Secure Client- Server Delegated Computation: Difference between revisions

From Quantum Protocol Zoo
Jump to navigation Jump to search
No edit summary
 
(116 intermediate revisions by 5 users not shown)
Line 1: Line 1:


== Functionality Description==
== Functionality Description==
Delegated Computation is the task of assigning quantum computation to an untrusted device while maintaining privacy of the computation. Protocols under this functionality are commonly called ClientServer protocols. Delegated Quantum Computation (DQC) protocols involve partially/fully classical Client delegate a quantum computation task to a fully powerful quantum Server. All DQC protocols involve three main stages, Prepataion Stage, Computation Stage, Output Correction Stage. The roles of Client and Server in the different stages may differ according to the type of communication used. It can be performed via classical online/offline and quantum online/offline communication. It can be verifiable or non-verifiable. Hence, it is classified as follows.
===Classical Online-Quantum Offline===
It involves a partially quantum Client perform a one time quantum communication to send input to the Server, in the preparation Stage and then to receive outputs from the Server, during output correction. The Client and Server then exchange classical messages during the computation phase. Universal Blind Quantum Computation (UBQC) is a protocol falling under this category. In this protocol Client hides his input, output and computation from the Server using [[Supplementary Information#Measurement Based Quantum Computation|MBQC]] by sending hidden quantum states to the Server. UBQC protocols can be realised by a [[Prepare and Send-Universal Blind Quantum Computation|Prepare and Send UBQC]] protocol where client prepares and sends the input states to the Server or [[Measurement Only Universal Blind Quantum Computation|Measurement Only UBQC]] protocol where the client measures some known quantum state prepared by server in a rotated basis to generate input states. If the task performed by the Server can be verified by the Client, the protocol is Verifiable Universal Blind Quantum Computation (VUBQC). Same as UBQC, VUBQC can also be realised by [[Prepare and Send Verifiable Universal Blind Quantum Computation|Prepare and Send VUBQC]] or [[Measurement Only Verifiable Universal Blind Quantum Computation|Measurement Only VUBQC]] protocols.


===Classical Online-No Quantum===
Delegated Computation is the task of assigning computation on hidden data to a powerful untrusted party (a device) by a weak (in terms of computational powers) party while maintaining privacy of hidden data from the powerful party. Protocols under this functionality are commonly called Client-Server protocols. Delegated Quantum Computation (DQC) protocols involve partially or fully classical Client delegating a quantum computation to fully powerful single/multiple quantum Server/Servers. All DQC protocols involve three main stages, Preparation Stage, Computation Stage and Output Correction Stage. The roles of Client and Server in the different stages may differ according to the type of communication used see Protocols list.</br></br>
It involves a fully classical Client exchanging classical messages with the server throughout. Protocols falling under this category are [[Q-Factory|Q-Factory]]. A verification of Q-Factory protocol is still an open question.
'''Tags:''' [[:Category:Two Party Protocols|Two Party]],[[Category:Two Party Protocols]] [[:Category:Universal Task|Universal Tasks]], [[Category:Universal Task]] [[Secure Verifiable Client-Server Delegated Quantum Computation]], [[Secure Multi-Party Delegated Computation]], [[Secure Delegated Classical Computation]], [[:Category: Quantum Functionality|Quantum Functionality]][[Category:Quantum Functioanlity]]


===Classical Offline-Quantum Offline===  
==Use-case==
It involves a partially classical Client exchanging performing both classical and quantum communication with the Server during the preparation stage and output correction. There is no communication between the two parties during computation stage. Client hides her input states with the help of some classical encryption using [[Supplementary Information#Homomorphic Encryption|HE]] and Server performs computation on the encrypted state. Later Client decrypts the outcome sent by Server to get the correct result. Protocols falling under this category are Quantum Fully Homomorphic Encryption (QFHE) Just like UBQC, QFHE protocols can also be realised by a [[Prepare and Send Quantum Fully Homomorphic Encryption|Prepare and Send QFHE]] protocol where client prepares and sends the input states to the Server or Measurement Only QFHE protocol where the client measures some known quantum state prepared by server in a rotated basis to generate input states. If the task performed by the Server can be verified by the Client, the protocol is called, Verifiable Quantum Fully Homomorphic Encryption [[Verifiable Quantum Fully Homomorphic Encryption (VQFHE). Same as QFHE, VQFHE can be realised by [[Prepare and Send Verifiable Quantum Fully Homomorphic Encryption|Prepare and Send VQFHE]] and Measurement Only VQFHE. For both QFHE and VQFHE, Measurement Only protocols are an open case.
* Quantum Task
* No classical analog for Blind Quantum Computing where input, output and computation can be hidden. Classical analogue for Homomorphic encryption techniques exist, hiding only the input and the output of the client and not the computation.
* [[Quantum machine learning]]


