-
Asymptotically Good Quantum Codes with Addressable and Transversal Non-Clifford Gates
Authors:
Zhiyang He,
Vinod Vaikuntanathan,
Adam Wills,
Rachel Yun Zhang
Abstract:
Constructing quantum codes with good parameters and useful transversal gates is a central problem in quantum error correction. In this paper, we continue our work in arXiv:2502.01864 and construct the first family of asymptotically good quantum codes (over qubits) supporting transversally addressable non-Clifford gates. More precisely, given any three logical qubits across one, two, or three codeb…
▽ More
Constructing quantum codes with good parameters and useful transversal gates is a central problem in quantum error correction. In this paper, we continue our work in arXiv:2502.01864 and construct the first family of asymptotically good quantum codes (over qubits) supporting transversally addressable non-Clifford gates. More precisely, given any three logical qubits across one, two, or three codeblocks, the logical $\mathsf{CCZ}$ gate can be executed on those three logical qubits via a depth-one physical circuit of $\mathsf{CCZ}$ gates. This construction is based on the transitive, iso-orthogonal algebraic geometry codes constructed by Stichtenoth (IEEE Trans. Inf. Theory, 2006). This improves upon our construction from arXiv:2502.01864, which also supports transversally addressable $\mathsf{CCZ}$ gates and has inverse-polylogarithmic rate and relative distance.
△ Less
Submitted 7 July, 2025;
originally announced July 2025.
-
Quantum Codes with Addressable and Transversal Non-Clifford Gates
Authors:
Zhiyang He,
Vinod Vaikuntanathan,
Adam Wills,
Rachel Yun Zhang
Abstract:
The development of quantum codes with good error correction parameters and useful sets of transversal gates is a problem of major interest in quantum error-correction. Abundant prior works have studied transversal gates which are restricted to acting on all logical qubits simultaneously. In this work, we study codes that support transversal gates which induce $\textit{addressable}$ logical gates,…
▽ More
The development of quantum codes with good error correction parameters and useful sets of transversal gates is a problem of major interest in quantum error-correction. Abundant prior works have studied transversal gates which are restricted to acting on all logical qubits simultaneously. In this work, we study codes that support transversal gates which induce $\textit{addressable}$ logical gates, i.e., the logical gates act on logical qubits of our choice. As we consider scaling to high-rate codes, the study and design of low-overhead, addressable logical operations presents an important problem for both theoretical and practical purposes.
Our primary result is the construction of an explicit qubit code for which $\textit{any}$ triple of logical qubits across one, two, or three codeblocks can be addressed with a logical $\mathsf{CCZ}$ gate via a depth-one circuit of physical $\mathsf{CCZ}$ gates, and whose parameters are asymptotically good, up to polylogarithmic factors. The result naturally generalizes to other gates including the $\mathsf{C}^{\ell} Z$ gates for $\ell \neq 2$.
Going beyond this, we develop a formalism for constructing quantum codes with $\textit{addressable and transversal}$ gates. Our framework, called $\textit{addressable orthogonality}$, encompasses the original triorthogonality framework of Bravyi and Haah (Phys. Rev. A 2012), and extends this and other frameworks to study addressable gates. We demonstrate the power of this framework with the construction of an asymptotically good qubit code for which $\textit{pre-designed}$, pairwise disjoint triples of logical qubits within a single codeblock may be addressed with a logical $\mathsf{CCZ}$ gate via a physical depth-one circuit of $\mathsf{Z}$, $\mathsf{CZ}$ and $\mathsf{CCZ}$ gates. In an appendix, we show that our framework extends to addressable and transversal $T$ gates, up to Clifford corrections.
△ Less
Submitted 7 July, 2025; v1 submitted 3 February, 2025;
originally announced February 2025.
