Prior work has established that all problems in NP admit classical zero-knowledge proof systems, and under reasonable hardness assumptions for quantum computations, these proof systems can be made secure against quantum attacks. We prove a result representing a further quantum generalization of this fact, which is that every problem in the complexity class QMA has a quantum zero-knowledge proof system. More specifically, assuming the existence of an unconditionally binding and quantum computationally concealing commitment scheme, we prove that every problem in the complexity class QMA has a quantum interactive proof system that is zero-knowledge with respect to efficient quantum computations. Our QMA proof system is sound against arbitrary quantum provers, but only requires an honest prover to perform polynomial-time quantum computations, provided that it holds a quantum witness for a given instance of the QMA problem under consideration. The proof system relies on a new variant of the QMA-complete local Hamiltonian problem in which the local terms are described by Clifford operations and standard basis measurements. We believe that the QMA-completeness of this problem may have other uses in quantum complexity.


  1. QMA
  2. local-Hamiltonian problem
  3. zero-knowledge
  4. quantum computation

MSC codes

  1. 81P45
  2. 81P68
  3. 81P94

Get full access to this article

View all available purchase options and get full access to this article.


M. Adcock and R. Cleve, A quantum Goldreich-Levin theorem with cryptographic applications, in Proceedings of the 19th International Symposium on Theoretical Aspects of Computer Science, Lecture Notes in Comput. Sci. 2285, Springer, Berlin, 2002, pp. 323--334, https://doi.org/10.1007/3-540-45841-7_26.
D. Aharonov, M. Ben-Or, and E. Eban, Interactive proofs for quantum computations, in Innovations in Computer Science, ACM, New York, 2010, pp. 453--469.
D. Aharonov, A. Kitaev, and N. Nisan, Quantum circuits with mixed states, in Proceedings of the 30th Annual ACM Symposium on Theory of Computing, ACM, New York, 1998, pp. 20--30, https://doi.org/10.1145/276698.276708.
A. Ambainis, M. Mosca, A. Tapp, and R. de Wolf, Private quantum channels, in Proceedings of the 41st Annual IEEE Symposium on Foundations of Computer Science, IEEE Computer Society, Los Alamitos, CA, 2000, pp. 547--553, https://doi.org/10.1109/SFCS.2000.892142.
H. Barnum, C. Crépeau, D. Gottesman, A. Smith, and A. Tapp, Authentication of quantum messages, in Proceedings of the 43th Annual IEEE Symposium on Foundations of Computer Science, IEEE Computer Society, Los Alamitos, CA, 2002, pp. 449--458, https://doi.org/10.1109/SFCS.2002.1181969.
M. Ben-Or, C. Crépeau, D. Gottesman, A. Hassidim, and A. Smith, Secure multiparty quantum computation with (only) a strict honest majority, in Proceedings of the 47th Annual IEEE Symposium on Foundations of Computer Science, IEEE Computer Society, Los Alamitos, CA, 2006, pp. 249--260, https://doi.org/10.1109/FOCS.2006.68.
M. Ben-Or, O. Goldreich, S. Goldwasser, J. H\aastad, J. Kilian, S. Micali, and P. Rogaway, Everything provable is provable in zero-knowledge, in Advances in Cryptology -- CRYPTO 1988, Lecture Notes in Comput. Sci. 403, Springer, Berlin, 1990, pp. 37--56, https://doi.org/10.1007/0-387-34799-2_4.
M. Blum, Coin flipping by telephone a protocol for solving impossible problems, ACM SIGACT News, 15 (1983), pp. 23--27, https://doi.org/10.1145/1008908.1008911.
S. Bravyi, Efficient algorithms for a quantum analogue of $2$-SAT, Contemp. Math., 536 (2011), pp. 33--48, https://doi.org/10.1090/conm/536/10552.
