Continuous-variable blind quantum computation

Blind quantum computation is a secure delegated quantum computing protocol where Alice who does not have sufficient quantum technology at her disposal delegates her computation to Bob who has a fully-fledged quantum computer in such a way that Bob cannot learn anything about Alice's input, output, and algorithm. Protocols of blind quantum computation have been proposed for several qubit measurement-based computation models, such as the graph state model, the Affleck-Kennedy-Lieb-Tasaki model, and the Raussendorf-Harrington-Goyal topological model. Here, we consider blind quantum computation for the continuous-variable measurement-based model. We show that blind quantum computation is possible for the infinite squeezing case. We also show that the finite squeezing causes no additional problem in the blind setup apart from the one inherent to the continuous-variable measurement-based quantum computation.Comment: 20 pages, 8 figure

Quantum computational tensor network on string-net condensate

The string-net condensate is a new class of materials which exhibits the quantum topological order. In order to answer the important question, "how useful is the string-net condensate in quantum information processing?", we consider the most basic example of the string-net condensate, namely the $Z_2$ gauge string-net condensate on the two-dimensional hexagonal lattice, and show that the universal measurement-based quantum computation (in the sense of the quantum computational webs) is possible on it by using the framework of the quantum computational tensor network. This result implies that even the most basic example of the string-net condensate is equipped with the correlation space that has the capacity for the universal quantum computation.Comment: 5 pages, 4 figure

Blind quantum computation protocol in which Alice only makes measurements

Blind quantum computation is a new secure quantum computing protocol which enables Alice who does not have sufficient quantum technology to delegate her quantum computation to Bob who has a fully-fledged quantum computer in such a way that Bob cannot learn anything about Alice's input, output, and algorithm. In previous protocols, Alice needs to have a device which generates quantum states, such as single-photon states. Here we propose another type of blind computing protocol where Alice does only measurements, such as the polarization measurements with a threshold detector. In several experimental setups, such as optical systems, the measurement of a state is much easier than the generation of a single-qubit state. Therefore our protocols ease Alice's burden. Furthermore, the security of our protocol is based on the no-signaling principle, which is more fundamental than quantum physics. Finally, our protocols are device independent in the sense that Alice does not need to trust her measurement device in order to guarantee the security.Comment: 9 pages, 3 figure

Unconditionally verifiable blind computation

Blind Quantum Computing (BQC) allows a client to have a server carry out a quantum computation for them such that the client's input, output and computation remain private. A desirable property for any BQC protocol is verification, whereby the client can verify with high probability whether the server has followed the instructions of the protocol, or if there has been some deviation resulting in a corrupted output state. A verifiable BQC protocol can be viewed as an interactive proof system leading to consequences for complexity theory. The authors, together with Broadbent, previously proposed a universal and unconditionally secure BQC scheme where the client only needs to be able to prepare single qubits in separable states randomly chosen from a finite set and send them to the server, who has the balance of the required quantum computational resources. In this paper we extend that protocol with new functionality allowing blind computational basis measurements, which we use to construct a new verifiable BQC protocol based on a new class of resource states. We rigorously prove that the probability of failing to detect an incorrect output is exponentially small in a security parameter, while resource overhead remains polynomial in this parameter. The new resource state allows entangling gates to be performed between arbitrary pairs of logical qubits with only constant overhead. This is a significant improvement on the original scheme, which required that all computations to be performed must first be put into a nearest neighbour form, incurring linear overhead in the number of qubits. Such an improvement has important consequences for efficiency and fault-tolerance thresholds.Comment: 46 pages, 10 figures. Additional protocol added which allows arbitrary circuits to be verified with polynomial securit

Quantum Fully Homomorphic Encryption With Verification

Fully-homomorphic encryption (FHE) enables computation on encrypted data while maintaining secrecy. Recent research has shown that such schemes exist even for quantum computation. Given the numerous applications of classical FHE (zero-knowledge proofs, secure two-party computation, obfuscation, etc.) it is reasonable to hope that quantum FHE (or QFHE) will lead to many new results in the quantum setting. However, a crucial ingredient in almost all applications of FHE is circuit verification. Classically, verification is performed by checking a transcript of the homomorphic computation. Quantumly, this strategy is impossible due to no-cloning. This leads to an important open question: can quantum computations be delegated and verified in a non-interactive manner? In this work, we answer this question in the affirmative, by constructing a scheme for QFHE with verification (vQFHE). Our scheme provides authenticated encryption, and enables arbitrary polynomial-time quantum computations without the need of interaction between client and server. Verification is almost entirely classical; for computations that start and end with classical states, it is completely classical. As a first application, we show how to construct quantum one-time programs from classical one-time programs and vQFHE.Comment: 30 page

