From the minimal assumption of post-quantum semi-honest oblivious transfers, we build the first $\epsilon$-simulatable two-party computation (2PC) against quantum polynomial-time (QPT) adversaries that is both constant-round and black-box (for both the construction and security reduction). A recent work by Chia, Chung, Liu, and Yamakawa (FOCS'21) shows that post-quantum 2PC with standard simulation-based security is impossible in constant rounds, unless either $\mathbf{NP} \subseteq \mathbf{BQP}$ or relying on non-black-box simulation. The $\epsilon$-simulatability we target is a relaxation of the standard simulation-based security that allows for an arbitrarily small noticeable simulation error $\epsilon$. Moreover, when quantum communication is allowed, we can further weaken the assumption to post-quantum secure one-way functions (PQ-OWFs), while maintaining the constant-round and black-box property. Our techniques also yield the following set of constant-round and black-box two-party protocols secure against QPT adversaries, only assuming black-box access to PQ-OWFs: - extractable commitments for which the extractor is also an $\epsilon$-simulator; - $\epsilon$-zero-knowledge commit-and-prove whose commit stage is extractable with $\epsilon$-simulation; - $\epsilon$-simulatable coin-flipping; - $\epsilon$-zero-knowledge arguments of knowledge for $\mathbf{NP}$ for which the knowledge extractor is also an $\epsilon$-simulator; - $\epsilon$-zero-knowledge arguments for $\mathbf{QMA}$. At the heart of the above results is a black-box extraction lemma showing how to efficiently extract secrets from QPT adversaries while disturbing their quantum state in a controllable manner, i.e., achieving $\epsilon$-simulatability of the post-extraction state of the adversary.

翻译：从后量子半诚实不经意传输的最小假设出发，我们构建了首个针对量子多项式时间（QPT）敌手的$\epsilon$-可模拟两方计算（2PC）协议，该协议同时满足常数轮和黑盒性质（包括构造与安全性归约）。Chia、Chung、Liu和Yamakawa（FOCS'21）的近期工作表明，除非$\mathbf{NP} \subseteq \mathbf{BQP}$或依赖非黑盒模拟，否则基于标准模拟安全性的后量子2PC在常数轮内无法实现。我们所针对的$\epsilon$-可模拟性是标准模拟安全性的一种松弛，允许任意小的可忽略模拟误差$\epsilon$。此外，当允许量子通信时，我们可进一步将假设弱化为后量子安全单向函数（PQ-OWFs），同时保持常数轮和黑盒性质。我们的技术还生成了以下一系列针对QPT敌手安全的常数轮黑盒两方协议，仅需对PQ-OWFs的黑盒访问：- 可提取承诺（其中提取器也是$\epsilon$-模拟器）；- $\epsilon$-零知识承诺-证明（其承诺阶段可通过$\epsilon$-模拟提取）；- $\epsilon$-可模拟抛币协议；- 针对$\mathbf{NP}$的$\epsilon$-零知识论证（其中知识提取器也是$\epsilon$-模拟器）；- 针对$\mathbf{QMA}$的$\epsilon$-零知识论证。上述结果的核心是一个黑盒提取引理，该引理展示了如何从QPT敌手中高效提取秘密，同时以可控方式扰动其量子态，即实现敌手提取后状态的$\epsilon$-可模拟性。