Classical Verification for Quantum Computation
- The topic is defined as classical verification of quantum computation where a classical verifier certifies quantum outcomes with explicit completeness and soundness guarantees.
- It examines various models including decision problems, sampling tasks, and output verification, with methodologies like the k‐transform framework and limited basis-change circuits.
- Protocols range from interactive methods like Mahadev’s to non-interactive schemes using trusted setups or Fiat–Shamir, each balancing resource usage with computational or information‐theoretic soundness.
Classical verification of quantum computation studies whether a classical verifier can certify the correctness of a quantum computation performed by an untrusted quantum prover, with explicit completeness and soundness guarantees. Across the literature, the subject splits along several axes: whether the target is a decision problem, a sampling task, or a claimed output string; whether soundness is information-theoretic or computational; whether interaction is multi-round, non-interactive, or mediated by trusted setup; and whether verification is universal for or tailored to restricted circuit families or task-specific structure (Morimae, 2020, Alagic et al., 2019, Demarie et al., 2016).
1. Formal problem and security notions
The standard formulation asks whether a completely classical probabilistic polynomial-time verifier can be convinced that an untrusted quantum prover has correctly performed a quantum computation. Completeness requires acceptance with high probability on YES instances, while soundness bounds the acceptance probability on NO instances. When soundness holds against any quantum prover, it is information-theoretic; when it relies on assumptions such as the hardness of Learning With Errors for quantum computers, it is computational (Morimae, 2020).
Several formal models coexist. In the $\QPIP_0$ framework, the verifier is fully classical, so $\QPIP_0$ protocols are precisely CVQC protocols. For decision problems, the verifier outputs or ; for sampling problems in $\SampBQP$, the verifier outputs either or , and soundness is formulated in a simulation style that compares the verifier’s accepted output to an ideal sample from the target distribution (Chung et al., 2020).
The verification target is not always “simulate the whole quantum computation.” A structurally simpler formulation is the verification of a claimed output string for a known circuit and known input. In the -transform framework, the verifier receives a circuit description, an input basis state, and a claimed output , and must decide whether $\QPIP_0$0 is a likely outcome. This task is explicitly distinguished from computing the full output distribution or predicting which output should occur (Demarie et al., 2016).
For QMA-type statements, the target includes a quantum witness. This introduces a further constraint absent in BQP verification: witness states are not generally clonable, so repetition-based soundness amplification can consume many copies unless the protocol is designed to preserve the witness state (Kalai et al., 9 Feb 2026).
2. Structural and restricted-model verification
A major line of work isolates restricted circuit classes for which classical verification is possible without general-purpose cryptographic machinery. One example is verification for quantum circuits with at most two basis changes. In that setting, a $\QPIP_0$1-transform circuit consists of a computational-basis input, polynomially many Toffoli gates, and at most $\QPIP_0$2 classically samplable basis-changing transforms. For $\QPIP_0$3, the verification promise problem is in $\QPIP_0$4: given a claimed output $\QPIP_0$5 that occurs with probability at least inverse polynomial, a completely classical randomized verifier can decide, with bounded error, whether $\QPIP_0$6 is a likely outcome by random sampling of computational paths (Demarie et al., 2016).
This result is tied to the Fourier hierarchy. The paper identifies $\QPIP_0$7, $\QPIP_0$8, and treats the $\QPIP_0$9 case as the second level $\QPIP_0$0, which is the lowest level of the Fourier hierarchy at which a strong quantum advantage is known. The analysis covers the same two-basis-change structure used to define $\QPIP_0$1, including algorithms such as phase estimation and Shor’s factoring algorithm, and shows that verifying one specific likely output can be easier than classically simulating or sampling the entire distribution (Demarie et al., 2016).