===Classical Offline-No Quantum===  
== Protocols ==
It involves a fully classical Client exchanging classical messages with the server only during the preparation and output correction phase. There is no communication during computation phase. It uses a classical protocol to realize a quantum functionality. Protocols falling under this category are Classical Fully Homomorphic Encryption [[Classical Fully Homomorphic Encryption for Quantum Circuits|(FHE) for Quantum Circuits]]. A verification of FHE for Quantum Circuits protocol is still an open question
[[Category:Two Party Protocols]]
'''Tags:''' [[Two Party Protocols|Two Party]], [[Universal Task|Universal Task]], [[Quantum Functionality|Quantum Functionality]], [[Secure Delegated Quantum Computation|Secure Delegated Quantum Computation]], [[Multiparty Delegated Quantum Computation|Multiparty Delegated Quantum Computation]], [[Quantum Enhanced Classical Delegated Computation|Quantum Enhanced Classical Delegated Computing]]
*The protocols enlisted here mainly differ in terms of the type of communication channels required. An online link means it is used throughout the protocol. An offline link means it is used only at the starting or ending of the protocol (one-time use channels) and there is no continuous exchange of information. A quantum communication link is used to transfer quantum states/information and classical links are used for exchange of classical information. These terms will be related with each protocol enlisted below.


== Property/Security Definitions ==
# '''[[Prepare and Send-Universal Blind Quantum Computation]]''':[[:Category:Quantum Memory Network Stage|Quantum Memory Network Stage]][[Category:Quantum Memory Network Stage]]. Requires classical online communication-quantum offline communication. Hides input, output and computation of the client
Following are the definitions of various properties and security realized by the different DQC protocols mentioned above.
# '''[[Measurement Only-Universal Blind Quantum Computation]]''':[[:Category:Quantum Memory Network Stage|Quantum Memory Network Stage]][[Category:Quantum Memory Network Stage]]. Requires classical online communication-quantum online communication. Hides input, output and computation of the client.  
===Adversarial Assumption===
# '''[[Pseudo-Secret Random Qubit Generator (PSQRG)]]''':[[:Category:Quantum Memory Network Stage|Quantum Memory Network Stage]][[Category:Quantum Memory Network Stage]]. Requires classical offline communication- quantum offline  communication.
* ''Secure against Honest But Curious adversary protocols are non-verifiable protocols.'' In this setting, protocols assumes a dishonest server only tries to learn Client’s hidden variables (input, output or computation) and not mutate it.
# '''[[Prepare and Send Quantum Fully Homomorphic Encryption]]''':[[:Category:Quantum Memory Network Stage|Quantum Memory Network Stage]][[Category:Quantum Memory Network Stage]]. Requires classical online communication-no quantum communication. Hides input and output of the client.  
* ''Secure against Malicious adversary protocol are verifiable protocols.'' In this setting, a dishonest server apart from trying to learn the Client’s hidden variable may also try to change it.
# '''[[Classical Fully Homomorphic Encryption for Quantum Circuits]]''':[[:Category:Quantum Memory Network Stage|Quantum Memory Network Stage]][[Category:Quantum Memory Network Stage]]. Requires classical offline communication-no quantum communication. Hides input and output of the client.  
===Properties===
* ''Blindness'' asserts the Client’s input/output/server are blind (unknown) to the Server.
* ''Universality'' asserts the protocol can compute universal set of quantum gates.
* ''Correctness'' asserts that if the protocol is followed it results the same output as when circuit is operated on the input states directly.
* ''Compactness'' asserts the decryption of the encrypted messages does not depend on the size of the computation circuit.
* ''Circuit Privacy'' asserts circuit is private from the party who did not create it.
* ''Indistinguishability under Chosen Plaintext Attacks by adversary with quantum computational powers(q-IND-CPA)'' means that an adversary cannot distinguish between encrypted text from a message and encrypted text from an arbitrary state.
* ''Full Homomorphism'' A fully homomorphic scheme is capable of performing any quantum computation on encrypted text and give the correct outcome after decryption. If a scheme cannot perform all quantum gates, it is called Quantum Homomorphic Encryption (QHE) instead of QFHE.
* ''Quantum Capable'' A classical HE scheme is quantum capable if it can be used to evaluate quantum circuits


== Use Case ==
*All the above protocols require the server to be a quantum memory network stage node. However, with respect to the client, (1) requires the client to only prepare and send quantum states while (2) requires client to just receive and measure quantum states. Thus, client belongs to a simple prepare and measure network stage node. This information is useful in case there are only a few nodes with advanced technologies like quantum memory.
Quantum Cloud Computing
*Protcols for verifiable version of protocols (1), (2), (4) can be found on the page [[Secure Verifiable Client-Server Delegated Quantum Computation|Verifiable Delegated Quantum Computation]]. Verifiable versions of protocols (3) and (5) are open questions.
 
