Abstract
A test of quantumness is a protocol that allows a classical verifier to certify (only) that a prover is not classical. We show that tests of quantumness that follow a certain template, which captures recent proposals such as [KCVY21, KLVY22], can in fact do much more. Namely, the same protocols can be used for certifying a qubit, a building-block that stands at the heart of applications such as certifiable randomness and classical delegation of quantum computation.
Certifying qubits was previously only known to be possible based on families of post-quantum trapdoor claw-free functions (TCF) with an advanced “adaptive hardcore bit” property, which have only been constructed based on the hardness of the Learning with Errors problem [BCM+21] and recently isogeny-based group actions [AMR23]. Our framework allows certification of qubits based only on the existence of post-quantum TCF, without the adaptive hardcore bit property, or on quantum fully homomorphic encryption. These can be instantiated, for example, from Ring Learning with Errors. This has the potential to improve the efficiency of qubit certification and derived functionalities.
On the technical side, we show that the quantum soundness of any such protocol can be reduced to proving a bound on a simple algorithmic task: informally, answering “two challenges simultaneously” in the protocol. Our reduction formalizes the intuition that these protocols demonstrate quantumness by leveraging the impossibility of rewinding a general quantum prover. This allows us to prove tight bounds on the quantum soundness of [KCVY21] and [KLVY22], showing that no quantum polynomial-time prover can succeed with probability larger than \(\cos ^2 \frac{\pi }{8}\approx 0.853\). Previously, only an upper bound on the success probability of classical provers, and a lower bound on the success probability of quantum provers, were known. We then extend this proof of quantum soundness to show that provers that approach the quantum soundness bound must perform almost anti-commuting measurements. This certifies that the prover holds a qubit.
The full version of this paper can be found at https://arxiv.org/abs/2303.01293.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Also sometimes referred to as proof of quantumness [BKVV20].
- 2.
The one exception is the recent test of quantumness by Yamakawa and Zhandry [YZ22], which also achieves certifiable randomness generation, albeit by relying on a conjecture of Aaronson and Ambainis [AA14]. We exclude “quantum supremacy” demonstrations such as [AA11, AAB+19] because (i) they are not efficiently verifiable, and (ii) except for a single exception [BBF+21], they are not known to lead to any interesting cryptographic task.
- 3.
We recall that the use of adaptive hardcore bits in [BCM+21] led to a significant degradation in the parameters for LWE that could be used.
- 4.
Here, \(\hat{c}_0\) and \(\hat{c}_1\) are defined conditional on a transcript for Phase A of the protocol template. We refer to Theorem 4.4 for a more precise formulation.
- 5.
Here, “distance” should be measured using the appropriate norm. We use the standard “state-dependent norm” from self-testing. See Theorem 4.7 for the precise formulation.
- 6.
CHSH is a well known two-prover protocol, which allows to certify quantum correlations between two non-communicating provers.
- 7.
By Naimark’s theorem the requirement that the measurement is projective is without loss of generality, up to enlarging the prover’s Hilbert space with a single auxiliary qubit.
- 8.
Without loss of generality, both \(Q_0\) and \(Q_1\) have rank exactly 1 in \(\mathcal {H}_i\). In all other cases, the 2-dimensional space \(\mathcal {H}_i\) can be further decomposed as a sum of two invariant 1-dimensional spaces.
- 9.
This does require a minor extra property of the TCF, which states that “\(x_0\)” type preimages can be efficiently distinguished from “\(x_1\)” type preimages; this property can be shown to hold for all TCF constructions of which we are aware.
- 10.
Their results apply to k-prover nonlocal games; here we only consider the case where \(k=2\).
