Verification of quantum computations without trusted preparations or measurements

With the advent of delegated quantum computing as a service, verifying quantum computations is becoming a question of great importance. Existing information theoretically Secure Delegated Quantum Computing (SDQC) protocols require the client to possess the ability to perform either trusted state preparations or measurements. Whether it is possible to verify universal quantum computations with information-theoretic security without trusted preparations or measurements was an open question so far. In this paper, we settle this question in the affirmative by presenting a modular, composable, and efficient way to turn known verification schemes into protocols that rely only on trusted gates. Our first contribution is an extremely lightweight reduction of the problem of quantum verification for BQP to the trusted application of single-qubit rotations around the Z axis and bit flips. The second construction presented in this work shows that it is generally possible to information-theoretically verify arbitrary quantum computations with quantum output without trusted preparations or measurements. However, this second protocol requires the verifier to perform multi-qubit gates on a register whose size is independent of the size of the delegated computation

Securing Quantum Computations in the NISQ Era

Recent experimental achievements motivate an ever-growing interest from companies starting to feel the limitations of classical computing. Yet, in light of ongoing privacy scandals, the future availability of quantum computing through remotely accessible servers pose peculiar challenges: Clients with quantum-limited capabilities want their data and algorithms to remain hidden, while being able to verify that their computations are performed correctly. Research in blind and verifiable delegation of quantum computing attempts to address this question. However, available techniques suffer not only from high overheads but also from over-sensitivity: When running on noisy devices, imperfections trigger the same detection mechanisms as malicious attacks, resulting in perpetually aborted computations. Hence, while malicious quantum computers are rendered harmless by blind and verifiable protocols, inherent noise severely limits their usability. We address this problem with an efficient, robust, blind, verifiable scheme to delegate deterministic quantum computations with classical inputs and outputs. We show that: 1) a malicious Server can cheat at most with an exponentially small success probability; 2) in case of sufficiently small noise, the protocol succeeds with a probability exponentially close to 1; 3) the overhead is barely a polynomial number of repetitions of the initial computation interleaved with test runs requiring the same physical resources in terms of memory and gates; 4) the amount of tolerable noise, measured by the probability of failing a test run, can be as high as 25% for some computations and will be generally bounded by 12.5% when using a planar graph resource state. The key points are that security can be provided without universal computation graphs and that, in our setting, full fault-tolerance is not needed to amplify the confidence level exponentially close to 1.Comment: 18 pages, 3 figures. Results from this article have been extended to allow verification of BQP computations in arXiv:2109.0404

Asymmetric quantum secure multi-party computation with weak clients against dishonest majority

Secure multi-party computation (SMPC) protocols allow several parties that distrust each other to collectively compute a function on their inputs. In this paper, we introduce a protocol that lifts classical SMPC to quantum SMPC in a composably and statistically secure way, even for a single honest party. Unlike previous quantum SMPC protocols, our proposal only requires very limited quantum resources from all but one party; it suffices that the weak parties, i.e. the clients, are able to prepare single-qubit states in the X-Y plane. The novel quantum SMPC protocol is constructed in a naturally modular way, and relies on a new technique for quantum verification that is of independent interest. This verification technique requires the remote preparation of states only in a single plane of the Bloch sphere. In the course of proving the security of the new verification protocol, we also uncover a fundamental invariance that is inherent to measurement-based quantum computing

Unifying Quantum Verification and Error-Detection: Theory and Tools for Optimisations

With the recent availability of cloud quantum computing services, the question of verifying quantum computations delegated by a client to a quantum server is becoming of practical interest. While Verifiable Blind Quantum Computing (VBQC) has emerged as one of the key approaches to address this challenge, current protocols still need to be optimised before they are truly practical. To this end, we establish a fundamental correspondence between error-detection and verification and provide sufficient conditions to both achieve security in the Abstract Cryptography framework and optimise resource overheads of all known VBQC-based protocols. As a direct application, we demonstrate how to systematise the search for new efficient and robust verification protocols for $\mathsf{BQP}$ computations. While we have chosen Measurement-Based Quantum Computing (MBQC) as the working model for the presentation of our results, one could expand the domain of applicability of our framework via direct known translation between the circuit model and MBQC.Comment: 45 pages, 9 figure

