**Classical Verification of Quantum Computations with Efficient Verifier**

*Nai-Hui Chia and Kai-Min Chung and Takashi Yamakawa*

**Abstract: **In this paper, we extend the protocol of classical verification of quantum computations (CVQC) recently proposed by Mahadev to make the verification efficient. Our result is obtained in the following three steps:

- We show that parallel repetition of Mahadev's protocol has negligible soundness error. This gives the first constant round CVQC protocol with negligible soundness error. In this part, we only assume the quantum hardness of the learning with error (LWE) problem similar to Mahadev's work.

- We construct a two-round CVQC protocol in the quantum random oracle model (QROM) where a cryptographic hash function is idealized to be a random function. This is obtained by applying the Fiat-Shamir transform to the parallel repetition version of Mahadev's protocol.

-We construct a two-round CVQC protocol with an efficient verifier in the CRS+QRO model where both prover and verifier can access a (classical) common reference string generated by a trusted third party in addition to quantum access to QRO. Specifically, the verifier can verify a $\mathsf{QTIME}(T)$ computation in time $\mathsf{poly}(\lambda,\log T)$ where $\lambda$ is the security parameter. For proving soundness, we assume that a standard model instantiation of our two-round protocol with a concrete hash function (say, SHA-3) is sound and the existence of post-quantum indistinguishability obfuscation and post-quantum fully homomorphic encryption in addition to the quantum hardness of the LWE problem.

**Category / Keywords: **foundations / classical verification of quantum computations, efficient verification

**Original Publication**** (with minor differences): **IACR-TCC-2020

**Date: **received 12 Oct 2020, last revised 22 Oct 2020

**Contact author: **takashi yamakawa obf at gmail com

**Available format(s): **PDF | BibTeX Citation

**Note: **Fixed typos (10/22/2020)

**Version: **20201022:214753 (All versions of this report)

**Short URL: **ia.cr/2020/1273

[ Cryptology ePrint archive ]