How to Classically Verify a Quantum Cat without Killing It

Existing protocols for classical verification of quantum computation (CVQC) consume the prover’s witness state, requiring a new witness state for each invocation. Because QMA witnesses are not generally clonable, destroying the input witness means that amplifying soundness and completeness via repetition requires many copies of the witness. Building CVQC with low soundness error that uses only one copy of the witness has remained an open problem so far. We resolve this problem by constructing a CVQC that uses a single copy of the QMA witness, has negligible completeness and soundness errors, and does not destroy its witness. The soundness of our CVQC is based on the post-quantum Learning With Errors (LWE) assumption. To obtain this result, we define and construct two primitives (under the post-quantum LWE assumption) for non-destructively handling superpositions of classical data, which we believe are of independent interest: - A state preserving classical argument for NP. - Dual-mode trapdoor functions with state recovery.

💡 Research Summary

The paper addresses a fundamental limitation of existing classical verification of quantum computation (CVQC) protocols: they consume the prover’s QMA witness, forcing the prover to provide a fresh copy for each execution. Since QMA witnesses cannot be cloned in general, this requirement makes soundness and completeness amplification impractical. The authors resolve this by constructing a CVQC protocol that (i) works with a single copy of the witness, (ii) achieves negligible completeness error (1 − negl(λ)) and negligible computational soundness error (negl(λ)) under the post‑quantum Learning‑With‑Errors (LWE) assumption, and (iii) leaves the witness essentially unchanged at the end of the protocol.

The construction relies on two novel primitives, both built from LWE‑based tools:

1. State‑preserving interactive arguments for NP. Traditional interactive arguments destroy the prover’s quantum state when the prover’s messages are measured. The authors design an argument where, if the prover starts with a superposition ∑α_w |w⟩ over possible NP witnesses, the superposition survives the entire interaction. This is achieved by combining LWE‑based commitment schemes with zero‑knowledge proofs in a way that the verifier’s challenges are statistically independent of the prover’s quantum amplitudes. The resulting argument is both an argument of knowledge and state‑preserving.

2. Dual‑mode trapdoor functions with state recovery. The authors define a family of randomized functions that can be sampled in either recovery mode or injective mode. In recovery mode the function is guaranteed to be non‑colliding; measuring the output on a state ∑α_w |w⟩ yields a classical value y, and given the trapdoor the verifier can reconstruct the original quantum superposition. In injective mode the function behaves like a standard injective trapdoor function, collapsing the input to a single witness w that can be recovered from the trapdoor. This dual‑mode capability enables the verifier to either extract the witness (for soundness) or to leave the witness untouched (for preservation).

With these primitives the authors build two generic compilers that transform any non‑adaptive CVQC (where the verifier’s messages do not depend on the prover’s previous messages) into a protocol satisfying the three desired properties:

• Amplification Compiler (Theorem 2). Starting from a non‑adaptive CVQC with completeness c and soundness s such that c − s ≥ 1/poly(λ), the compiler first modifies the protocol so that the prover’s witness is only degraded by an ε = 1/poly(λ) factor. Then it repeats the modified protocol sequentially, using the slightly degraded witness each time. Because the degradation is bounded, the sequential repetition drives completeness to 1 − negl(λ) and soundness to negl(λ) while still using only a single original witness.

• Witness‑preservation Compiler (Theorem 3). Starting from a CVQC that already has near‑perfect completeness (1 − negl(λ)) and negligible soundness, the compiler replaces the final measurement step with the state‑preserving NP argument and the dual‑mode trapdoor. This ensures that after the protocol the prover’s quantum state is statistically close (within negl(λ) in trace distance) to the original witness.

By applying the amplification compiler first (to obtain a high‑quality, single‑witness CVQC) and then the witness‑preservation compiler, the authors achieve the main result (Theorem 1): a CVQC for any language L ∈ QMA_{1‑2^{‑λ}, 2^{‑λ}} that is an argument of knowledge, uses only one copy of the witness, has negligible completeness and soundness errors, and leaves the witness essentially untouched.

The paper also discusses extensions to malicious verifiers. By coupling the state‑preserving CVQC with time‑lock puzzles and classical zero‑knowledge arguments, the prover can recover its witness even if the verifier deviates from the protocol. This yields “proofs of no‑intrusion” for quantum states, connecting to recent work on non‑destructive proofs for coset states.

Overall, the work bridges the gap between classical verification and the QMA setting: it shows that classical verifiers can achieve the same level of error reduction and witness reuse that quantum verifiers enjoy, without requiring multiple copies of a QMA witness. The reliance on LWE places the security in the well‑studied post‑quantum lattice‑based paradigm, making the construction both theoretically robust and potentially practical for future quantum‑cryptographic applications such as quantum money, quantum proofs of knowledge, and quantum zero‑knowledge protocols.