-
The Jacobi Factoring Circuit: Quantum Factoring with Near-Linear Gates and Sublinear Space and Depth
Authors:
Gregory D. Kahanamoku-Meyer,
Seyoon Ragavan,
Vinod Vaikuntanathan,
Katherine Van Kirk
Abstract:
We present a compact quantum circuit for factoring a large class of integers, including some whose classical hardness is expected to be equivalent to RSA (but not including RSA integers themselves). Most notably, we factor $n$-bit integers of the form $P^2 Q$ with $\log Q = Θ(n^a)$ for $a \in (2/3, 1)$ in space and depth sublinear in n (specifically, $\tilde{O}(\log Q)$) using $\tilde{O}(n)$ quant…
▽ More
We present a compact quantum circuit for factoring a large class of integers, including some whose classical hardness is expected to be equivalent to RSA (but not including RSA integers themselves). Most notably, we factor $n$-bit integers of the form $P^2 Q$ with $\log Q = Θ(n^a)$ for $a \in (2/3, 1)$ in space and depth sublinear in n (specifically, $\tilde{O}(\log Q)$) using $\tilde{O}(n)$ quantum gates; for these integers, no known classical algorithms exploit the relatively small size of $Q$ to run asymptotically faster than general-purpose factoring algorithms. To our knowledge, this is the first polynomial-time circuit to achieve sublinear qubit count for a classically-hard factoring problem. We thus believe that factoring such numbers has potential to be the most concretely efficient classically-verifiable proof of quantumness currently known.
Our circuit builds on the quantum algorithm for squarefree decomposition discovered by Li, Peng, Du, and Suter (Nature Scientific Reports 2012), which relies on computing the Jacobi symbol in quantum superposition. The technical core of our contribution is a new space-efficient quantum algorithm to compute the Jacobi symbol of $A$ mod $B$, in the regime where $B$ is classical and much larger than $A$. Our circuit for computing the Jacobi symbol generalizes to related problems such as computing the greatest common divisor and modular inverses, and thus could be of independent interest.
△ Less
Submitted 5 June, 2025; v1 submitted 17 December, 2024;
originally announced December 2024.
-
Cloning Games, Black Holes and Cryptography
Authors:
Alexander Poremba,
Seyoon Ragavan,
Vinod Vaikuntanathan
Abstract:
Quantum no-cloning is one of the most fundamental properties of quantum information. In this work, we introduce a new toolkit for analyzing cloning games; these games capture more quantitative versions of no-cloning and are central to unclonable cryptography. Previous works rely on the framework laid out by Tomamichel, Fehr, Kaniewski and Wehner to analyze both the $n$-qubit BB84 game and the subs…
▽ More
Quantum no-cloning is one of the most fundamental properties of quantum information. In this work, we introduce a new toolkit for analyzing cloning games; these games capture more quantitative versions of no-cloning and are central to unclonable cryptography. Previous works rely on the framework laid out by Tomamichel, Fehr, Kaniewski and Wehner to analyze both the $n$-qubit BB84 game and the subspace coset game. Their constructions and analysis face the following inherent limitations:
- The existing bounds on the values of these games are at least $2^{-0.25n}$; on the other hand, the trivial adversarial strategy wins with probability $2^{-n}$. Not only that, the BB84 game does in fact admit a highly nontrivial winning strategy. This raises the natural question: are there cloning games which admit no non-trivial winning strategies?
- The existing constructions are not multi-copy secure; the BB84 game is not even $2 \mapsto 3$ secure, and the subspace coset game is not $t \mapsto t+1$ secure for a polynomially large $t$. Moreover, we provide evidence that the existing technical tools do not suffice to prove multi-copy security of even completely different constructions. This raises the natural question: can we design new cloning games that achieve multi-copy security, possibly by developing a new analytic toolkit?
We study a new cloning game based on binary phase states and show that it is $t$-copy secure when $t=o(n/\log n)$. Moreover, for constant $t$, we obtain the first asymptotically optimal bounds of $O(2^{-n})$. We also show a worst-case to average-case reduction for a large class of cloning games, which allows us to show the same quantitative results for Haar cloning games. These technical ingredients together enable two new applications which have previously been out of reach; one in black hole physics, and one in unclonable cryptography.
△ Less
Submitted 4 April, 2025; v1 submitted 7 November, 2024;
originally announced November 2024.
-
Quantum One-Time Programs, Revisited
Authors:
Aparna Gupte,
Jiahui Liu,
Justin Raizes,
Bhaskar Roberts,
Vinod Vaikuntanathan
Abstract:
One-time programs (Goldwasser, Kalai and Rothblum, CRYPTO 2008) are functions that can be run on any single input of a user's choice, but not on a second input. Classically, they are unachievable without trusted hardware, but the destructive nature of quantum measurements seems to provide a quantum path to constructing them. Unfortunately, Broadbent, Gutoski and Stebila showed that even with quant…
▽ More
One-time programs (Goldwasser, Kalai and Rothblum, CRYPTO 2008) are functions that can be run on any single input of a user's choice, but not on a second input. Classically, they are unachievable without trusted hardware, but the destructive nature of quantum measurements seems to provide a quantum path to constructing them. Unfortunately, Broadbent, Gutoski and Stebila showed that even with quantum techniques, a strong notion of one-time programs, similar to ideal obfuscation, cannot be achieved for any non-trivial quantum function. On the positive side, Ben-David and Sattath (Quantum, 2023) showed how to construct a one-time program for a certain (probabilistic) digital signature scheme, under a weaker notion of one-time program security. There is a vast gap between achievable and provably impossible notions of one-time program security, and it is unclear what functionalities are one-time programmable under the achievable notions of security.