Flow Ambiguity: A Path Towards Classically Driven Blind Quantum Computation

Blind quantum computation protocols allow a user to delegate a computation to a remote quantum computer in such a way that the privacy of their computation is preserved, even from the device implementing the computation. To date, such protocols are only known for settings involving at least two quantum devices: either a user with some quantum capabilities and a remote quantum server or two or more entangled but noncommunicating servers. In this work, we take the first step towards the construction of a blind quantum computing protocol with a completely classical client and single quantum server. Specifically, we show how a classical client can exploit the ambiguity in the flow of information in measurement-based quantum computing to construct a protocol for hiding critical aspects of a computation delegated to a remote quantum computer. This ambiguity arises due to the fact that, for a fixed graph, there exist multiple choices of the input and output vertex sets that result in deterministic measurement patterns consistent with the same fixed total ordering of vertices. This allows a classical user, computing only measurement angles, to drive a measurement-based computation performed on a remote device while hiding critical aspects of the computation.Comment: (v3) 14 pages, 6 figures. expands introduction and definition of flow, corrects typos to increase readability; contains a new figure to illustrate example run of CDBQC protocol; minor changes to match the published version.(v2) 12 pages, 5 figures. Corrects motivation for quantities used in blindness analysi

Unforgeable Quantum Encryption

We study the problem of encrypting and authenticating quantum data in the presence of adversaries making adaptive chosen plaintext and chosen ciphertext queries. Classically, security games use string copying and comparison to detect adversarial cheating in such scenarios. Quantumly, this approach would violate no-cloning. We develop new techniques to overcome this problem: we use entanglement to detect cheating, and rely on recent results for characterizing quantum encryption schemes. We give definitions for (i.) ciphertext unforgeability , (ii.) indistinguishability under adaptive chosen-ciphertext attack, and (iii.) authenticated encryption. The restriction of each definition to the classical setting is at least as strong as the corresponding classical notion: (i) implies INT-CTXT, (ii) implies IND-CCA2, and (iii) implies AE. All of our new notions also imply QIND-CPA privacy. Combining one-time authentication and classical pseudorandomness, we construct schemes for each of these new quantum security notions, and provide several separation examples. Along the way, we also give a new definition of one-time quantum authentication which, unlike all previous approaches, authenticates ciphertexts rather than plaintexts.Comment: 22+2 pages, 1 figure. v3: error in the definition of QIND-CCA2 fixed, some proofs related to QIND-CCA2 clarifie

Qudit versions of the qubit "pi-over-eight" gate

When visualised as an operation on the Bloch sphere, the qubit "pi-over-eight" gate corresponds to one-eighth of a complete rotation about the vertical axis. This simple gate often plays an important role in quantum information theory, typically in situations for which Pauli and Clifford gates are insufficient. Most notably, when it supplements the set of Clifford gates then universal quantum computation can be achieved. The "pi-over-eight" gate is the simplest example of an operation from the third level of the Clifford hierarchy (i.e., it maps Pauli operations to Clifford operations under conjugation). Here we derive explicit expressions for all qudit (d-level, where d is prime) versions of this gate and analyze the resulting group structure that is generated by these diagonal gates. This group structure differs depending on whether the dimensionality of the qudit is two, three or greater than three. We then discuss the geometrical relationship of these gates (and associated states) with respect to Clifford gates and stabilizer states. We present evidence that these gates are maximally robust to depolarizing and phase damping noise, in complete analogy with the qubit case. Motivated by this and other similarities we conjecture that these gates could be useful for the task of qudit magic-state distillation and, by extension, fault-tolerant quantum computing. Very recent, independent work by Campbell, Anwar and Browne confirms the correctness of this intuition, and we build upon their work to characterize noise regimes for which noisy implementations of these gates can (or provably cannot) supplement Clifford gates to enable universal quantum computation.Comment: Version 2 changed to reflect improved distillation routines in arXiv:1205.3104v2. Minor typos fixed. 12 Pages,2 Figures,3 Table

Reachability in Higher-Order-Counters

Higher-order counter automata (\HOCS) can be either seen as a restriction of higher-order pushdown automata (\HOPS) to a unary stack alphabet, or as an extension of counter automata to higher levels. We distinguish two principal kinds of \HOCS: those that can test whether the topmost counter value is zero and those which cannot. We show that control-state reachability for level $k$ \HOCS with $0$-test is complete for \mbox{$(k-2)$}-fold exponential space; leaving out the $0$-test leads to completeness for \mbox{$(k-2)$}-fold exponential time. Restricting \HOCS (without $0$-test) to level $2$, we prove that global (forward or backward) reachability analysis is \PTIME-complete. This enhances the known result for pushdown systems which are subsumed by level $2$ \HOCS without $0$-test. We transfer our results to the formal language setting. Assuming that \PTIME \subsetneq \PSPACE \subsetneq \mathbf{EXPTIME}, we apply proof ideas of Engelfriet and conclude that the hierarchies of languages of \HOPS and of \HOCS form strictly interleaving hierarchies. Interestingly, Engelfriet's constructions also allow to conclude immediately that the hierarchy of collapsible pushdown languages is strict level-by-level due to the existing complexity results for reachability on collapsible pushdown graphs. This answers an open question independently asked by Parys and by Kobayashi.Comment: Version with Full Proofs of a paper that appears at MFCS 201