- A monogamy-of-entanglement game for subspace coset states
We establish a strong monogamy-of-entanglement property for subspace coset states, which are uniform superpositions of vectors in a linear subspace of Fn2 to which has been applied a quantum one-time pad. This property was conjectured recently by [Coladangelo, Liu, Liu, and Zhandry, Crypto'21] and shown to have applications to unclonable decryption and copy-protection of pseudorandom functions. We present two proofs, one which directly follows the method of the original paper and the other which uses an observation from [Vidick and Zhang, Eurocrypt'20] to reduce the analysis to a simpler monogamy game based on BB'84 states. Both proofs ultimately rely on the same proof technique, introduced in [Tomamichel, Fehr, Kaniewski and Wehner, New Journal of Physics '13].
Eric Culf, Thomas Vidick
Technical report, arXiv:2107.13324.
- Almost synchronous quantum correlations
The study of quantum correlation sets initiated by Tsirelson in the 1980s and originally motivated by questions in the foundations of quantum mechanics has more recently been tied to questions in quantum cryptography, complexity theory, operator space theory, group theory, and more. Synchronous correlation sets introduced in [Paulsen et. al, JFA 2016] are a subclass of correlations that has proven particularly useful to study and arises naturally in applications. We show that any correlation that is almost synchronous, in a natural ℓ1 sense, arises from a state and measurement operators that are well-approximated by a convex combination of projective measurements on a maximally entangled state. This extends a result of [Paulsen et. al, JFA 2016] which applies to exactly synchronous correlations. Crucially, the quality of approximation is independent of the dimension of the Hilbert spaces or of the size of the correlation. Our result allows one to reduce the analysis of many classes of nonlocal games, including rigidity properties, to the case of strategies using maximally entangled states which are generally easier to manipulate.
Thomas Vidick
Submitted, arXiv:2103.02468.
- Quantum soundness of the classical low individual degree test
Low degree tests play an important role in classical complexity theory, serving as basic ingredients in foundational results such as MIP=NEXP [BFL91] and the PCP theorem [AS98,ALM+98]. Over the last ten years, versions of these tests which are sound against quantum provers have found increasing applications to the study of nonlocal games and the complexity class~MIP∗. The culmination of this line of work is the result MIP∗=RE [arXiv:2001.04383]. One of the key ingredients in the first reported proof of MIP∗=RE is a two-prover variant of the low degree test, initially shown to be sound against multiple quantum provers in [arXiv:1302.1242]. Unfortunately a mistake was recently discovered in the latter result, invalidating the main result of [arXiv:1302.1242] as well as its use in subsequent works, including [arXiv:2001.04383]. We analyze a variant of the low degree test called the low individual degree test. Our main result is that the two-player version of this test is sound against quantum provers. This soundness result is sufficient to re-derive several bounds on~MIP∗ that relied on [arXiv:1302.1242], including MIP∗=RE.
Zhengfeng Ji, Anand Natarajan, Thomas Vidick, John Wright, Henry Yuen
Proceedings of FOCS'21, arXiv:2009.12982.
- Simpler Proofs of Quantumness
A proof of quantumness is a method for provably demonstrating (to a classical verifier) that a quantum device can perform computational tasks that a classical device with comparable resources cannot. Providing a proof of quantumness is the first step towards constructing a useful quantum computer. There are currently three approaches for exhibiting proofs of quantumness: (i) Inverting a classically-hard one-way function (e.g. using Shor's algorithm). This seems technologically out of reach. (ii) Sampling from a classically-hard-to-sample distribution (e.g. BosonSampling). This may be within reach of near-term experiments, but for all such tasks known verification requires exponential time. (iii) Interactive protocols based on cryptographic assumptions. The use of a trapdoor scheme allows for efficient verification, and implementation seems to require much less resources than (i), yet still more than (ii). In this work we propose a significant simplification to approach (iii) by employing the random oracle heuristic. (We note that we do not apply the Fiat-Shamir paradigm.) We give a two-message (challenge-response) proof of quantumness based on any trapdoor claw-free function. In contrast to earlier proposals we do not need an adaptive hard-core bit property. This allows the use of smaller security parameters and more diverse computational assumptions (such as Ring Learning with Errors), significantly reducing the quantum computational effort required for a successful demonstration.
Zvika Brakerski, Venkata Koppula, Umesh Vazirani, Thomas Vidick
Proceedings of TQC'20, arXiv:2005.04826.
