We construct the first constant-round protocols for secure quantum computation in the two-party (2PQC) and multi-party (MPQC) settings with security against malicious adversaries. Our protocols are in the common random string (CRS) model. - Assuming two-message oblivious transfer (OT), we obtain (i) three-message 2PQC, and (ii) five-round MPQC with only three rounds of online (input-dependent) communication; such OT is known from quantum-hard Learning with Errors (QLWE). - Assuming sub-exponential hardness of QLWE, we obtain (i) three-round 2PQC with two online rounds and (ii) four-round MPQC with two online rounds. - When only one (out of two) parties receives output, we achieve minimal interaction (two messages) from two-message OT; classically, such protocols are known as non-interactive secure computation (NISC), and our result constitutes the first maliciously-secure quantum NISC. Additionally assuming reusable malicious designated-verifier NIZK arguments for NP (MDV-NIZKs), we give the first MDV-NIZK for QMA that only requires one copy of the quantum witness. Finally, we perform a preliminary investigation into two-round secure quantum computation where each party must obtain output. On the negative side, we identify a broad class of simulation strategies that suffice for classical two-round secure computation that are unlikely to work in the quantum setting. Next, as a proof-of-concept, we show that two-round secure quantum computation exists with respect to a quantum oracle.
翻译:我们为两方(2PQC)和多方(MPQC)的安全量计算构建了第一个常数轮协议,在两方(2PQC)和多方(MPQC)的设置中安全量子计算,防止恶意对手。我们的协议处于共同随机字符串(CRS)模式中。假设有2个消息模糊的传输(OT),我们就获得(一)3个消息 2PQC 和(二) 五轮MPQC,只有三轮在线(依靠投入的)通信;这种协议在有错误的量子硬学习(QLWE)中是已知的。 - 假设QLWE的次级硬度次级硬度,我们获得(一) 3轮2PQC,使用2个在线的随机随机随机随机传输(二) MPQC,使用两轮双发消息传输的计算。 当一(两部)收到输出的量级(两部信息),我们从两部网络安全度计算(NIK)进行最小的交互互动(2条信息), 而我们的结果构成第2类不可靠的量级(NIC),假设可以重新进行恶意指定IMK的直数值计算。