Asymmetric Quantum Secure Multi-Party Computation With Weak Clients Against Dishonest Majority

Secure multi-party computation (SMPC) protocols allow several parties that distrust each other to collectively compute a function on their inputs. In this paper, we introduce a protocol that lifts classical SMPC to quantum SMPC in a composably and statistically secure way, even for a single honest party. Unlike previous quantum SMPC protocols, our proposal only requires very limited quantum resources from all but one party; it suffices that the weak parties, i.e. the clients, are able to prepare single-qubit states in the X-Y plane. The novel quantum SMPC protocol is constructed in a naturally modular way, and relies on a new technique for quantum verification that is of independent interest. This verification technique requires the remote preparation of states only in a single plane of the Bloch sphere. In the course of proving the security of the new verification protocol, we also uncover a fundamental invariance that is inherent to measurement-based quantum computing

Perceval: A Software Platform for Discrete Variable Photonic Quantum Computing

We introduce Perceval, an evolutive open-source software platform for simulating and interfacing with discrete variable photonic quantum computers, and describe its main features and components. Its Python front-end allows photonic circuits to be composed from basic photonic building blocks like photon sources, beam splitters, phase shifters and detectors. A variety of computational back-ends are available and optimised for different use-cases. These use state-of-the-art simulation techniques covering both weak simulation, or sampling, and strong simulation. We give examples of Perceval in action by reproducing a variety of photonic experiments and simulating photonic implementations of a range of quantum algorithms, from Grover's and Shor's to examples of quantum machine learning. Perceval is intended to be a useful toolkit both for experimentalists wishing to easily model, design, simulate, or optimise a discrete variable photonic experiment, and for theoreticians wishing to design algorithms and applications for discrete-variable photonic quantum computing platforms

Cryptographie quantique multi-partite : du folklore au monde réel

Quantum cryptography builds upon decades of advances both in classical cryptography and networks. However, contrary to its classical counterparts, it is still in its infancy applicability-wise, even in the scenario where powerful quantum computers are readily available, and more theoretical work is required before it can provide concrete benefits. The first goal is to formalise in rigorous quantum security frameworks the properties of various techniques that have been transposed, often without proper justification, from the classical world.Then, the recent developments in quantum technologies suggest a mostly cloud-based future availability of quantum devices. Therefore, quantum computation and communication cost of protocol participants must be lowered before being useful.Finally, in most situations, additional steps need to be taken to tailor protocols to the specifications of devices. This allows for optimisations both in terms of quantum memory and operation requirements.This thesis contributes to these three aspects by: (i) giving the first general security definition of the Quantum Cut-and-Choose, a technique for proving the correctness of a quantum message; (ii) presenting a more realistic framework of security against superposition attacks, where classical protocols run on inherently quantum devices; (iii) constructing an efficient delegated multi-party quantum computation protocol, allowing clients to delegate securely to a quantum server a private computation; (iv) building a method for verifying the honesty of a quantum server performing computations on behalf of a client with no operation or memory overhead compared to the unprotected computation.La cryptographie quantique a bénéficié des nombreuses avancées de la cryptographie et théorie des réseaux classiques. Cependant, elle n’en est qu’à ses balbutiement en ce qui concerne son application en condition réelles et approfondir la théorie sous-jacente est un prérequis crucial à l’exploitation de l’intégralité de ses possibilités. Pour cela, il faut tout d’abord formaliser rigoureusement les propriétés de sécurité quantiques des techniques importées de la cryptographie classique, pour l’instant souvent utilisées sans justification. Ensuite, les progrès récents des technologies quantiques tendent à pointer vers un modèle d’accès type client-serveur avec un client faiblement quantique. Dans ce contexte, les protocoles quantiques se doivent d’être les plus frugaux possibles en termes de ressources (mémoire et opération). Enfin, implémenter des protocoles sur des architectures concrètes nécessite de les adapter finement aux machines utilisées afin d’améliorer encore leur optimisation. Cette thèse contribue à ces trois aspects en : (i) proposant une définition du Quantum Cut-and-Choose, technique qui permet de garantir la préparation honnête d’un message quantique ; (ii) présentant un cadre de sécurité plus réaliste contre les attaques par superposition, qui garantit la sécurité de protocoles classiques exécutés sur une machine quantique ; (iii) construisant un protocole efficace de délégation de calcul multipartite quantique, qui permet à des clients de déléguer un calcul privé à un serveur ; (iv) démontrant qu’il est possible de vérifier l’exactitude de calculs quantiques délégués sans aucun impact en terme ressources côté client ou serveur

