We study non-interactive zero-knowledge proofs (NIZKs) for NP satisfying: 1) statistical soundness, 2) computational zero-knowledge and 3) certified-everlasting zero-knowledge (CE-ZK). The CE-ZK property allows a verifier of a quantum proof to revoke the proof in a way that can be checked (certified) by the prover. Conditioned on successful certification, the verifier's state can be efficiently simulated with only the statement, in a statistically indistinguishable way. Our contributions regarding these certified-everlasting NIZKs (CE-NIZKs) are as follows: - We identify a barrier to obtaining CE-NIZKs in the CRS model via generalizations of known interactive zero-knowledge proofs that satisfy CE-ZK. - We circumvent this by constructing CE-NIZK from black-box use of NIZK for NP satisfying certain properties, along with OWFs. As a result, we obtain CE-NIZKs for NP in the CRS model, based on polynomial hardness of the learning with errors (LWE) assumption. - In addition, we observe that the aforementioned barrier does not apply to the shared EPR model. We leverage this fact to construct a CE-NIZK for NP in this model based on any statistical binding hidden-bits generator, which can be based on LWE. The only quantum computation in this protocol involves single-qubit measurements of the shared EPR pairs.
翻译:本文研究满足以下性质的NP问题非交互式零知识证明(NIZK):1)统计可靠性,2)计算零知识性,以及3)可验证永久性零知识(CE-ZK)。CE-ZK特性允许量子证明的验证者以可被证明者检验(验证)的方式撤销证明。在成功验证的条件下,验证者的状态可以仅通过陈述语句以统计不可区分的方式进行高效模拟。关于这些可验证永久性NIZK(CE-NIZK)的研究成果如下:- 我们通过推广已知满足CE-ZK的交互式零知识证明,识别出在CRS模型中获得CE-NIZK的障碍。- 我们通过黑盒使用满足特定性质的NP问题NIZK及单向函数(OWF)构建CE-NIZK来规避该障碍。基于此,我们在错误学习(LWE)假设的多项式硬度基础上,获得了CRS模型中NP问题的CE-NIZK。- 此外,我们注意到上述障碍不适用于共享EPR模型。利用这一事实,我们基于任意统计绑定的隐藏比特生成器(可基于LWE构建)在该模型中构造了NP问题的CE-NIZK。该协议中唯一的量子计算涉及对共享EPR对的单量子比特测量。