194 research outputs found
Composable security of delegated quantum computation
Delegating difficult computations to remote large computation facilities,
with appropriate security guarantees, is a possible solution for the
ever-growing needs of personal computing power. For delegated computation
protocols to be usable in a larger context---or simply to securely run two
protocols in parallel---the security definitions need to be composable. Here,
we define composable security for delegated quantum computation. We distinguish
between protocols which provide only blindness---the computation is hidden from
the server---and those that are also verifiable---the client can check that it
has received the correct result. We show that the composable security
definition capturing both these notions can be reduced to a combination of
several distinct "trace-distance-type" criteria---which are, individually,
non-composable security definitions.
Additionally, we study the security of some known delegated quantum
computation protocols, including Broadbent, Fitzsimons and Kashefi's Universal
Blind Quantum Computation protocol. Even though these protocols were originally
proposed with insufficient security criteria, they turn out to still be secure
given the stronger composable definitions.Comment: 37+9 pages, 13 figures. v3: minor changes, new references. v2:
extended the reduction between composable and local security to include
entangled inputs, substantially rewritten the introduction to the Abstract
Cryptography (AC) framewor
Computationally-Secure and Composable Remote State Preparation
We introduce a protocol between a classical polynomial-time verifier and a quantum polynomial-time prover that allows the verifier to securely delegate to the prover the preparation of certain single-qubit quantum states The prover is unaware of which state he received and moreover, the verifier can check with high confidence whether the preparation was successful. The delegated preparation of single-qubit states is an elementary building block in many quantum cryptographic protocols. We expect our implementation of "random remote state preparation with verification", a functionality first defined in (Dunjko and Kashefi 2014), to be useful for removing the need for quantum communication in such protocols while keeping functionality. The main application that we detail is to a protocol for blind and verifiable delegated quantum computation (DQC) that builds on the work of (Fitzsimons and Kashefi 2018), who provided such a protocol with quantum communication. Recently, both blind an verifiable DQC were shown to be possible, under computational assumptions, with a classical polynomial-time client (Mahadev 2017, Mahadev 2018). Compared to the work of Mahadev, our protocol is more modular, applies to the measurement-based model of computation (instead of the Hamiltonian model) and is composable. Our proof of security builds on ideas introduced in (Brakerski et al. 2018)
Computationally-Secure and Composable Remote State Preparation
We introduce a protocol between a classical polynomial-time verifier and a quantum polynomial-time prover that allows the verifier to securely delegate to the prover the preparation of certain single-qubit quantum states The prover is unaware of which state he received and moreover, the verifier can check with high confidence whether the preparation was successful. The delegated preparation of single-qubit states is an elementary building block in many quantum cryptographic protocols. We expect our implementation of "random remote state preparation with verification", a functionality first defined in (Dunjko and Kashefi 2014), to be useful for removing the need for quantum communication in such protocols while keeping functionality. The main application that we detail is to a protocol for blind and verifiable delegated quantum computation (DQC) that builds on the work of (Fitzsimons and Kashefi 2018), who provided such a protocol with quantum communication. Recently, both blind an verifiable DQC were shown to be possible, under computational assumptions, with a classical polynomial-time client (Mahadev 2017, Mahadev 2018). Compared to the work of Mahadev, our protocol is more modular, applies to the measurement-based model of computation (instead of the Hamiltonian model) and is composable. Our proof of security builds on ideas introduced in (Brakerski et al. 2018)
Security Limitations of Classical-Client Delegated Quantum Computing
Secure delegated quantum computing allows a computationally weak client to
outsource an arbitrary quantum computation to an untrusted quantum server in a
privacy-preserving manner. One of the promising candidates to achieve classical
delegation of quantum computation is classical-client remote state preparation
(), where a client remotely prepares a quantum state using a
classical channel. However, the privacy loss incurred by employing
as a sub-module is unclear.
In this work, we investigate this question using the Constructive
Cryptography framework by Maurer and Renner (ICS'11). We first identify the
goal of as the construction of ideal RSP resources from classical
channels and then reveal the security limitations of using . First,
we uncover a fundamental relationship between constructing ideal RSP resources
(from classical channels) and the task of cloning quantum states. Any
classically constructed ideal RSP resource must leak to the server the full
classical description (possibly in an encoded form) of the generated quantum
state, even if we target computational security only. As a consequence, we find
that the realization of common RSP resources, without weakening their
guarantees drastically, is impossible due to the no-cloning theorem. Second,
the above result does not rule out that a specific protocol can
replace the quantum channel at least in some contexts, such as the Universal
Blind Quantum Computing (UBQC) protocol of Broadbent et al. (FOCS '09).
However, we show that the resulting UBQC protocol cannot maintain its proven
composable security as soon as is used as a subroutine. Third, we
show that replacing the quantum channel of the above UBQC protocol by the
protocol QFactory of Cojocaru et al. (Asiacrypt '19), preserves the
weaker, game-based, security of UBQC.Comment: 40 pages, 12 figure
Quantum Cryptography Beyond Quantum Key Distribution
Quantum cryptography is the art and science of exploiting quantum mechanical
effects in order to perform cryptographic tasks. While the most well-known
example of this discipline is quantum key distribution (QKD), there exist many
other applications such as quantum money, randomness generation, secure two-
and multi-party computation and delegated quantum computation. Quantum
cryptography also studies the limitations and challenges resulting from quantum
adversaries---including the impossibility of quantum bit commitment, the
difficulty of quantum rewinding and the definition of quantum security models
for classical primitives. In this review article, aimed primarily at
cryptographers unfamiliar with the quantum world, we survey the area of
theoretical quantum cryptography, with an emphasis on the constructions and
limitations beyond the realm of QKD.Comment: 45 pages, over 245 reference
QEnclave - A practical solution for secure quantum cloud computing
We introduce a secure hardware device named a QEnclave that can secure the
remote execution of quantum operations while only using classical controls.
This device extends to quantum computing the classical concept of a secure
enclave which isolates a computation from its environment to provide privacy
and tamper-resistance. Remarkably, our QEnclave only performs single-qubit
rotations, but can nevertheless be used to secure an arbitrary quantum
computation even if the qubit source is controlled by an adversary. More
precisely, attaching a QEnclave to a quantum computer, a remote client
controlling the QEnclave can securely delegate its computation to the server
solely using classical communication. We investigate the security of our
QEnclave by modeling it as an ideal functionality named Remote State Rotation.
We show that this resource, similar to previously introduced functionality of
remote state preparation, allows blind delegated quantum computing with perfect
security. Our proof relies on standard tools from delegated quantum computing.
Working in the Abstract Cryptography framework, we show a construction of
remote state preparation from remote state rotation preserving the security. An
immediate consequence is the weakening of the requirements for blind delegated
computation. While previous delegated protocols were relying on a client that
can either generate or measure quantum states, we show that this same
functionality can be achieved with a client that only transforms quantum states
without generating or measuring them.Comment: 25 pages, 5 figure
- …