This work addresses the threat of quantum adversaries performing superposition attacks—i.e., querying protocol interactions in quantum superposition—against zero-knowledge protocols. Method: We extend the MPC-in-the-head paradigm to the quantum setting for the first time, constructing a three-round zero-knowledge argument system based on the standard Learning-With-Errors (LWE) assumption. Our construction operates in the common reference string (CRS) model and employs a quantum-secure simulator that integrates quantum multi-party computation with superposition-resistant simulation techniques, without relying on idealized commitment primitives. Contributions/Results: (1) The first quantum-secure three-round zero-knowledge argument for NP; (2) The first three-round zero-knowledge argument for QMA, achieving security against both classical and quantum verifiers; (3) All security guarantees are rigorously proven under standard lattice-based cryptographic assumptions. This work advances foundational theory and practical feasibility of post-quantum zero-knowledge proof systems.

The MPC-in-the-head technique (Ishai et al., STOC 2007) is a celebrated method to build zero-knowledge protocols with desirable theoretical properties and high practical efficiency. This technique has generated a large body of research and has influenced the design of real-world post-quantum cryptographic signatures. In this work, we present a generalization of the MPC-in-the-head paradigm to the quantum setting, where the MPC is running a quantum computation. As an application of our framework, we propose a new approach to build zero-knowledge protocols where security holds even against a verifier that can obtain a superposition of transcripts. This notion was pioneered by Damgard et al., who built a zero-knowledge protocol for NP (in the common reference string model) secure against superposition attacks, by relying on perfectly hiding and unconditionally binding dual-mode commitments. Unfortunately, no such commitments are known from standard cryptographic assumptions. In this work we revisit this problem, and present two new three-round protocols in the common reference string model: (i) A zero-knowledge argument for NP, whose security reduces to the standard learning with errors (LWE) problem. (ii) A zero-knowledge argument for QMA from the same assumption.