In a recent breakthrough, Mahadev constructed an interactive protocol that enables a purely classical party to delegate any quantum computation to an untrusted quantum prover. In this work, we show that this same task can in fact be performed non-interactively and in zero-knowledge. Our protocols result from a sequence of significant improvements to the original four-message protocol of Mahadev. We begin by making the first message instance-independent and moving it to an offline setup phase. We then establish a parallel repetition theorem for the resulting three-message protocol, with an asymptotically optimal rate. This, in turn, enables an application of the Fiat-Shamir heuristic, eliminating the second message and giving a non-interactive protocol. Finally, we employ classical non-interactive zero-knowledge (NIZK) arguments and classical fully homomorphic encryption (FHE) to give a zero-knowledge variant of this construction. This yields the first purely classical NIZK argument system for QMA, a quantum analogue of NP. We establish the security of our protocols under standard assumptions in quantum-secure cryptography. Specifically, our protocols are secure in the Quantum Random Oracle Model, under the assumption that Learning with Errors is quantumly hard. The NIZK construction also requires circuit-private FHE.

中文翻译：

---

量子计算的非交互式经典验证

在最近的一项突破中，Mahadev 构建了一个交互式协议，使纯粹的经典方能够将任何量子计算委托给不受信任的量子证明者。在这项工作中，我们表明实际上可以在非交互式和零知识中执行相同的任务。我们的协议源于对 Mahadev 原始四消息协议的一系列重大改进。我们首先使第一个消息实例独立并将其移至离线设置阶段。然后，我们为得到的三消息协议建立了一个并行重复定理，具有渐近最优的速率。反过来，这可以应用 Fiat-Shamir 启发式算法，消除第二条消息并提供非交互式协议。最后，我们采用经典的非交互式零知识 (NIZK) 参数和经典的全同态加密 (FHE) 来给出这种结构的零知识变体。这产生了 QMA 的第一个纯经典 NIZK 论证系统，QMA 是 NP 的量子模拟。我们在量子安全密码学的标准假设下建立协议的安全性。具体来说，我们的协议在量子随机 Oracle 模型中是安全的，假设学习错误在量子上是困难的。NIZK 结构还需要电路专用 FHE。具体来说，我们的协议在量子随机 Oracle 模型中是安全的，假设学习错误在量子上是困难的。NIZK 结构还需要电路专用 FHE。具体来说，我们的协议在量子随机 Oracle 模型中是安全的，假设学习错误在量子上是困难的。NIZK 结构还需要电路专用 FHE。