Two prover perfect zero knowledge for MIP*
arxiv(2024)
摘要
The recent MIP*=RE theorem of Ji, Natarajan, Vidick, Wright, and Yuen shows
that the complexity class MIP* of multiprover proof systems with entangled
provers contains all recursively enumerable languages. Prior work of Grilo,
Slofstra, and Yuen [FOCS '19] further shows (via a technique called simulatable
codes) that every language in MIP* has a perfect zero knowledge (PZK) MIP*
protocol. The MIP*=RE theorem uses two-prover one-round proof systems, and
hence such systems are complete for MIP*. However, the construction in Grilo,
Slofstra, and Yuen uses six provers, and there is no obvious way to get perfect
zero knowledge with two provers via simulatable codes. This leads to a natural
question: are there two-prover PZK-MIP* protocols for all of MIP*?
In this paper, we show that every language in MIP* has a two-prover one-round
PZK-MIP* protocol, answering the question in the affirmative. For the proof, we
use a new method based on a key consequence of the MIP*=RE theorem, which is
that every MIP* protocol can be turned into a family of boolean constraint
system (BCS) nonlocal games. This makes it possible to work with MIP* protocols
as boolean constraint systems, and in particular allows us to use a variant of
a construction due to Dwork, Feige, Kilian, Naor, and Safra [Crypto '92] which
gives a classical MIP protocol for 3SAT with perfect zero knowledge. To show
quantum soundness of this classical construction, we develop a toolkit for
analyzing quantum soundness of reductions between BCS games, which we expect to
be useful more broadly. This toolkit also applies to commuting operator
strategies, and our argument shows that every language with a commuting
operator BCS protocol has a two prover PZK commuting operator protocol.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要