A different restricted-model approach exploits the separation between adaptive and non-adaptive Clifford computation. Jozsa and Strelchuk consider adaptive Clifford circuits on general product state inputs, which provide universal quantum computation, and observe that the same processes without adaptation are always classically efficiently simulatable. Their verifier is entirely classical and verifies a chosen computational run by freezing the adaptive choices into a fixed non-adaptive circuit, classically simulating that circuit, and cross-checking repeated executions. The trade-off is explicit: the scheme is not secure against arbitrarily adversarial behaviour, but is intended for settings closer to scientific validation than to cryptographic robustness (Jozsa et al., 2017).
These restricted models sharpen a general distinction within the subject. Some verification problems become tractable because the verifier is checking a particular outcome, a particular frozen branch, or a low-depth basis-change structure, rather than attempting universal certification for arbitrary $\QPIP_0$2 computations. This suggests a spectrum between full CVQC and task-specific certification, although the restricted results do not by themselves extend to generic $\QPIP_0$3 circuits.
3. Interactive, non-interactive, and setup-based protocols for general computation
General single-prover CVQC for arbitrary quantum computation is dominated by interactive and cryptographic constructions. A central reference point is Mahadev’s protocol, which achieves a purely classical verifier and only classical messages, but with computational soundness based on LWE-type assumptions. The contrast with information-theoretic approaches is sharp in later expositions: post hoc verification by Fitzsimons, Hajdušek, and Morimae is non-interactive and information-theoretically sound, but requires a quantum message from the prover and single-qubit measurements by the verifier, whereas Mahadev removes those quantum parts at the cost of computational soundness (Morimae, 2020).
One route to non-interactivity is trusted setup. Morimae gives an information-theoretically sound non-interactive classical verification protocol with a trusted center. The center sends random BB84 states $\QPIP_0$4 to the prover and the classical description $\QPIP_0$5 to the verifier, with the crucial property that these setup messages are independent of the instance. The construction is derived from post hoc verification through two virtual teleportation-based protocols, preserves the original acceptance probability exactly, and also yields a non-interactive statistical zero-knowledge proof system for QMA in the same trusted-center model (Morimae, 2020).
A second route is Fiat–Shamir-style compilation in the Quantum Random Oracle Model. Chia, Chung, and Yamakawa first make the initial key-generation phase of a Mahadev-type protocol instance-independent and move it offline, then prove a parallel repetition theorem for the resulting three-message protocol, and finally apply Fiat–Shamir to obtain a non-interactive protocol after setup. By combining this with classical NIZK for NP and circuit-private FHE, they obtain a non-interactive classical zero-knowledge argument for QMA in the QROM, with negligible completeness and soundness error under quantum hardness of LWE (Alagic et al., 2019).
The scope of CVQC has also been extended from decision to sampling. A four-message $\QPIP_0$6 protocol for all sampling problems in $\QPIP_0$7 is constructed from a $\QPIP_0$8 Hamiltonian-based protocol, Mahadev’s measurement protocol, and a nonstandard parallel repetition in which exactly one copy is a Hadamard round and the others are testing rounds. The same work gives a generic compiler that transforms any $\QPIP_0$9 protocol into a blind one, preserving the number of rounds, completeness, and soundness, and thereby yields the first constant-round blind CVQC protocols for both BQP and SampBQP (Chung et al., 2020).
4. Resource trade-offs, physical realizations, and witness preservation
The verifier’s physical resources form another central axis. Broadbent’s protocol already showed that any language in 0 has a quantum interactive proof system with a classical verifier who can also prepare random single-qubit pure states, with unconditional soundness and linear overhead per run. That model is not fully classical, but it established a minimal-quantum-verifier benchmark against which later strictly classical or physically classical protocols are compared (Broadbent, 2015).
A recent information-theoretic alternative replaces qubit communication by coherent light. In the “physically classical” protocol, the verifier sends only coherent light to the quantum computer, uses remote blind state preparation to emulate the single-qubit states needed by a Hamiltonian-based verification procedure, and thereby removes the necessity of the communication of qubits while retaining unconditional detection of malicious behaviour for any promise problem in 1. The verifier is classical in the sense of using classical computation and coherent-state preparation, but the communication channel is not classical in the strict cryptographic sense (Takeuchi et al., 2024).