[[Category:Universal Task]]
 
==Properties==
*'''Universality''' A protocol for delegated quantum computation is universal if it client can use the server to compute any quantum circuit.
*'''Correctness''' A protocol is correct if the output of client's input after Server's processing is correct, given that both parties follow the protocol honestly.
*'''Blindness''' The protocol is blind to the server (who, in this case is the adversary/dishonest party) means that client's computation is hidden from the server during the entire protocol.
*'''Compactness''' Decryption of datat the end of the protocol should be independent of the size of the quantum circuit used for computation
*'''Full Homomorphism''' A homomorphic encryption which can perform any quantum computation
 
==Knowledge Graph==
{{graph}}
 
==Further Information==
Secure Delegated Computation was an open problem in classical computation until Gentry's work in 1994 on Homomorphic Encryption using Lattice Based Cryptography [[Secure Client- Server Delegated Computation#References|(1)]]. An analogue was required in case of delegating quantum data. Childs proposed the first work in the field in 2005 [[Secure Client- Server Delegated Computation#References|(2)]]. Unlike the classical scheme, this protocol could not only hide the input and output of the client from the sever but also client's computation. This was a breakthrough as there exists no such scheme in classical cryptography which could provide this additional functionality, called 'blindness'. Arrighi and Salvail  later showed [[Secure Client- Server Delegated Computation#References|(3)]] that hiding of computation was possible only for a few functions. They also coined the notion of [[Secure Verifiable Client-Server Delegated Quantum Computation|verifiability]]. In 2009, Broadbent, Fitzsimons and Kashefi developed prepare and send universal blind quantum computation, which was the first scheme to solve this problem for any quantum circuit. This property, also known as universality, opened the gates for further research in this field. New protocols came into picture, some using the measurement based quantum computation framework like blind quantum computation and some devising homomorphic encryption for quantum data. Out of which, prepare-and-send universal blind quantum computation has been proven to be universally composable i.e. it is secure in any and every scenerio possible. The only other protocol which is proven to be universally composable is [[Quantum Key Distribution]]. All the above protocols required quantum communication until the latest work by Urmila Mahadev in 2018, classical fully homomorphic encryption for quantum circuits. It requires no quantum operation on the client's side. pseudo-secret random qubit generator is a functionality different from delegation of quantum computation. It comes with multiple uses, one of which being universal blind quantum computation. This protocol also requires no quantum computation on client's side in order to instruct server to prepare her secret random qubits, of which she has complete knowledge but not the server.<br/>
'''Review Papers:'''
* [https://www.nature.com/articles/s41534-017-0025-3 Fitzsimons (2017)] gives an overview of delegated quantum computation
* [https://arxiv.org/abs/1301.3662 Dunjko et al (2013)] gives the abstract cryptography framework for delegated computing and uses it prove universal composability of UBQC.
 
==References==
#[https://crypto.stanford.edu/craig/craig-thesis.pdf Gentry (1994)]
#[https://arxiv.org/abs/quant-ph/0111046 Childs (2005)]
#[https://arxiv.org/abs/quant-ph/0309152 Arrighi and Salavil (2006)]
<div style='text-align: right;'>''*contributed by Shraddha Singh''</div>

Latest revision as of 14:27, 29 August 2024

Functionality Description

Delegated Computation is the task of assigning computation on hidden data to a powerful untrusted party (a device) by a weak (in terms of computational powers) party while maintaining privacy of hidden data from the powerful party. Protocols under this functionality are commonly called Client-Server protocols. Delegated Quantum Computation (DQC) protocols involve partially or fully classical Client delegating a quantum computation to fully powerful single/multiple quantum Server/Servers. All DQC protocols involve three main stages, Preparation Stage, Computation Stage and Output Correction Stage. The roles of Client and Server in the different stages may differ according to the type of communication used see Protocols list.

