparison, existing works (even for possibly simpler state families) all require very large or unestimated time and round complexities [arXiv:1904.06320][arXiv:1904.06303][arXiv:2201.13445][arXiv:2201.13430].

翻译：在量子计算验证问题中，量子服务器希望使客户端相信其对量子电路 $C$ 的求值输出是其所声称的结果。该问题在量子计算的理论和实践中均被认为非常重要[arXiv:1709.06984]、[arXiv:1704.04487]、[arXiv:1209.0449]。客户端通常被认为计算能力有限，而一个理想的性质是客户端可以是完全经典的，这引出了量子计算的经典验证（CVQC）问题。在总时间复杂度方面，迄今为止最快的单服务器CVQC协议复杂度为 $O(poly(\kappa)|C|^3)$，其中 $|C|$ 是待验证电路的规模，$\kappa$ 是安全参数，由Mahadev提出[arXiv:1804.01082]。在本工作中，通过发展新技术，我们提出了一个复杂度为 $O(poly(\kappa)|C|)$ 的新CVQC协议，其速度显著快于现有协议。我们的协议在量子随机预言机模型[arXiv:1008.0931]下是安全的，前提是假设存在噪声陷门无爪函数[arXiv:1804.00640]，这两者在量子密码学中均为广泛使用的假设。在此过程中，我们还针对 $\{|+_\theta\rangle=\frac{1}{\sqrt{2}}(|0\rangle+e^{i\theta\pi/4}|1\rangle):\theta\in \{0,1\cdots 7\}\}$ 中的态，提出了一种新的经典信道远程态制备协议，这是量子密码学中的另一个基本原语。我们的协议允许以可验证的方式并行制备 $L$ 个这种形式的独立随机态（达到一个恒定的整体误差和一个可能无界的服务器端模拟器），并且仅需 $O(poly(\kappa)L)$ 时间和常数轮次；作为对比，现有工作（即使是针对可能更简单的态族）均需要非常大或无法估计的时间和轮次复杂度[arXiv:1904.06320][arXiv:1904.06303][arXiv:2201.13445][arXiv:2201.13430]。