In this work, we present new, meaningful, yet achievable definitions of one-time program security for probabilistic classical functions. We show how to construct one time programs satisfying these definitions for all functions in the classical oracle model and for constrained pseudorandom functions in the plain model. Finally, we examine the limits of these notions: we show a class of functions which cannot be one-time programmed in the plain model, as well as a class of functions which appears to be highly random given a single query, but whose one-time program form leaks the entire function even in the oracle model.
△ Less
Submitted 8 November, 2024; v1 submitted 4 November, 2024;
originally announced November 2024.
-
How to Construct Quantum FHE, Generically
Authors:
Aparna Gupte,
Vinod Vaikuntanathan
Abstract:
We construct a (compact) quantum fully homomorphic encryption (QFHE) scheme starting from (compact) classical fully homomorphic encryption scheme with decryption in $\mathsf{NC}^{1}$, together with a dual-mode trapdoor function family. Compared to previous constructions (Mahadev, FOCS 2018; Brakerski, CRYPTO 2018) which made non-black-box use of similar underlying primitives, our construction prov…
▽ More
We construct a (compact) quantum fully homomorphic encryption (QFHE) scheme starting from (compact) classical fully homomorphic encryption scheme with decryption in $\mathsf{NC}^{1}$, together with a dual-mode trapdoor function family. Compared to previous constructions (Mahadev, FOCS 2018; Brakerski, CRYPTO 2018) which made non-black-box use of similar underlying primitives, our construction provides a pathway to instantiations from different assumptions. Our construction uses the techniques of Dulek, Schaffner and Speelman (CRYPTO 2016) and shows how to make the client in their QFHE scheme classical using dual-mode trapdoor functions. As an additional contribution, we show a new instantiation of dual-mode trapdoor functions from group actions.
△ Less
Submitted 5 June, 2024;
originally announced June 2024.
-
Quantum State Obfuscation from Classical Oracles
Authors:
James Bartusek,
Zvika Brakerski,
Vinod Vaikuntanathan
Abstract:
A major unresolved question in quantum cryptography is whether it is possible to obfuscate arbitrary quantum computation. Indeed, there is much yet to understand about the feasibility of quantum obfuscation even in the classical oracle model, where one is given for free the ability to obfuscate any classical circuit.
In this work, we develop a new array of techniques that we use to construct a q…
▽ More
A major unresolved question in quantum cryptography is whether it is possible to obfuscate arbitrary quantum computation. Indeed, there is much yet to understand about the feasibility of quantum obfuscation even in the classical oracle model, where one is given for free the ability to obfuscate any classical circuit.
In this work, we develop a new array of techniques that we use to construct a quantum state obfuscator, a powerful notion formalized recently by Coladangelo and Gunn (arXiv:2311.07794) in their pursuit of better software copy-protection schemes. Quantum state obfuscation refers to the task of compiling a quantum program, consisting of a quantum circuit $C$ with a classical description and an auxiliary quantum state $\ketψ$, into a functionally-equivalent obfuscated quantum program that hides as much as possible about $C$ and $\ketψ$. We prove the security of our obfuscator when applied to any pseudo-deterministic quantum program, i.e. one that computes a (nearly) deterministic classical input / classical output functionality. Our security proof is with respect to an efficient classical oracle, which may be heuristically instantiated using quantum-secure indistinguishability obfuscation for classical circuits.
Our result improves upon the recent work of Bartusek, Kitagawa, Nishimaki and Yamakawa (STOC 2023) who also showed how to obfuscate pseudo-deterministic quantum circuits in the classical oracle model, but only ones with a completely classical description. Furthermore, our result answers a question of Coladangelo and Gunn, who provide a construction of quantum state indistinguishability obfuscation with respect to a quantum oracle. Indeed, our quantum state obfuscator together with Coladangelo-Gunn gives the first candidate realization of a ``best-possible'' copy-protection scheme for all polynomial-time functionalities.
