The round complexity of interactive proof systems is a key question of practical and theoretical relevance in complexity theory and cryptography. Moreover, results such as QIP = QIP(3) (STOC'00) show that quantum resources significantly help in such a task. In this work, we initiate the study of round compression of protocols in the bounded quantum storage model (BQSM). In this model, the malicious parties have a bounded quantum memory and they cannot store the all the qubits that are transmitted in the protocol. Our main results in this setting are the following: 1. There is a non-interactive (statistical) witness indistinguishable proof for any language in NP (and even QMA) in BQSM in the plain model. We notice that in this protocol, only the memory of the verifier is bounded. 2. Any classical proof system can be compressed in a two-message quantum proof system in BQSM. Moreover, if the original proof system is zero-knowledge, the quantum protocol is zero-knowledge too. In this result, we assume that the prover has bounded memory. Finally, we give evidence towards the "tightness" of our results. First, we show that NIZK in the plain model against BQS adversaries is unlikely with standard techniques. Second, we prove that without the BQS model there is no 2-message zero-knowledge quantum interactive proof, even under computational assumptions.
翻译:交互式证明系统的轮复杂度是复杂性理论和密码学中具有重要实践与理论意义的核心问题。诸如QIP = QIP(3)(STOC'00)等结果表明,量子资源在此类任务中能提供显著帮助。本工作中,我们首次在有界量子存储模型(BQSM)下研究协议的轮压缩问题。在该模型中,恶意参与方的量子存储能力有界,无法存储协议中传输的所有量子比特。我们在此设置下的主要结果如下:1. 在BQSM的普通模型中,对于NP(甚至QMA)中的任何语言,存在非交互的(统计)证据不可区分证明。我们注意到在此协议中,仅验证者的存储能力受限。2. 任何经典证明系统都可在BQSM中被压缩为两轮量子证明系统。此外,若原始证明系统是零知识的,则量子协议同样保持零知识性。在此结果中,我们假设证明者的存储能力有界。最后,我们为结果的“紧致性”提供依据。首先,我们证明使用标准技术不太可能在普通模型中实现抗BQS敌手的NIZK。其次,我们证明若无BQS模型,即使基于计算性假设,也不存在两轮零知识量子交互证明。