A. Broadbent, How to verify a quantum computation, Theory Comput., 14 (2018), pp. 1--37.
A. Broadbent, G. Gutoski, and D. Stebila, Quantum one-time programs, in Advances in Cryptology -- CRYPTO 2013, Lecture Notes in Comput. Sci. 8043, Springer, Berlin, 2013, pp. 344--360, https://doi.org/10.1007/978-3-642-40084-1_20.
A. Broadbent, Z. Ji, F. Song, and J. Watrous, Zero-knowledge proof systems for QMA, in Proceedings of the 2016 IEEE 57th Annual Symposium on Foundations of Computer Science (FOCS), IEEE, Piscataway, NJ, 2016, pp. 31--40.
A. Chailloux and I. Kerenidis, Increasing the power of the verifier in quantum zero knowledge, in IARCS Annual Conference on Foundations of Software Technology and Theoretical Computer Science, Wadern, Germany, Schloss Dagstuhl-Leibniz-Zentrum für Informatik, 2008.
I. Damg\aard, S. Fehr, and L. Salvail, Zero-knowledge proofs and string commitments withstanding quantum attacks, in Advances in Cryptology -- CRYPTO 2004, Lecture Notes in Comput. Sci. 3152, Springer, Berlin, 2004, pp. 254--272, https://doi.org/10.1007/978-3-540-28628-8_16.
I. Damg\aard and C. Lunemann, Quantum-secure coin-flipping and applications, in Advances in Cryptology -- ASIACRYPT 2009, Lecture Notes in Comput. Sci. 5912, Springer, Berlin, 2009, pp. 52--69, https://doi.org/10.1007/978-3-642-10366-7_4.
F. Dupuis, J. B. Nielsen, and L. Salvail, Secure two-party quantum evaluation of unitaries against specious adversaries, in Advances in Cryptology -- CRYPTO 2010, Lecture Notes in Comput. Sci. 6223, Springer, Berlin, 2010, pp. 685--706, https://doi.org/10.1007/978-3-642-14623-7_37.
F. Dupuis, J. B. Nielsen, and L. Salvail, Actively secure two-party evaluation of any quantum operation, in Advances in Cryptology -- CRYPTO 2012, Lecture Notes in Comput. Sci. 7417, Springer, Berlin, 2012, pp. 794--811, https://doi.org/10.1007/978-3-642-32009-5_46.
U. Feige and A. Shamir, Zero knowledge proofs of knowledge in two rounds, in Advances in Cryptology -- CRYPTO 1989, Lecture Notes in Comput. Sci. 435, Springer, New York, 1990, pp. 526--544, https://doi.org/10.1007/0-387-34805-0_46.
J. F. Fitzsimons, M. Hajdišek, and T. Morimae, Post hoc verification with a single prover, Phys. Rev. Lett., 120 (2018), 040501, https://doi.org/10.1103/PhysRevLett.120.040501.
J. Fitzsimons, Z. Ji, T. Vidick, and H. Yuen, Quantum proof systems for iterated exponential time, and beyond, in Proceedings of the 51st Annual ACM SIGACT Symposium on Theory of Computing, 2019, pp. 473--480, https://doi.org/10.1145/3313276.3316343.
C. A. Fuchs and A. Peres, Quantum-state disturbance versus information gain: Uncertainty relations for quantum information, Phys. Rev. A(3), 53 (1996), pp. 2038--2045, https://doi.org/10.1103/PhysRevA.53.2038.
O. Goldreich, Foundations of Cryptography I: Basic Tools, Cambridge University Press, Cambridge, 2001, https://doi.org/10.1017/CBO9780511546891.
O. Goldreich, Foundations of Cryptography II: Basic Applications, Cambridge University Press, Cambridge, 2004, https://doi.org/10.1017/CBO9780511721656.
O. Goldreich and A. Kahan, How to construct constant-round zero-knowledge proof systems for NP, J. Cryptology, 9 (1996), pp. 167--189, https://doi.org/10.1007/BF00208001.
O. Goldreich, S. Micali, and A. Wigderson, How to play ANY mental game, in Proceedings of the 19th Annual ACM Symposium on Theory of Computing, 1987, pp. 218--229, https://doi.org/10.1145/28395.28420.
O. Goldreich, S. Micali, and A. Wigderson, Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems, Journal of the ACM, 38 (1991), pp. 690--728, https://doi.org/10.1145/116825.116852.