△ Less
Submitted 18 January, 2024;
originally announced January 2024.
-
Space-Efficient and Noise-Robust Quantum Factoring
Authors:
Seyoon Ragavan,
Vinod Vaikuntanathan
Abstract:
We provide two improvements to Regev's recent quantum factoring algorithm (Journal of the ACM 2025), addressing its space efficiency and its noise-tolerance.
Our first contribution is to improve the quantum space efficiency of Regev's algorithm while keeping the circuit size the same. Our main result constructs a quantum factoring circuit using $O(n \log n)$ qubits and $O(n^{3/2} \log n)$ gates.…
▽ More
We provide two improvements to Regev's recent quantum factoring algorithm (Journal of the ACM 2025), addressing its space efficiency and its noise-tolerance.
Our first contribution is to improve the quantum space efficiency of Regev's algorithm while keeping the circuit size the same. Our main result constructs a quantum factoring circuit using $O(n \log n)$ qubits and $O(n^{3/2} \log n)$ gates. We achieve the best of Shor and Regev (upto a logarithmic factor in the space complexity): on the one hand, Regev's circuit requires $O(n^{3/2})$ qubits and $O(n^{3/2} \log n)$ gates, while Shor's circuit requires $O(n^2 \log n)$ gates but only $O(n \log n)$ qubits. As with Regev, to factor an $n$-bit integer $N$, we run our circuit independently $O(\sqrt{n})$ times and apply Regev's classical postprocessing procedure.
Our optimization is achieved by implementing efficient and reversible exponentiation with Fibonacci numbers in the exponent, rather than the usual powers of 2, adapting work by Kaliski (arXiv:1711.02491) from the classical reversible setting to the quantum setting. This technique also allows us to perform quantum modular exponentiation that is efficient in both space and size without requiring significant precomputation, a result that may be useful for other quantum algorithms. A key ingredient of our exponentiation implementation is an efficient circuit for a function resembling in-place quantum-quantum modular multiplication.
Our second contribution is to show that Regev's classical postprocessing procedure can be modified to tolerate a constant fraction of the quantum circuit runs being corrupted by errors. In contrast, Regev's analysis of his classical postprocessing procedure requires all $\approx \sqrt{n}$ runs to be successful. In a nutshell, we achieve this using lattice reduction techniques to detect and filter out corrupt samples.
△ Less
Submitted 30 April, 2025; v1 submitted 2 October, 2023;
originally announced October 2023.
-
Revocable Cryptography from Learning with Errors
Authors:
Prabhanjan Ananth,
Alexander Poremba,
Vinod Vaikuntanathan
Abstract:
Quantum cryptography leverages many unique features of quantum information in order to construct cryptographic primitives that are oftentimes impossible classically. In this work, we build on the no-cloning principle of quantum mechanics and design cryptographic schemes with key-revocation capabilities. We consider schemes where secret keys are represented as quantum states with the guarantee that…
▽ More
Quantum cryptography leverages many unique features of quantum information in order to construct cryptographic primitives that are oftentimes impossible classically. In this work, we build on the no-cloning principle of quantum mechanics and design cryptographic schemes with key-revocation capabilities. We consider schemes where secret keys are represented as quantum states with the guarantee that, once the secret key is successfully revoked from a user, they no longer have the ability to perform the same functionality as before. We define and construct several fundamental cryptographic primitives with key-revocation capabilities, namely pseudorandom functions, secret-key and public-key encryption, and even fully homomorphic encryption, assuming the quantum subexponential hardness of the learning with errors problem. Central to all our constructions is our approach for making the Dual-Regev encryption scheme (Gentry, Peikert and Vaikuntanathan, STOC 2008) revocable.
△ Less
Submitted 12 October, 2023; v1 submitted 28 February, 2023;
originally announced February 2023.
