Detecting Violations of Differential Privacy for Quantum Algorithms

Quantum algorithms for solving a wide range of practical problems have been proposed in the last ten years, such as data search and analysis, product recommendation, and credit scoring. The concern about privacy and other ethical issues in quantum computing naturally rises up. In this paper, we define a formal framework for detecting violations of differential privacy for quantum algorithms. A detection algorithm is developed to verify whether a (noisy) quantum algorithm is differentially private and automatically generate bugging information when the violation of differential privacy is reported. The information consists of a pair of quantum states that violate the privacy, to illustrate the cause of the violation. Our algorithm is equipped with Tensor Networks, a highly efficient data structure, and executed both on TensorFlow Quantum and TorchQuantum which are the quantum extensions of famous machine learning platforms -- TensorFlow and PyTorch, respectively. The effectiveness and efficiency of our algorithm are confirmed by the experimental results of almost all types of quantum algorithms already implemented on realistic quantum computers, including quantum supremacy algorithms (beyond the capability of classical algorithms), quantum machine learning models, quantum approximate optimization algorithms, and variational quantum eigensolvers with up to 21 quantum bits

Algorithmic Polynomials

The approximate degree of a Boolean function $f(x_{1},x_{2},\ldots,x_{n})$ is the minimum degree of a real polynomial that approximates $f$ pointwise within $1/3$. Upper bounds on approximate degree have a variety of applications in learning theory, differential privacy, and algorithm design in general. Nearly all known upper bounds on approximate degree arise in an existential manner from bounds on quantum query complexity. We develop a first-principles, classical approach to the polynomial approximation of Boolean functions. We use it to give the first constructive upper bounds on the approximate degree of several fundamental problems: - $O\bigl(n^{\frac{3}{4}-\frac{1}{4(2^{k}-1)}}\bigr)$ for the $k$-element distinctness problem; - $O(n^{1-\frac{1}{k+1}})$ for the $k$-subset sum problem; - $O(n^{1-\frac{1}{k+1}})$ for any $k$-DNF or $k$-CNF formula; - $O(n^{3/4})$ for the surjectivity problem. In all cases, we obtain explicit, closed-form approximating polynomials that are unrelated to the quantum arguments from previous work. Our first three results match the bounds from quantum query complexity. Our fourth result improves polynomially on the $\Theta(n)$ quantum query complexity of the problem and refutes the conjecture by several experts that surjectivity has approximate degree $\Omega(n)$. In particular, we exhibit the first natural problem with a polynomial gap between approximate degree and quantum query complexity

Blind Quantum Computing with Weak Coherent Pulses

The recently proposed Universal Blind Quantum Computation (UBQC) protocol allows a client to perform an arbitrary quantum computation on a remote server such that perfect privacy is guaranteed if the client is capable of producing random separable single qubit states. While from a theoretical point of view, this arguably constitutes the lowest possible quantum requirement, from a pragmatic point of view, generation of random single qubits which can be sent along long distances without loss is quite challenging and can never be achieved perfectly. In analogy to the concept of approximate security developed for other cryptographic protocols, we introduce here the concept of approximate blindness for UBQC, allowing us to characterize the robustness of the protocol to possible imperfections. Following this, we present a remote blind single qubit preparation protocol, by which a client with access to realistic quantum devices (such as coherent laser light) can in a delegated fashion prepare quantum states arbitrarily close to perfect random single qubit states. We finally prove that access to coherent states is sufficient to efficiently achieve approximate blindness with arbitrary small security parameter.Comment: 16 pages, 1 figur

Duality of privacy amplification against quantum adversaries and data compression with quantum side information

We show that the tasks of privacy amplification against quantum adversaries and data compression with quantum side information are dual in the sense that the ability to perform one implies the ability to perform the other. These are two of the most important primitives in classical information theory, and are shown to be connected by complementarity and the uncertainty principle in the quantum setting. Applications include a new uncertainty principle formulated in terms of smooth min- and max-entropies, as well as new conditions for approximate quantum error correction.Comment: v2: Includes a derivation of an entropic uncertainty principle for smooth min- and max-entropies. Discussion of the Holevo-Schumacher-Westmoreland theorem remove

Converse bounds for private communication over quantum channels

This paper establishes several converse bounds on the private transmission capabilities of a quantum channel. The main conceptual development builds firmly on the notion of a private state, which is a powerful, uniquely quantum method for simplifying the tripartite picture of privacy involving local operations and public classical communication to a bipartite picture of quantum privacy involving local operations and classical communication. This approach has previously led to some of the strongest upper bounds on secret key rates, including the squashed entanglement and the relative entropy of entanglement. Here we use this approach along with a "privacy test" to establish a general meta-converse bound for private communication, which has a number of applications. The meta-converse allows for proving that any quantum channel's relative entropy of entanglement is a strong converse rate for private communication. For covariant channels, the meta-converse also leads to second-order expansions of relative entropy of entanglement bounds for private communication rates. For such channels, the bounds also apply to the private communication setting in which the sender and receiver are assisted by unlimited public classical communication, and as such, they are relevant for establishing various converse bounds for quantum key distribution protocols conducted over these channels. We find precise characterizations for several channels of interest and apply the methods to establish several converse bounds on the private transmission capabilities of all phase-insensitive bosonic channels.Comment: v3: 53 pages, 3 figures, final version accepted for publication in IEEE Transactions on Information Theor

General paradigm for distilling classical key from quantum states

We develop a formalism for distilling a classical key from a quantum state in a systematic way, expanding on our previous work on secure key from bound entanglement [K. Horodecki et. al., Phys. Rev. Lett. 94 (2005)]. More detailed proofs, discussion and examples are provided of the main results. Namely, we demonstrate that all quantum cryptographic protocols can be recast in a way which looks like entanglement theory, with the only change being that instead of distilling EPR pairs, the parties distill private states. The form of these general private states are given, and we show that there are a number of useful ways of expressing them. Some of the private states can be approximated by certain states which are bound entangled. Thus distillable entanglement is not a requirement for a private key. We find that such bound entangled states are useful for a cryptographic primitive we call a controlled private quantum channel. We also find a general class of states which have negative partial transpose (are NPT), but which appear to be bound entangled. The relative entropy distance is shown to be an upper bound on the rate of key. This allows us to compute the exact value of distillable key for a certain class of private states.Comment: 41 pages, ReVTeX4, improved version, resubmitted to IEE

Secure key from bound entanglement

We characterize the set of shared quantum states which contain a cryptographically private key. This allows us to recast the theory of privacy as a paradigm closely related to that used in entanglement manipulation. It is shown that one can distill an arbitrarily secure key from bound entangled states. There are also states which have less distillable private key than the entanglement cost of the state. In general the amount of distillable key is bounded from above by the relative entropy of entanglement. Relationships between distillability and distinguishability are found for a class of states which have Bell states correlated to separable hiding states. We also describe a technique for finding states exhibiting irreversibility in entanglement distillation.Comment: 4 pages, no figures, to appear in PR