O. Goldreich and Y. Oren, Definitions and properties of zero-knowledge proof systems, J. Cryptology, 7 (1994), pp. 1--32, https://doi.org/10.1007/BF00195207.
S. Goldwasser, S. Micali, and C. Rackoff, The knowledge complexity of interactive proof systems, SIAM J. Comput., 18 (1989), pp. 186--208, https://doi.org/10.1137/0218012.
S. Goldwasser and M. Sipser, Private coins versus public coins in interactive proof systems, in Proceedings of the 18th Annual ACM Symposium on Theory of Computing, ACM, New York, 1986, pp. 59--68, https://doi.org/10.1145/12130.12137.
D. Gosset and D. Nagaj, Quantum 3-SAT is ${QMA}_1$-complete, SIAM J. Comput., 45 (2016), pp. 1080--1128, https://doi.org/10.1137/140957056.
D. Gottesman, The Heisenberg representation of quantum computers, in Group 22: Proceedings of the 22nd International Colloquium on Group Theoretical Methods in Physics, International Press, Cambridge, MA, 1998, pp. 32--43.
S. Hallgren, A. Kolla, P. Sen, and S. Zhang, Making classical honest verifier zero knowledge protocols secure against quantum attacks, in Proceedings of the 35th International Colloquium on Automata, Languages and Programming, Part II, Lecture Notes in Comput. Sci. 5126, Springer, Berlin, 2008, pp. 592--603, https://doi.org/10.1007/978-3-540-70583-3_48.
S. Hallgren, A. Smith, and F. Song, Classical cryptographic protocols in a quantum world, Int. J. Quantum Inf., 13 (2015), 1550028, https://doi.org/10.1142/S0219749915500288.
J. H\aastad, R. Impagliazzo, L. A. Levin, and M. Luby, A pseudorandom generator from any one-way function, SIAM J. Comput., 28 (1999), pp. 1364--1396, https://doi.org/10.1137/S0097539793244708.
R. Impagliazzo, A personal view of average-case complexity, in Proceedings of 10th Annual IEEE Structure in Complexity Theory Conference, IEEE Compter Society, Los Alamitos, CA, 1995, pp. 134--147, https://doi.org/10.1109/SCT.1995.514853.
Z. Ji, Compression of quantum multi-prover interactive proofs, in Proceedings of the 49th Annual ACM SIGACT Symposium on Theory of Computing, ACM, New York, 2017, pp. 289--302, https://doi.org/10.1145/3055399.3055441.
J. Kempe, A. Kitaev, and O. Regev, The complexity of the local Hamiltonian problem, SIAM J. Comput., 35 (2006), pp. 1070--1097, https://doi.org/10.1137/S0097539704445226.
J. Kempe and O. Regev, 3-local Hamiltonian is QMA-complete, Quantum Inf. Comput., 3 (2003), pp. 258--264, http://portal.acm.org/citation.cfm?id=2011541.
A. Y. Kitaev, Quantum computations: Algorithms and error correction, Russian Math. Surveys, 52 (1997), pp. 1191--1249, http://stacks.iop.org/0036-0279/52/i=6/a=R02.
A. Y. Kitaev, A. H. Shen, and M. N. Vyalyi, Classical and Quantum Computation, Grad. Stud. Math. 47, Amer. Math. Soc., Providence, RI, 2002.
Y.-K. Liu, Consistency of local density matrices is QMA-complete, in Proceedings of the 9th International Workshop on Approximation Algorithms for Combinatorial Optimization Problems, APPROX 2006 and 10th International Workshop on Randomization and Computation, RANDOM 2006, Lecture Notes in Comput. Sci. 4110, Springer, Berlin, 2006, pp. 438--449, https://doi.org/10.1007/11830924_40.
C. Lunemann and J. B. Nielsen, Fully simulatable quantum-secure coin-flipping and applications, in Progress in Cryptology -- AFRICACRYPT 2011, Lecture Notes in Comput. Sci. 6737, Springer, Berlin, 2011, pp. 21--40, https://doi.org/10.1007/978-3-642-21969-6_2.
C. Marriott and J. Watrous, Quantum Arthur-Merlin games, Comput. Complexity, 14 (2005), pp. 122--152, https://doi.org/10.1007/s00037-005-0194-x.
T. Morimae, M. Hayashi, H. Nishimura, and K. Fujii, Quantum Merlin-Arthur with Clifford Arthur, Quantum Inf. Comput., 15 (2015), pp. 1420--1430.