-
Succinct Classical Verification of Quantum Computation
Authors:
James Bartusek,
Yael Tauman Kalai,
Alex Lombardi,
Fermi Ma,
Giulio Malavolta,
Vinod Vaikuntanathan,
Thomas Vidick,
Lisa Yang
Abstract:
We construct a classically verifiable succinct interactive argument for quantum computation (BQP) with communication complexity and verifier runtime that are poly-logarithmic in the runtime of the BQP computation (and polynomial in the security parameter). Our protocol is secure assuming the post-quantum security of indistinguishability obfuscation (iO) and Learning with Errors (LWE). This is the…
▽ More
We construct a classically verifiable succinct interactive argument for quantum computation (BQP) with communication complexity and verifier runtime that are poly-logarithmic in the runtime of the BQP computation (and polynomial in the security parameter). Our protocol is secure assuming the post-quantum security of indistinguishability obfuscation (iO) and Learning with Errors (LWE). This is the first succinct argument for quantum computation in the plain model; prior work (Chia-Chung-Yamakawa, TCC '20) requires both a long common reference string and non-black-box use of a hash function modeled as a random oracle.
At a technical level, we revisit the framework for constructing classically verifiable quantum computation (Mahadev, FOCS '18). We give a self-contained, modular proof of security for Mahadev's protocol, which we believe is of independent interest. Our proof readily generalizes to a setting in which the verifier's first message (which consists of many public keys) is compressed. Next, we formalize this notion of compressed public keys; we view the object as a generalization of constrained/programmable PRFs and instantiate it based on indistinguishability obfuscation.
Finally, we compile the above protocol into a fully succinct argument using a (sufficiently composable) succinct argument of knowledge for NP. Using our framework, we achieve several additional results, including
- Succinct arguments for QMA (given multiple copies of the witness),
- Succinct non-interactive arguments for BQP (or QMA) in the quantum random oracle model, and
- Succinct batch arguments for BQP (or QMA) assuming post-quantum LWE (without iO).
△ Less
Submitted 29 June, 2022;
originally announced June 2022.
-
Quantum Advantage from Any Non-Local Game
Authors:
Yael Kalai,
Alex Lombardi,
Vinod Vaikuntanathan,
Lisa Yang
Abstract:
We show a general method of compiling any $k$-prover non-local game into a single-prover interactive game maintaining the same (quantum) completeness and (classical) soundness guarantees (up to negligible additive factors in a security parameter). Our compiler uses any quantum homomorphic encryption scheme (Mahadev, FOCS 2018; Brakerski, CRYPTO 2018) satisfying a natural form of correctness with r…
▽ More
We show a general method of compiling any $k$-prover non-local game into a single-prover interactive game maintaining the same (quantum) completeness and (classical) soundness guarantees (up to negligible additive factors in a security parameter). Our compiler uses any quantum homomorphic encryption scheme (Mahadev, FOCS 2018; Brakerski, CRYPTO 2018) satisfying a natural form of correctness with respect to auxiliary (quantum) input. The homomorphic encryption scheme is used as a cryptographic mechanism to simulate the effect of spatial separation, and is required to evaluate $k-1$ prover strategies (out of $k$) on encrypted queries.
In conjunction with the rich literature on (entangled) multi-prover non-local games starting from the celebrated CHSH game (Clauser, Horne, Shimonyi and Holt, Physical Review Letters 1969), our compiler gives a broad framework for constructing mechanisms to classically verify quantum advantage.
△ Less
Submitted 29 March, 2022;
originally announced March 2022.
-
Oblivious Transfer is in MiniQCrypt
Authors:
Alex B. Grilo,
Huijia Lin,
Fang Song,
Vinod Vaikuntanathan
Abstract:
MiniQCrypt is a world where quantum-secure one-way functions exist, and quantum communication is possible. We construct an oblivious transfer (OT) protocol in MiniQCrypt that achieves simulation-security in the plain model against malicious quantum polynomial-time adversaries, building on the foundational work of Bennett, Brassard, Crépeau and Skubiszewska (CRYPTO 1991). Combining the OT protocol…
▽ More
MiniQCrypt is a world where quantum-secure one-way functions exist, and quantum communication is possible. We construct an oblivious transfer (OT) protocol in MiniQCrypt that achieves simulation-security in the plain model against malicious quantum polynomial-time adversaries, building on the foundational work of Bennett, Brassard, Crépeau and Skubiszewska (CRYPTO 1991). Combining the OT protocol with prior works, we obtain secure two-party and multi-party computation protocols also in MiniQCrypt. This is in contrast to the classical world, where it is widely believed that one-way functions alone do not give us OT.
In the common random string model, we achieve a constant-round universally composable (UC) OT protocol.
△ Less
Submitted 30 November, 2020;
originally announced November 2020.