Tags: Two Party, Universal Tasks, Secure Verifiable Client-Server Delegated Quantum Computation, Secure Multi-Party Delegated Computation, Secure Delegated Classical Computation, Quantum Functionality

Use-case

  • Quantum Task
  • No classical analog for Blind Quantum Computing where input, output and computation can be hidden. Classical analogue for Homomorphic encryption techniques exist, hiding only the input and the output of the client and not the computation.
  • Quantum machine learning

Protocols

  • The protocols enlisted here mainly differ in terms of the type of communication channels required. An online link means it is used throughout the protocol. An offline link means it is used only at the starting or ending of the protocol (one-time use channels) and there is no continuous exchange of information. A quantum communication link is used to transfer quantum states/information and classical links are used for exchange of classical information. These terms will be related with each protocol enlisted below.
  1. Prepare and Send-Universal Blind Quantum Computation:Quantum Memory Network Stage. Requires classical online communication-quantum offline communication. Hides input, output and computation of the client
  2. Measurement Only-Universal Blind Quantum Computation:Quantum Memory Network Stage. Requires classical online communication-quantum online communication. Hides input, output and computation of the client.
  3. Pseudo-Secret Random Qubit Generator (PSQRG):Quantum Memory Network Stage. Requires classical offline communication- quantum offline communication.
  4. Prepare and Send Quantum Fully Homomorphic Encryption:Quantum Memory Network Stage. Requires classical online communication-no quantum communication. Hides input and output of the client.
  5. Classical Fully Homomorphic Encryption for Quantum Circuits:Quantum Memory Network Stage. Requires classical offline communication-no quantum communication. Hides input and output of the client.
  • All the above protocols require the server to be a quantum memory network stage node. However, with respect to the client, (1) requires the client to only prepare and send quantum states while (2) requires client to just receive and measure quantum states. Thus, client belongs to a simple prepare and measure network stage node. This information is useful in case there are only a few nodes with advanced technologies like quantum memory.
  • Protcols for verifiable version of protocols (1), (2), (4) can be found on the page Verifiable Delegated Quantum Computation. Verifiable versions of protocols (3) and (5) are open questions.

Properties

  • Universality A protocol for delegated quantum computation is universal if it client can use the server to compute any quantum circuit.
  • Correctness A protocol is correct if the output of client's input after Server's processing is correct, given that both parties follow the protocol honestly.
  • Blindness The protocol is blind to the server (who, in this case is the adversary/dishonest party) means that client's computation is hidden from the server during the entire protocol.
  • Compactness Decryption of datat the end of the protocol should be independent of the size of the quantum circuit used for computation
  • Full Homomorphism A homomorphic encryption which can perform any quantum computation

Knowledge Graph

Further Information

Secure Delegated Computation was an open problem in classical computation until Gentry's work in 1994 on Homomorphic Encryption using Lattice Based Cryptography (1). An analogue was required in case of delegating quantum data. Childs proposed the first work in the field in 2005 (2). Unlike the classical scheme, this protocol could not only hide the input and output of the client from the sever but also client's computation. This was a breakthrough as there exists no such scheme in classical cryptography which could provide this additional functionality, called 'blindness'. Arrighi and Salvail later showed (3) that hiding of computation was possible only for a few functions. They also coined the notion of verifiability. In 2009, Broadbent, Fitzsimons and Kashefi developed prepare and send universal blind quantum computation, which was the first scheme to solve this problem for any quantum circuit. This property, also known as universality, opened the gates for further research in this field. New protocols came into picture, some using the measurement based quantum computation framework like blind quantum computation and some devising homomorphic encryption for quantum data. Out of which, prepare-and-send universal blind quantum computation has been proven to be universally composable i.e. it is secure in any and every scenerio possible. The only other protocol which is proven to be universally composable is Quantum Key Distribution. All the above protocols required quantum communication until the latest work by Urmila Mahadev in 2018, classical fully homomorphic encryption for quantum circuits. It requires no quantum operation on the client's side. pseudo-secret random qubit generator is a functionality different from delegation of quantum computation. It comes with multiple uses, one of which being universal blind quantum computation. This protocol also requires no quantum computation on client's side in order to instruct server to prepare her secret random qubits, of which she has complete knowledge but not the server.
Review Papers:

  • Fitzsimons (2017) gives an overview of delegated quantum computation
  • Dunjko et al (2013) gives the abstract cryptography framework for delegated computing and uses it prove universal composability of UBQC.

References

  1. Gentry (1994)
  2. Childs (2005)
  3. Arrighi and Salavil (2006)
*contributed by Shraddha Singh