T. Morimae, D. Nagaj, and N. Schuch, Quantum proofs can be verified using only single-qubit measurements, Phys. Rev. A(3), 93 (2016), 022326, https://doi.org/10.1103/PhysRevA.93.022326.
D. Nagaj, P. Wocjan, and Y. Zhang, Fast amplification of QMA, Quantum Inf. Comput., 9 (2009), pp. 1053--1068.
M. Naor, Bit commitment using pseudorandomness, J. Cryptology, 4 (1991), pp. 151--158, https://doi.org/10.1007/BF00196774.
M. Nielsen and I. Chuang, Quantum Computation and Quantum Information, Cambridge University Press, Cambridge, 2000.
P. W. Shor, Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer, SIAM J. Comput., 26 (1997), pp. 1484--1509, https://doi.org/10.1137/S0097539795293172.
F. Song, A note on quantum security for post-quantum cryptography, in Proceedings of the 6th International Workshop on Post-Quantum Cryptography, Lecture Notes in Comput. Sci. 8772, Springer, Cham, Switzerland, 2014, pp. 246--265, https://doi.org//10.1007/978-3-319-11659-4_15.
A. Steane, Multi-particle interference and quantum error correction, Proc. Royal Soc. A, 452 (1996), pp. 2551--2577, https://doi.org/10.1098/rspa.1996.0136.
T. Vidick and T. Zhang, Classical Zero-Knowledge Arguments for Quantum Computations, preprint, arXiv:1902.05217, 2019.
D. Unruh, Quantum proofs of knowledge, in Advances in Cryptology -- EUROCRYPT 2012, Lecture Notes in Comput. Sci. 7237, Springer, Heidelberg, Germany, 2012, pp. 135--152.
J. van de Graaf, Towards a Formal Definition of Security for Quantum Protocols, Ph.D. thesis, Université de Montréal, Montreal, 1997.
J. Watrous, Limits on the power of quantum statistical zero-knowledge, in Proceedings of the 43rd Annual IEEE Symposium on Foundations of Computer Science, IEEE Computer Society, 2002, pp. 459--468, https://doi.org/10.1109/SFCS.2002.1181970.
J. Watrous, PSPACE has constant-round quantum interactive proof systems, Theoret. Comput. Sci., 292 (2003), pp. 575--588, https://doi.org/10.1016/S0304-3975(01)00375-9.
J. Watrous, Quantum computational complexity, in Encyclopedia of Complexity and Systems Science, Springer, New York, 2009, pp. 7174--7201, https://doi.org/10.1007/978-0-387-30440-3_428.
J. Watrous, Zero-knowledge against quantum attacks, SIAM J. Comput., 39 (2009), pp. 25--58, https://doi.org/10.1137/060670997.
J. Watrous, Guest column: An introduction to quantum information and quantum circuits, ACM SIGACT News, 42 (2011), pp. 52--67, https://doi.org/10.1145/1998037.1998053.
W. K. Wootters and W. H. Zurek, A single quantum cannot be cloned, Nature, 299 (1982), pp. 802--803, https://doi.org/10.1038/299802a0.
M. Zhandry, How to construct quantum random functions, in Proceedings of the 53rd Annual IEEE Symposium on Foundations of Computer Science, IEEE, Piscataway, NJ, 2012, pp. 679--687, https://doi.org/10.1109/FOCS.2012.37.

Information & Authors


Published In

cover image SIAM Journal on Computing
SIAM Journal on Computing
Pages: 245 - 283
ISSN (online): 1095-7111


Submitted: 15 June 2018
Accepted: 5 November 2019
Published online: 10 March 2020


  1. QMA
  2. local-Hamiltonian problem
  3. zero-knowledge
  4. quantum computation

MSC codes

  1. 81P45
  2. 81P68
  3. 81P94



Funding Information

Natural Sciences and Engineering Research Council of Canada https://doi.org/10.13039/501100000038
National Science Foundation https://doi.org/10.13039/100000001

Metrics & Citations



If you have the appropriate software installed, you can download article citation data to the citation manager of your choice. Simply select your manager software from the list below and click Download.

View Options

View options


View PDF







Copy the content Link

Share with email

Email a colleague

Share on social media