Entanglement and Quantum Interactive ProofsHirotada Kobayashi

National Institute of Informatics

The Model of Interactive Proof SystemsInteractive Proof Systems [Babai 85, Goldwasser, Micali, and Rackoff 85]

Communication model between two players: prover, verifier.Unlimitedly powerful prover tries to convince verifier of his assertion.Verifier must efficiently check the validity of the prover’s assertion

(in polynomial time, with high prob.).

Natural generalization ofprobabilistic and nondeterministic computations.

Underlying model of zero-knowledge proof systems.

Multi-Prover Interactive Proof Systems [Ben-Or, Goldwasser, Kilian, and Wigderson 88]

A verifier communicates with multiple provers.Provers are NOT permitted to communicate with each other.

Dishonest isolated provers are easier to be caught,which would make the verification more powerful.

Introduced from cryptographic motivation,and very important in inapproximability theory.

Properties of multi-prover interactive proofsMIP = NEXP. [Babai, Fortnow, and Lund 90]

The multi-prover model is indeed much stronger than the single-prover one.A problem is verifiable with an multi-prover interactive proofiff it is computable in nondeterministic exponential time.

Two-prover one-round systems areas powerful as poly-prover poly-round ones. [Feige and Lovász 92]

The simplest case of multi-prover interactive proofs hasthe same verification ability as the most general case of them.

Robust for shared randomness among provers(except for zero-knowledge properties).

The Power of Entangled ProversWhat is the power of quantum multi-prover interactive proofs?What happens when provers share entanglement a priori?

Very little is known!!!

Two aspects of prior-entanglementNegative aspect:

Dishonest provers may use it to break protocols.Positive aspect:

Honest provers may use it to help verification.

With entangled provers, the verification abilityeither may be weakened because of the negative aspect,may be strengthened because of the positive aspect,or even may be incomparable with the classical case

because of both!(cf. AQIS ’10 tutorial and invited talks of Buhrman)

Some Limits on the Power of Entangled ProversQMIP(l.e.) ⊆ NEXP. [Kobayashi and Matsumoto 03]

Provers sharing at most polynomially many entangled qubitscannot strengthen the verification power,even if the verifier uses quantum communication and computation.

In particular, QMIP(n.e.) = NEXP,i.e., with unentangled provers, using quantum informationcannot change the power of multi-prover interactive proofs.

Every problem in PSPACE has a two-prover one-round system,where honest provers do not need entanglement at allto perfectly pass the verification,while any dishonest provers with arbitrary entanglementcan pass it with only exponentially small probability.

[Ito, Kobayashi, and Matsumoto 09]

Every problem in NEXP has a two-prover one-round system,where honest provers do not need entanglement at allto perfectly pass the verification,while any dishonest provers with arbitrary entanglementcannot pass it perfectly. [Ito, Kobayashi, and Matsumoto 09](In the PSPACE case, the completeness-soundness gap, which is the measure of the accuracy of the verification, is exponentially close to one. In the NEXP case, in contrast, the gap is exponentially small, and is not sufficiently large.)

The Power of Unentangled ProversAs mentioned above, quantum multi-prover interactive proofswith unentangled provers are just as powerful as classical ones.

The situation changes in the “non-interactive” case!

Quantum “multi-Merlin”-Arthur Proof Systems [Kobayashi, Matsumoto, and Yamakami 03]

Merlins (provers) send quantum proofs to Arthur (a verifier),who then checks their validity without communications.

Each quantum proof is unentangled with others.

Classically, multiple proofs can be concatenatedinto one long proof, and thus have no merit for a verifier.

Quantumly, multiple unentangled proofshave different structure from one long quantum proof,and may be beneficial to a quantum verifier.

Reducing the Number of Quantum ProofsTwo-proof systems can simulate poly-proof systems

while keeping 1/poly completeness-soundness gap.[Kobayashi, Matsumoto, and Yamakami 03, 09, Aaronson, Beigi, Drucker, Fefferman, and Shor 08]

(cf. AQIS ’10 talk of Harrow and Montanaro for very recent improvements)Two-proof systems are as powerful poly-proof systems

iff the completeness-soundness gap in two-proof systemsis arbitrarily amplifiable (i.e., can be negligibly small).

[Kobayashi, Matsumoto, and Yamakami 03, 09]

Related Publications of ERATO/SORST QCI ProjectT. Ito, H. Kobayashi, and K. Matsumoto. Oracularization and two-prover one-round interactive proofs against nonlocal strategies. In 24th IEEE Conference on Computational Complexity, pages 217–228, 2009.H. Kobayashi and K. Matsumoto. Quantum multi-prover interactive proof systems with limited prior entanglement. J. Comput. Syst. Sci., 66(3): 429–450, 2003.H. Kobayashi, K. Matsumoto, and T. Yamakami. Quantum Merlin-Arthur proof systems: Are multiple Merlins more helpful to Arthur? Chicago J. Theoret. Comput. Sci., 2009: Article 3, 2009.

Earlier conference versions in EQIS ’01 and ISAAC ’03.

Verifier Prover

Verifier

Prover

Prover

Prover

Verifier

Proof Proof Proof