Quantum-enhanced Secure Delegated Classical Computing

We present a quantumly-enhanced protocol to achieve unconditionally secure delegated classical computation where the client and the server have both limited classical and quantum computing capacity. We prove the same task cannot be achieved using only classical protocols. This extends the work of Anders and Browne on the computational power of correlations to a security setting. Concretely, we present how a client with access to a non-universal classical gate such as a parity gate could achieve unconditionally secure delegated universal classical computation by exploiting minimal quantum gadgets. In particular, unlike the universal blind quantum computing protocols, the restriction of the task to classical computing removes the need for a full universal quantum machine on the side of the server and makes these new protocols readily implementable with the currently available quantum technology in the lab

Quantum Cryptography Beyond Quantum Key Distribution

Quantum cryptography is the art and science of exploiting quantum mechanical effects in order to perform cryptographic tasks. While the most well-known example of this discipline is quantum key distribution (QKD), there exist many other applications such as quantum money, randomness generation, secure two- and multi-party computation and delegated quantum computation. Quantum cryptography also studies the limitations and challenges resulting from quantum adversaries---including the impossibility of quantum bit commitment, the difficulty of quantum rewinding and the definition of quantum security models for classical primitives. In this review article, aimed primarily at cryptographers unfamiliar with the quantum world, we survey the area of theoretical quantum cryptography, with an emphasis on the constructions and limitations beyond the realm of QKD.Comment: 45 pages, over 245 reference

Flow Ambiguity: A Path Towards Classically Driven Blind Quantum Computation

Blind quantum computation protocols allow a user to delegate a computation to a remote quantum computer in such a way that the privacy of their computation is preserved, even from the device implementing the computation. To date, such protocols are only known for settings involving at least two quantum devices: either a user with some quantum capabilities and a remote quantum server or two or more entangled but noncommunicating servers. In this work, we take the first step towards the construction of a blind quantum computing protocol with a completely classical client and single quantum server. Specifically, we show how a classical client can exploit the ambiguity in the flow of information in measurement-based quantum computing to construct a protocol for hiding critical aspects of a computation delegated to a remote quantum computer. This ambiguity arises due to the fact that, for a fixed graph, there exist multiple choices of the input and output vertex sets that result in deterministic measurement patterns consistent with the same fixed total ordering of vertices. This allows a classical user, computing only measurement angles, to drive a measurement-based computation performed on a remote device while hiding critical aspects of the computation.Comment: (v3) 14 pages, 6 figures. expands introduction and definition of flow, corrects typos to increase readability; contains a new figure to illustrate example run of CDBQC protocol; minor changes to match the published version.(v2) 12 pages, 5 figures. Corrects motivation for quantities used in blindness analysi

Universal blind quantum computation

We present a protocol which allows a client to have a server carry out a quantum computation for her such that the client's inputs, outputs and computation remain perfectly private, and where she does not require any quantum computational power or memory. The client only needs to be able to prepare single qubits randomly chosen from a finite set and send them to the server, who has the balance of the required quantum computational resources. Our protocol is interactive: after the initial preparation of quantum states, the client and server use two-way classical communication which enables the client to drive the computation, giving single-qubit measurement instructions to the server, depending on previous measurement outcomes. Our protocol works for inputs and outputs that are either classical or quantum. We give an authentication protocol that allows the client to detect an interfering server; our scheme can also be made fault-tolerant. We also generalize our result to the setting of a purely classical client who communicates classically with two non-communicating entangled servers, in order to perform a blind quantum computation. By incorporating the authentication protocol, we show that any problem in BQP has an entangled two-prover interactive proof with a purely classical verifier. Our protocol is the first universal scheme which detects a cheating server, as well as the first protocol which does not require any quantum computation whatsoever on the client's side. The novelty of our approach is in using the unique features of measurement-based quantum computing which allows us to clearly distinguish between the quantum and classical aspects of a quantum computation.Comment: 20 pages, 7 figures. This version contains detailed proofs of authentication and fault tolerance. It also contains protocols for quantum inputs and outputs and appendices not available in the published versio

