The Black-Box Simulation Barrier Persists in a Fully Quantum World

Abstract

Zero-Knowledge (ZK) protocols have been intensely studied due to their fundamental importance and versatility. However, quantum information's inherent differences significantly alter the landscape, necessitating a re-examination of ZK designs. A crucial aspect is round complexity, linked to simulation, which forms the foundation of ZK definition and security proofs. In the post-quantum setting, where honest parties and channels are classical but adversaries quantum, Chia et al. [FOCS'21] showed constant-round black-box-simulatable ZK arguments (BBZK) for NP are impossible unless NP ⊂eq BQP. But this problem remains open when all parties and communication are quantum. Indeed, this problem interests the broader theory of quantum computing. Investigating how quantum power alters tasks like the unconditional security of QKD and incorporating OT in MiniQCrypt has been crucial. Moreover, quantum communication has enabled round compression for commitments and interactive arguments. Along this line, understanding if quantum computing could fundamentally change ZK protocols is vital. We resolved this problem by proving that only languages in BQP admit constant-round fully-quantum BBZK. This result holds significant implications. Firstly, it illuminates the nature of quantum zero-knowledge and provides valuable insights for designing future protocols in the quantum realm. Secondly, it relates ZK round complexity with the intriguing problem of BQP vs QMA, which is out of the reach of previous analogue impossibility results in the classical or post-quantum setting. Lastly, it justifies the need for the non-black-box simulation techniques or the relaxed security notions employed in existing constant-round fully-quantum BBZK protocols.