Certified-Everlasting Quantum NIZK Proofs

We study non-interactive zero-knowledge proofs (NIZKs) for NP satisfying: 1) statistical soundness, 2) computational zero-knowledge and 3) certified-everlasting zero-knowledge (CE-ZK). The CE-ZK property allows a verifier of a quantum proof to revoke the proof in a way that can be checked (certified) by the prover. Conditioned on successful certification, the verifier’s state can be efficiently simulated with only the statement, in a statistically indistinguishable way. Our contributions regarding these certified-everlasting NIZKs (CE-NIZKs) are as follows: - We identify a barrier to obtaining CE-NIZKs in the CRS model via generalizations of known interactive zero-knowledge proofs that satisfy CE-ZK. - We circumvent this by constructing CE-NIZK from black-box use of NIZK for NP satisfying certain properties, along with OWFs. As a result, we obtain CE-NIZKs for NP in the CRS model, based on polynomial hardness of the learning with errors (LWE) assumption. - In addition, we observe that the aforementioned barrier does not apply to the shared EPR model. We leverage this fact to construct a CE-NIZK for NP in this model based on any statistical binding hidden-bits generator, which can be based on LWE. The only quantum computation in this protocol involves single-qubit measurements of the shared EPR pairs.

💡 Research Summary

This paper introduces certified‑everlasting non‑interactive zero‑knowledge proofs (CE‑NIZKs) for NP languages that simultaneously achieve three security properties: statistical soundness, computational zero‑knowledge, and certified‑everlasting zero‑knowledge (CE‑ZK). CE‑ZK requires a quantum verifier to delete the proof state and provide a verifiable certificate of deletion; once this certificate is accepted, the verifier’s remaining quantum state can be simulated using only the statement, making the proof information statistically indistinguishable from an ideal simulation.

The authors first formalize CE‑NIZKs in two common quantum setup models: the common reference string (CRS) model and the shared‑EPR model. They then identify a fundamental barrier to constructing CE‑NIZKs in the CRS model by defining a class of “deletion‑resistant” CE‑NIZKs. They prove that any protocol belonging to this class would simultaneously yield a NIZK that is both statistically sound and statistically zero‑knowledge, contradicting known impossibility results. Consequently, straightforward adaptations of existing interactive CE‑ZK protocols to the non‑interactive setting are impossible.

To overcome this barrier, the paper presents a novel construction for the CRS model that uses two layers of quantum‑secure NIZK proofs in superposition. The first layer is a quantum‑secure NIZK for NP (Definition 3.6), which can be instantiated from the learning‑with‑errors (LWE) assumption. The second layer combines the two proofs using the classic 4‑slot technique and an OR‑proof strategy, and then applies a certified‑deletion theorem for BB84 states. This yields a CE‑NIZK that relies only on LWE‑based quantum‑secure NIZKs and post‑quantum one‑way functions (OWFs). The construction achieves statistical soundness, computational zero‑knowledge, and CE‑ZK without requiring any stronger assumptions such as indistinguishability obfuscation.

In contrast, the authors observe that the deletion‑resistant barrier does not apply in the shared‑EPR model, where the prover and verifier share halves of many EPR pairs. Leveraging this, they adapt the hidden‑bits compiler of QRW19: any statistically binding hidden‑bits generator can be turned into a CE‑NIZK. Using an LWE‑based hidden‑bits generator, the resulting protocol requires only single‑qubit measurements of the shared EPR halves (in one of two bases) and classical computation/communication otherwise. This makes the protocol highly efficient in terms of quantum resources while still providing the same security guarantees as the CRS construction.

The paper also situates CE‑NIZKs among related quantum‑enhanced NIZK notions such as unclonable NIZKs, certified‑deletion NIZKs, and certified‑deniability NIZKs. It clarifies that CE‑ZK is orthogonal to these concepts, focusing on everlasting simulation after a certified deletion rather than on preventing copying or providing deniability. Moreover, the authors compare the assumptions required for each model, emphasizing that both constructions rely only on the standard LWE hardness and OWFs, avoiding stronger primitives like iO.

Finally, the authors discuss open problems, including extensions to multi‑verifier settings, efficient CRS refresh mechanisms, and experimental implementation of the shared‑EPR protocol on near‑term quantum hardware. They suggest that the lightweight quantum operations required in the EPR model make it a promising candidate for practical deployment of certified‑everlasting zero‑knowledge in future cryptographic systems.