We provide a generic construction to turn any classical Zero-Knowledge (ZK) protocol into a composable (quantum) oblivious transfer (OT) protocol, mostly lifting the round-complexity properties and security guarantees (plain-model/statistical security/unstructured functions...) of the ZK protocol to the resulting OT protocol. Such a construction is unlikely to exist classically as Cryptomania is believed to be different from Minicrypt. In particular, by instantiating our construction using Non-Interactive ZK (NIZK), we provide the first round-optimal (2-message) quantum OT protocol secure in the random oracle model, and round-optimal extensions to string and k-out-of-n OT. At the heart of our construction lies a new method that allows us to prove properties on a received quantum state without revealing additional information on it, even in a non-interactive way, without public-key primitives, and/or with statistical guarantees when using an appropriate classical ZK protocol. We can notably prove that a state has been partially measured (with arbitrary constraints on the set of measured qubits), without revealing any additional information on this set. This notion can be seen as an analog of ZK to quantum states, and we expect it to be of independent interest as it extends complexity theory to quantum languages, as illustrated by the two new complexity classes we introduce, ZKstatesQIP and ZKstatesQMA.

翻译：我们提出一种通用构造方法，可将任意经典零知识协议转化为可组合的（量子）不经意传输（OT）协议，主要将零知识协议的轮复杂度特性与安全保证（标准模型/统计安全/非结构化函数等）继承至所得到的OT协议。此类构造在经典环境下不可能存在，因为通常认为"Cryptomania"与"Minicrypt"属于不同复杂度类。特别地，通过使用非交互式零知识（NIZK）实例化该构造，我们首次提出在随机预言机模型下安全且轮次最优（2条消息）的量子OT协议，并拓展至字符串OT与k取n OT的轮次最优方案。该构造的核心是一种新方法，能对收到的量子态证明特定属性且不泄露额外信息，即使采用非交互方式、无需公钥原语、或在统计安全模式下使用恰当的经典零知识协议也可实现。我们尤其能证明某个量子态已被部分测量（对测量量子比特集合施加任意约束），而完全不泄露该集合的其他信息。这一概念可视为量子态的零知识类比，预期将具有独立研究价值——它拓展了量子语言的复杂度理论，这体现在我们引入的两个新复杂度类ZKstatesQIP与ZKstatesQMA上。