In the quantum computation verification problem, a quantum server wants to convince a client that the output of evaluating a quantum circuit $C$ is some result that it claims. This problem is considered very important both theoretically and practically in quantum computation [arXiv:1709.06984], [arXiv:1704.04487], [arXiv:1209.0449]. The client is considered to be limited in computational power, and one desirable property is that the client can be completely classical, which leads to the classical verification of quantum computation (CVQC) problem. In terms of the total time complexity, the fastest single-server CVQC protocol so far has complexity $O(poly(\kappa)|C|^3)$ where $|C|$ is the size of the circuit to be verified and $\kappa$ is the security parameter, given by Mahadev [arXiv:1804.01082]. In this work, by developing new techniques, we give a new CVQC protocol with complexity $O(poly(\kappa)|C|)$, which is significantly faster than existing protocols. Our protocol is secure in the quantum random oracle model [arXiv:1008.0931] assuming the existence of noisy trapdoor claw-free functions [arXiv:1804.00640], which are both extensively used assumptions in quantum cryptography. Along the way, we also give a new classical channel remote state preparation protocol for states in $\{|+_\theta\rangle=\frac{1}{\sqrt{2}}(|0\rangle+e^{i\theta\pi/4}|1\rangle):\theta\in \{0,1\cdots 7\}\}$, another basic primitive in quantum cryptography. Our protocol allows for parallel verifiable preparation of $L$ independently random states in this form (up to a constant overall error and a possibly unbounded server-side simulator), and runs in only $O(poly(\kappa)L)$ time and constant rounds; for comparison, existing works (even for possibly simpler state families) all require very large or unestimated time and round complexities [arXiv:1904.06320][arXiv:1904.06303][arXiv:2201.13445][arXiv:2201.13430].

翻译：在量子计算验证问题中，量子服务器需要向客户端证明，评估量子电路$C$的输出结果确实如其所声称。该问题在量子计算的理论与实践层面均具有重要意义[arXiv:1709.06984][arXiv:1704.04487][arXiv:1209.0449]。由于客户端计算能力受限，期望其完全经典化，由此引出了量子计算的经典验证（CVQC）问题。就总体时间复杂度而言，目前最快的单服务器CVQC协议复杂度为$O(poly(\kappa)|C|^3)$，其中$|C|$表示待验证电路规模，$\kappa$为安全参数，该协议由Mahadev提出[arXiv:1804.01082]。本研究通过发展新技术，提出了复杂度为$O(poly(\kappa)|C|)$的新型CVQC协议，较现有协议实现显著加速。本协议在量子随机预言机模型[arXiv:1008.0931]下具有安全性，同时依赖噪声陷门爪函数[arXiv:1804.00640]的存在性——这两者均为量子密码学中的广泛使用假设。在此过程中，我们进一步提出一种面向状态族$\{|+_\theta\rangle=\frac{1}{\sqrt{2}}(|0\rangle+e^{i\theta\pi/4}|1\rangle):\theta\in \{0,1\cdots 7\}\}$的新型经典信道远程态制备协议，该协议是量子密码学中的另一基本原语。该协议支持并行可验证制备$L$个该形式的独立随机态（允许常数级整体误差与潜在无界服务器端模拟器），运行时间仅为$O(poly(\kappa)L)$且需常数轮交互。相比之下，现有工作（即便针对更简单的状态族）均需极大或未经验证的时间与轮复杂度[arXiv:1904.06320][arXiv:1904.06303][arXiv:2201.13445][arXiv:2201.13430]。