Complexity-Theoretic Limitations on Blind Delegated Quantum Computation

Blind delegation protocols allow a client to delegate a computation to a server so that the server learns nothing about the input to the computation apart from its size. For the specific case of quantum computation we know that blind delegation protocols can achieve information-theoretic security. In this paper we prove, provided certain complexity-theoretic conjectures are true, that the power of information-theoretically secure blind delegation protocols for quantum computation (ITS-BQC protocols) is in a number of ways constrained. In the first part of our paper we provide some indication that ITS-BQC protocols for delegating $\sf BQP$ computations in which the client and the server interact only classically are unlikely to exist. We first show that having such a protocol with $O(n^d)$ bits of classical communication implies that $\mathsf{BQP} \subset \mathsf{MA/O(n^d)}$. We conjecture that this containment is unlikely by providing an oracle relative to which $\mathsf{BQP} \not\subset \mathsf{MA/O(n^d)}$. We then show that if an ITS-BQC protocol exists with polynomial classical communication and which allows the client to delegate quantum sampling problems, then there exist non-uniform circuits of size $2^{n - \mathsf{\Omega}(n/log(n))}$, making polynomially-sized queries to an $\sf NP^{NP}$ oracle, for computing the permanent of an $n \times n$ matrix. The second part of our paper concerns ITS-BQC protocols in which the client and the server engage in one round of quantum communication and then exchange polynomially many classical messages. First, we provide a complexity-theoretic upper bound on the types of functions that could be delegated in such a protocol, namely $\mathsf{QCMA/qpoly \cap coQCMA/qpoly}$. Then, we show that having such a protocol for delegating $\mathsf{NP}$-hard functions implies $\mathsf{coNP^{NP^{NP}}} \subseteq \mathsf{NP^{NP^{PromiseQMA}}}$.Comment: Improves upon, supersedes and corrects our earlier submission, which previously included an error in one of the main theorem

Sumcheck-based delegation of quantum computing to rational server

Delegated quantum computing enables a client with a weak computational power to delegate quantum computing to a remote quantum server in such a way that the integrity of the server is efficiently verified by the client. Recently, a new model of delegated quantum computing has been proposed, namely, rational delegated quantum computing. In this model, after the client interacts with the server, the client pays a reward to the server. The rational server sends messages that maximize the expected value of the reward. It is known that the classical client can delegate universal quantum computing to the rational quantum server in one round. In this paper, we propose novel one-round rational delegated quantum computing protocols by generalizing the classical rational sumcheck protocol. The construction of the previous rational protocols depends on gate sets, while our sumcheck technique can be easily realized with any local gate set. Furthermore, as with the previous protocols, our reward function satisfies natural requirements. We also discuss the reward gap. Simply speaking, the reward gap is a minimum loss on the expected value of the server's reward incurred by the server's behavior that makes the client accept an incorrect answer. Although our sumcheck-based protocols have only exponentially small reward gaps as with the previous protocols, we show that a constant reward gap can be achieved if two non-communicating but entangled rational servers are allowed. We also discuss that a single rational server is sufficient under the (widely-believed) assumption that the learning-with-errors problem is hard for polynomial-time quantum computing. Apart from these results, we show, under a certain condition, the equivalence between $rational$ and $ordinary$ delegated quantum computing protocols. Based on this equivalence, we give a reward-gap amplification method.Comment: 28 pages, 1 figure, Because of the character limitation, the abstract was shortened compared with the PDF fil

Classical secure delegation of quantum computations

The rapid evolution of quantum technologies is likely to cause major shifts in the mainstream computing landscape. In order to fully reach their potential in a wide base accessible to any user, remote access of quantum computers and manipulation of data with strong privacy and integrity guarantees are essential. Consider a setting where a client having a fully classical computer wants to determine the result of some quantum computation, but lacks the necessary resources to perform the computation herself. She has access to a more powerful server which has quantum resources and can solve the problem and send the outcome back to the client. However, the client does not trust the powerful server, so she needs to find a way to hide her data. Therefore, the main question that arises is how can we guarantee the client’s privacy of the input and even the computation itself against the server possessing quantum computational capabilities. In the present thesis, we study this problem, denoted here as classical secure delegation of quantum computations (CSDQC) between a fully classical honest client and a quantum untrusted server. We focus on different models of security, analyzing the limitations and potential of each of the settings. Concretely, we first study the CSDQC problem under information-theoretic security. We analyse two categories of quantum computations, decision and sampling problems and in both cases we provide evidence indicating the impossibility of achieving information-theoretic security. Subsequently, we consider relaxing the security framework and specifically, we will analyze this task in the computational security setting (against quantum polynomial-time adversaries). As a result, in the second part of the thesis we put forward the remote state preparation as a key component that would allow us to achieve classical secure delegation of universal quantum computations. We present two protocols realizing the remote state preparation primitive assuming only a classical channel between client and server. The first candidate is shown to be secure in the honest-but-curious model, while the second candidate is proven secure against the server in the malicious setting. The security of both constructions relies on the hardness of the learning with errors problem. Finally, given the important role the remote state preparation plays not only in CSDQC, but also in other quantum communication protocols, we analyze its composable security to determine the privacy loss as a result of using remote state preparation as a sub-module in different protocols