Forging quantum data: classically defeating an IQP-based quantum test.

In 2009, Shepherd and Bremner proposed a "test of quantum capability" arXiv:0809.0847 that is attractive because the quantum machine's output can be verified efficiently by classical means. While follow-up papers gave evidence that directly simulating the quantum prover is classically hard, the security of the protocol against other (non-simulating) classical attacks has remained an open question. In this paper, I demonstrate that the protocol is not secure against classical provers. I describe a classical algorithm that can not only convince the verifier that the (classical) prover is quantum, but can in fact can extract the secret key underlying a given protocol instance. Furthermore, I show that the algorithm is efficient in practice for problem sizes of hundreds of qubits. Finally, I provide an implementation of the algorithm, and give the secret vector underlying the "$25 challenge" posted online by the authors of the original paper.