Experimental work has begun to realize these ideas. A first proof-of-principle experiment on a trapped-ion processor implemented a simplified version of Mahadev’s protocol using only classical means on the verifier side. The experiment is explicitly framed as a verification protocol for fully untrusted devices based on post-quantum secure trapdoor functions within an interactive proof, and as a precursor to scaled-up protocols requiring no hardware access or detailed knowledge of the tested device (Stricker et al., 2022).
Witness handling has become a separate resource question. Existing CVQC protocols for QMA consume the prover’s witness state, so repetition for negligible error requires many copies of a non-clonable witness. A recent construction resolves this by giving a CVQC that uses a single copy of the QMA witness, has negligible completeness and soundness errors, and does not destroy its witness. Its soundness is based on post-quantum LWE, and it introduces two new primitives: a state preserving classical argument for NP and dual-mode trapdoor functions with state recovery (Kalai et al., 9 Feb 2026).
5. Barriers, impossibility evidence, and complexity-theoretic constraints
The positive results are matched by strong negative evidence about what classical verification can achieve under natural restrictions. Gheorghiu, Kapourniotis, and Kashefi define a family of single-prover information-theoretic protocols based on inexact linear-scalar consistency checking, encompassing the protocols of Aharonov–Arad–Vazirani and Aharonov–Green. They show that any protocol from this family is bound to require an extremely powerful prover, much like the classical IP=2 protocols of Lund–Fortnow–Karloff–Nisan and Shamir, and indicate that otherwise one would obtain unlikely containments such as 3 or 4 (Green, 2021).
A different barrier concerns non-interactivity in the plain model. Under the existence of a 5-6 gap problem, there is no quantum black-box reduction of non-interactive classical verification of 7 to any falsifiable assumption. Here non-interactive means an instance-independent setup followed by a single prover message. Since falsifiable assumptions cover almost all standard assumptions used in cryptography, including LWE, this excludes black-box proofs of one-message CVQC for QMA from the ordinary assumption toolbox and, in particular, blocks a black-box reduction from such a protocol to Mahadev-style assumptions (Barhoush et al., 20 Feb 2026).
These barriers delimit several trade-offs that recur throughout the subject. Information-theoretic soundness with a single prover appears to demand either nonclassical verifier resources, a trusted setup, or task-specific structure; fully classical single-prover universality is currently obtained only with computational assumptions; and non-interactive plain-model verification for QMA faces structural obstacles even before efficiency is considered. This suggests that round complexity, verifier resources, and the type of assumption are not independent parameters but tightly coupled design constraints.
6. Extensions to quantum learning and noisy quantum devices
Classical verification ideas have also been transplanted from general circuit evaluation to learning tasks. A framework for classical verification of quantum learning studies classical verifiers interacting with quantum provers on agnostic learning problems. Using a new quantum data model called mixture-of-superpositions quantum examples, efficient quantum algorithms are given for agnostic parity learning and Fourier-sparse learning with uniform input marginal, while the verifier uses only classical random examples or statistical queries. The resulting interactive proofs verify the statistical quality of a hypothesis rather than the gate-level correctness of a circuit, and the protocols are one-round with a classical message consisting of a list of Fourier coefficients or heavy Fourier support (Caro et al., 2023).
Noise robustness has been added to this picture. For agnostic parity learning with uniform input marginal, a classical error rectification algorithm reconstructs the noise-free results of the quantum Fourier sampling circuit under practical constant-level noises, and restores the heavy Fourier coefficients using a small number of noisy samples that scales logarithmically with the problem size. Under a Fourier sparsity condition, a classical client with access to a random example oracle can then verify the learning result returned by a noisy quantum prover efficiently (Ma et al., 2024).
These learning-oriented protocols are not universal CVQC in the sense of arbitrary 8 verification. They instead exploit explicit Fourier structure, sparse spectra, and task-dependent statistical certification. This suggests a complementary branch of the subject in which classical verification is organized around the algebraic structure of particular quantum advantages rather than around universal delegation protocols.