11 research outputs found
Classical Homomorphic Encryption for Quantum Circuits
We present the first leveled fully homomorphic encryption scheme for quantum
circuits with classical keys. The scheme allows a classical client to blindly
delegate a quantum computation to a quantum server: an honest server is able to
run the computation while a malicious server is unable to learn any information
about the computation. We show that it is possible to construct such a scheme
directly from a quantum secure classical homomorphic encryption scheme with
certain properties. Finally, we show that a classical homomorphic encryption
scheme with the required properties can be constructed from the learning with
errors problem
Delegating Quantum Computation in the Quantum Random Oracle Model
A delegation scheme allows a computationally weak client to use a server's
resources to help it evaluate a complex circuit without leaking any information
about the input (other than its length) to the server. In this paper, we
consider delegation schemes for quantum circuits, where we try to minimize the
quantum operations needed by the client. We construct a new scheme for
delegating a large circuit family, which we call "C+P circuits". "C+P" circuits
are the circuits composed of Toffoli gates and diagonal gates. Our scheme is
non-interactive, requires very little quantum computation from the client
(proportional to input length but independent of the circuit size), and can be
proved secure in the quantum random oracle model, without relying on additional
assumptions, such as the existence of fully homomorphic encryption. In practice
the random oracle can be replaced by an appropriate hash function or block
cipher, for example, SHA-3, AES.
This protocol allows a client to delegate the most expensive part of some
quantum algorithms, for example, Shor's algorithm. The previous protocols that
are powerful enough to delegate Shor's algorithm require either many rounds of
interactions or the existence of FHE. The protocol requires asymptotically
fewer quantum gates on the client side compared to running Shor's algorithm
locally.
To hide the inputs, our scheme uses an encoding that maps one input qubit to
multiple qubits. We then provide a novel generalization of classical garbled
circuits ("reversible garbled circuits") to allow the computation of Toffoli
circuits on this encoding. We also give a technique that can support the
computation of phase gates on this encoding.
To prove the security of this protocol, we study key dependent message(KDM)
security in the quantum random oracle model. KDM security was not previously
studied in quantum settings.Comment: 41 pages, 1 figures. Update to be consistent with the proceeding
versio
On the Possibility of Classical Client Blind Quantum Computing
Classical client remote state preparation (CC − RSP) is a primitive where a fully classical party (client) can instruct the preparation of a sequence of random quantum states on some distant party (server) in a way that the description is known to the client but remains hidden from the server. This primitive has many applications, most prominently, it makes blind quantum computing possible for classical clients. In this work, we give a protocol for classical client remote state preparation, that requires minimal resources. The protocol is proven secure against honest-but-curious servers and any malicious third party in a game-based security framework. We provide an instantiation of a trapdoor (approximately) 2-regular family of functions whose security is based on the hardness of the Learning-With-Errors problem, including a first analysis of the set of usable parameters. We also run an experimentation on IBM’s quantum cloud using a toy function. This is the first proof-of-principle experiment of classical client remote state preparation
Succinct Blind Quantum Computation Using a Random Oracle
In the universal blind quantum computation problem, a client wants to make
use of a single quantum server to evaluate where is an
arbitrary quantum circuit while keeping secret. The client's goal is to use
as few resources as possible. This problem, first raised by Broadbent,
Fitzsimons and Kashefi [FOCS09, arXiv:0807.4154], has become fundamental to the
study of quantum cryptography, not only because of its own importance, but also
because it provides a testbed for new techniques that can be later applied to
related problems (for example, quantum computation verification). Known
protocols on this problem are mainly either information-theoretically (IT)
secure or based on trapdoor assumptions (public key encryptions).
In this paper we study how the availability of symmetric-key primitives,
modeled by a random oracle, changes the complexity of universal blind quantum
computation. We give a new universal blind quantum computation protocol.
Similar to previous works on IT-secure protocols (for example, BFK [FOCS09,
arXiv:0807.4154]), our protocol can be divided into two phases. In the first
phase the client prepares some quantum gadgets with relatively simple quantum
gates and sends them to the server, and in the second phase the client is
entirely classical -- it does not even need quantum storage. Crucially, the
protocol's first phase is succinct, that is, its complexity is independent of
the circuit size. Given the security parameter , its complexity is only
a fixed polynomial of , and can be used to evaluate any circuit (or
several circuits) of size up to a subexponential of . In contrast,
known schemes either require the client to perform quantum computations that
scale with the size of the circuit [FOCS09, arXiv:0807.4154], or require
trapdoor assumptions [Mahadev, FOCS18, arXiv:1708.02130].Comment: 231 pages, 8 figures, 1 table. Add a separate section for extended
technical overview; several readability improvement