- Classical proofs of quantum knowledge
We define the notion of a proof of knowledge in the setting where the verifier is classical, but the prover is quantum, and where the witness that the prover holds is in general a quantum state. We establish simple properties of our definition, including that nondestructive classical proofs of quantum knowledge are impossible for nontrivial states, and that, under certain conditions on the parameters in our definition, a proof of knowledge protocol for a hard-to-clone state can be used as a (destructive) quantum money verification protocol. In addition, we provide two examples of protocols (both inspired by private-key classical verification protocols for quantum money schemes) which we can show to be proofs of quantum knowledge under our definition. In so doing, we introduce new techniques for the analysis of such protocols which build on results from the literature on nonlocal games. Finally, we show that, under our definition, the verification protocol introduced by Mahadev (FOCS 2018) is a classical argument of quantum knowledge for QMA relations.
Thomas Vidick, Tina Zhang
Proceedings of Eurocrypt'21, arXiv:2005.01691.
- Self-testing of a single quantum device under computational assumptions
Self-testing is a method to characterise an arbitrary quantum system based only on its classical input-output correlations. This usually requires the assumption that the system's state is shared among multiple parties that only perform local measurements and cannot communicate. Here, we replace the setting of multiple non-communicating parties, which is difficult to enforce in practice, by a single computationally bounded party. Specifically, we construct a protocol that allows a classical verifier to robustly certify that a single computationally bounded quantum device must have prepared a Bell pair and performed single-qubit measurements on it, up to a change of basis applied to both the device's state and measurements. This means that under computational assumptions, the verifier is able to certify the presence of entanglement inside a single quantum device. We achieve this using techniques introduced by Brakerski et al. (2018) and Mahadev (2018) which allow a classical verifier to constrain the actions of a quantum device assuming the device does not break post-quantum cryptography.
Tony Metger, Thomas Vidick
Proceedings of ITCS'21. Journal version in Quantum, arXiv:2001.09161.
- MIP*=RE
We show that the class MIP* of languages that can be decided by a classical verifier interacting with multiple all-powerful quantum provers sharing entanglement is equal to the class RE of recursively enumerable languages. Our proof builds upon the quantum low-degree test of (Natarajan and Vidick, FOCS 2018) by integrating recent developments from (Natarajan and Wright, FOCS 2019) and combining them with the recursive compression framework of (Fitzsimons et al., STOC 2019). An immediate byproduct of our result is that there is an efficient reduction from the Halting Problem to the problem of deciding whether a two-player nonlocal game has entangled value 1 or at most 12. Using a known connection, undecidability of the entangled value implies a negative answer to Tsirelson's problem: we show, by providing an explicit example, that the closure Cqa of the set of quantum tensor product correlations is strictly included in the set Cqc of quantum commuting correlations. Following work of (Fritz, Rev. Math. Phys. 2012) and (Junge et al., J. Math. Phys. 2011) our results provide a refutation of Connes' embedding conjecture from the theory of von Neumann algebras.
Zhengfeng Ji, Anand Natarajan, Thomas Vidick, John Wright, Henry Yuen
Manuscript. See the related introductory article, blog post, and recorded overview talk, arXiv:2001.04383.
- Non-interactive zero-knowledge arguments for QMA, with preprocessing
We initiate the study of non-interactive zero-knowledge (NIZK) arguments for languages in QMA. Our first main result is the following: if Learning With Errors (LWE) is hard for quantum computers, then any language in QMA has an NIZK argument with preprocessing. The preprocessing in our argument system consists of (i) the generation of a CRS and (ii) a single (instance-independent) quantum message from verifier to prover. The instance-dependent phase of our argument system involves only a single classical message from prover to verifier. Importantly, verification in our protocol is entirely classical, and the verifier needs not have quantum memory; its only quantum actions are in the preprocessing phase. Our second contribution is to extend the notion of a classical proof of knowledge to the quantum setting. We introduce the notions of arguments and proofs of quantum knowledge (AoQK/PoQK), and we show that our non-interactive argument system satisfies the definition of an AoQK. In particular, we explicitly construct an extractor which can recover a quantum witness from any prover which is successful in our protocol. Finally, we show that any language in QMA has an (interactive) proof of quantum knowledge.
Andrea Coladangelo, Thomas Vidick, Tina Zhang
Crypto'20, arXiv:1911.07546.
- From Operator Algebras to Complexity Theory and Back
Thomas Vidick
Notices of the AMS, November 2019.
- Verifying quantum computations at scale A cryptographic leash on quantum devices
Thomas Vidick
Bull. Amer. Math. Soc., 2020.