Cryptographie quantique multi-partite : du folklore au monde réel

La cryptographie quantique a bénéficié des nombreuses avancées de la cryptographie et théorie des réseaux classiques. Cependant, elle n’en est qu’à ses balbutiement en ce qui concerne son application en condition réelles et approfondir la théorie sous-jacente est un prérequis crucial à l’exploitation de l’intégralité de ses possibilités. Pour cela, il faut tout d’abord formaliser rigoureusement les propriétés de sécurité quantiques des techniques importées de la cryptographie classique, pour l’instant souvent utilisées sans justification. Ensuite, les progrès récents des technologies quantiques tendent à pointer vers un modèle d’accès type client-serveur avec un client faiblement quantique. Dans ce contexte, les protocoles quantiques se doivent d’être les plus frugaux possibles en termes de ressources (mémoire et opération). Enfin, implémenter des protocoles sur des architectures concrètes nécessite de les adapter finement aux machines utilisées afin d’améliorer encore leur optimisation. Cette thèse contribue à ces trois aspects en : (i) proposant une définition du Quantum Cut-and-Choose, technique qui permet de garantir la préparation honnête d’un message quantique ; (ii) présentant un cadre de sécurité plus réaliste contre les attaques par superposition, qui garantit la sécurité de protocoles classiques exécutés sur une machine quantique ; (iii) construisant un protocole efficace de délégation de calcul multipartite quantique, qui permet à des clients de déléguer un calcul privé à un serveur ; (iv) démontrant qu’il est possible de vérifier l’exactitude de calculs quantiques délégués sans aucun impact en terme ressources côté client ou serveur.Quantum cryptography builds upon decades of advances both in classical cryptography and networks. However, contrary to its classical counterparts, it is still in its infancy applicability-wise, even in the scenario where powerful quantum computers are readily available, and more theoretical work is required before it can provide concrete benefits. The first goal is to formalise in rigorous quantum security frameworks the properties of various techniques that have been transposed, often without proper justification, from the classical world.Then, the recent developments in quantum technologies suggest a mostly cloud-based future availability of quantum devices. Therefore, quantum computation and communication cost of protocol participants must be lowered before being useful.Finally, in most situations, additional steps need to be taken to tailor protocols to the specifications of devices. This allows for optimisations both in terms of quantum memory and operation requirements.This thesis contributes to these three aspects by: (i) giving the first general security definition of the Quantum Cut-and-Choose, a technique for proving the correctness of a quantum message; (ii) presenting a more realistic framework of security against superposition attacks, where classical protocols run on inherently quantum devices; (iii) constructing an efficient delegated multi-party quantum computation protocol, allowing clients to delegate securely to a quantum server a private computation; (iv) building a method for verifying the honesty of a quantum server performing computations on behalf of a client with no operation or memory overhead compared to the unprotected computation

Dispelling myths on superposition attacks: formal security model and attack analyses

International audienc