References
Aaronson, S., Arkhipov, A.: The computational complexity of linear optics. In: Proceedings of the 43rd Annual ACM Symposium on Theory of Computing, pp. 333–342 (2011)
Aaronson, S., Ambainis, A.: The need for structure in quantum speedups. Theor. Comput. 10(1), 133–166 (2014)
Arute, F., et al.: Quantum supremacy using a programmable superconducting processor. Nature 574, 505–510 (2019)
Adcock, M., Cleve, R.: A quantum Goldreich-Levin theorem with cryptographic applications. In: Alt, H., Ferreira, A. (eds.) STACS 2002. LNCS, vol. 2285, pp. 323–334. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45841-7_26
Alamati, N., Malavolta, G., Rahimi, A.: Candidate trapdoor claw-free functions from group actions with applications to quantum protocols. In: Kiltz, E., Vaikuntanathan, V. (eds.) Theory of Cryptography. TCC 2022. Lecture Notes in Computer Science, vol. 13747, pp. 266–293. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-22318-1_10
Bassirian, R., Bouland, A., Fefferman, B., Gunn, S., Tal, A.: On certified randomness from quantum advantage experiments. arXiv preprint arXiv:2111.14846 (2021)
Brakerski, Z., Christiano, P., Mahadev, U., Vazirani, U., Vidick, T.: A cryptographic test of quantumness and certifiable randomness from a single quantum device. J. ACM (JACM) 68(5), 1–47 (2021)
Brakerski, Z., Koppula, V., Vazirani, U., Vidick, T.: Simpler proofs of quantumness. In: 15th Conference on the Theory of Quantum Computation, Communication and Cryptography, TQC 2020. Schloss Dagstuhl-Leibniz-Zentrum für Informatik (2020)
Clauser, J.F., Horne, M.A., Shimony, A., Holt, R.A.: Proposed experiment to test local hidden-variable theories. Phys. Rev. Lett. 23(15), 880 (1969)
Chiesa, A., Ma, F., Spooner, N., Zhandry, M.: Post-quantum succinct arguments. CoRR, abs/2103.08140 (2021). Appeared in FOCS 2021
Fu, H., Wang, D., Zhao, Q.: Computational self-testing of multi-qubit states and measurements. arXiv preprint arXiv:2201.13430 (2022)
Gheorghiu, A., Metger, T., Poremba, A.: Quantum cryptography with classical communication: parallel remote state preparation for copy-protection, verification, and more. arXiv preprint arXiv:2201.13445 (2022)
Gheorghiu, A., Vidick, T.: Computationally-secure and composable remote state preparation. In: 2019 IEEE 60th Annual Symposium on Foundations of Computer Science (FOCS), pp. 1024–1033. IEEE (2019)
Kahanamoku-Meyer, G.D., Choi, S., Vazirani, U.V., Yao, N.Y.: Classically-verifiable quantum advantage from a computational Bell test. CoRR, abs/2104.00687 (2021)
Kalai, Y., Lombardi, A., Vaikuntanathan, V., Yang, L.: Quantum advantage from any non-local game. arXiv preprint arXiv:2203.15877 (2022)
Merkulov, I., Arnon-Friedman, R.: Entropy accumulation under post-quantum cryptographic assumptions (2023, to appear). To appear on arXiv, March 2023
Mahadev, U.: Classical verification of quantum computations. In: 2018 IEEE 59th Annual Symposium on Foundations of Computer Science (FOCS), pp. 259–267. IEEE (2018)
Mahadev, U.: Classical homomorphic encryption for quantum circuits. SIAM J. Comput., FOCS18-189 (2020)
Metger, T., Dulek, Y., Coladangelo, A., Arnon-Friedman, R.: Device-independent quantum key distribution from computational assumptions. New J. Phys. 23(12), 123021 (2021)
Metger, T., Vidick, T.: Self-testing of a single quantum device under computational assumptions. Quantum 5, 544 (2021)
Mahadev, U., Vazirani, U., Vidick, T.: Efficient certifiable randomness from a single quantum device. arXiv preprint arXiv:2204.11353 (2022)
Natarajan, A., Zhang, T.: Bounding the quantum value of compiled nonlocal games: from CHSH to BQP verification (2023). Manuscript
Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. J. ACM (JACM) 56(6), 1–40 (2009)
Shor, P.W.: Algorithms for quantum computation: discrete logarithms and factoring. In: Proceedings 35th Annual Symposium on Foundations of Computer Science, pp. 124–134. IEEE (1994)
Vidick, T.: Cours FSMP, Fall’20: Interactions with quantum devices (2020). http://users.cms.caltech.edu/~vidick/teaching/fsmp/fsmp.pdf
Wilde, M.M.: From classical to quantum Shannon theory. arXiv preprint arXiv:1106.1445 (2011)
Yamakawa, T., Zhandry, M.: Verifiable quantum advantage without structure. In: 2022 IEEE 63rd Annual Symposium on Foundations of Computer Science (FOCS), pp. 69–74. IEEE (2022)
Zhang, J.: Classical verification of quantum computations in linear time. In: 2022 IEEE 63rd Annual Symposium on Foundations of Computer Science (FOCS), pp. 46–57. IEEE (2022)
Zhu, D., et al.: Interactive protocols for classically-verifiable quantum advantage. arXiv preprint arXiv:2112.05156 (2021)
Acknowledgments
We thank Ilya Merkulov and Rotem Arnon-Friedman for discussions in the early stages of this work.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A A Trigonometric Identity
A A Trigonometric Identity
Lemma A.1
The following inequality holds for all \(\alpha , \beta \in [0, 2\pi ]\):
Proof
Using \(\cos ^2(\phi ) = \frac{1}{2}(1 + \cos (2 \phi ))\) and that \(\cos ^2(\pi /8) = \frac{1}{2}\left( 1 + \frac{1}{\sqrt{2}} \right) \), we can rewrite the inequality as
which after simplification and using the cosine sum rule becomes
Let \(x = \alpha + \beta , y = \alpha - \beta \), so that it will suffice to show
Note that if \(\cos (x)\) and \(\cos (y)\) have opposite signs, the inequality is trivially satisfied, as the left-hand side will be non-positive while the right-hand side is always positive. Without loss of generality we restrict to the case where \(\cos (x) \ge 0\) and \(\cos (y) \ge 0\) (the case where they’re both negative is analogous). As \(\cos (x) \le 1\), it’s sufficient to show that
Taking \(t = \cos (y)\), with \(0 \le t \le 1\), it suffices to show
Suppose first that \(2t^2 - 1 \ge 0\) which means (since \(t \ge 0\)) that \(t \ge \frac{1}{\sqrt{2}}\). In this case, we have to show that
This follows from noting that \(2t^2 - t - 1 + \frac{1}{\sqrt{2}}\) has roots \(t_1 = \frac{1}{2} - \frac{1}{\sqrt{2}}\) and \(t_2 = \frac{1}{\sqrt{2}}\) and is positive for all \(t \le t_1\) and \(t \ge t_2\). Since we assumed \(t \ge \frac{1}{\sqrt{2}}\) the result follows.
Now suppose that \(2t^2 - 1 \le 0\) which means (since \(t \ge 0\)) that \(0 \le t \le \frac{1}{\sqrt{2}}\). In this case, we have to show that
Here, the roots are \(t_1 = -\frac{1}{2} - \frac{1}{\sqrt{2}}\) and \(t_2 = \frac{1}{\sqrt{2}}\) and the expression is positive for all \(t_1 \le t \le t_2\). Since \(0 \le t \le \frac{1}{\sqrt{2}}\), the inequality is satisfied, concluding the proof.
Rights and permissions
Copyright information
© 2023 International Association for Cryptologic Research
About this paper
Cite this paper
Brakerski, Z., Gheorghiu, A., Kahanamoku-Meyer, G.D., Porat, E., Vidick, T. (2023). Simple Tests of Quantumness Also Certify Qubits. In: Handschuh, H., Lysyanskaya, A. (eds) Advances in Cryptology – CRYPTO 2023. CRYPTO 2023. Lecture Notes in Computer Science, vol 14085. Springer, Cham. https://doi.org/10.1007/978-3-031-38554-4_6
Download citation
DOI: https://doi.org/10.1007/978-3-031-38554-4_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-38553-7
Online ISBN: 978-3-031-38554-4
eBook Packages: Computer ScienceComputer Science (R0)