Secure Client- Server Delegated Computation: Difference between revisions

From Quantum Protocol Zoo
Jump to navigation Jump to search
No edit summary
 
(62 intermediate revisions by 5 users not shown)
Line 1: Line 1:


== Functionality Description==
== Functionality Description==
Delegated Computation is the task of assigning computation on hidden data to a powerful untrusted party (a device) by a weak (in terms of computational powers) party while maintaining privacy of hidden data from the powerful party. Protocols under this functionality are commonly called Client (weak party)-Server (powerful party) protocols. Delegated Quantum Computation (DQC) protocols involve partially/fully classical Client delegating a quantum computation to fully powerful single/multiple quantum Server/Servers. All DQC protocols involve three main stages, Preparation Stage, Computation Stage and Output Correction Stage. The roles of Client and Server in the different stages may differ according to the type of communication used. It can be performed via classical and quantum communication. If it is carried out only during Preparation and Correction stage, it is called offline communication else if the communication is carried out during the computation stage, it is online communication. If the outcome can be verified by the Client it is a verifiable delegated quantum computation protocol. Hence, based on the above requirements, DQC protocols can be classified as follows.
===Classical Online Communication-Quantum Offline Communication===
It involves a partially quantum Client who can prepare and send quantum states use quantum offline communication to send input to the Server, in the preparation Stage and to receive outputs from the Server, during output correction. Client and Server then use classical online communication to exchange classical messages during computation phase. Universal Blind Quantum Computation (UBQC) falls under this category, where Client hides his input, output and computation from the Server using [[Supplementary Information#Measurement Based Quantum Computation|'''MBQC''']].  If the task performed by Server can be verified by the Client, it is Verifiable Universal Blind Quantum Computation (VUBQC). Classes of protocols under this category are:
*[[Prepare and Send-Universal Blind Quantum Computation|'''Prepare and Send UBQC''']]
*[[Prepare and Send Verifiable Universal Blind Quantum Computation|'''Prepare and Send VUBQC''']].


===Classical Online Communication-Quantum Online Communication===
Delegated Computation is the task of assigning computation on hidden data to a powerful untrusted party (a device) by a weak (in terms of computational powers) party while maintaining privacy of hidden data from the powerful party. Protocols under this functionality are commonly called Client-Server protocols. Delegated Quantum Computation (DQC) protocols involve partially or fully classical Client delegating a quantum computation to fully powerful single/multiple quantum Server/Servers. All DQC protocols involve three main stages, Preparation Stage, Computation Stage and Output Correction Stage. The roles of Client and Server in the different stages may differ according to the type of communication used see Protocols list.</br></br>
It involves a partially quantum Client who can measure quantum states use quantum and classical communication throughout the protocol. Client performs the hidden [[Supplementary Information|MBQC]] on states prepared by Server using her measurement device in the computation Stage. She then corrects her classical outcomes in Correction Stage. Classes of protocols under this category are:
'''Tags:''' [[:Category:Two Party Protocols|Two Party]],[[Category:Two Party Protocols]] [[:Category:Universal Task|Universal Tasks]], [[Category:Universal Task]] [[Secure Verifiable Client-Server Delegated Quantum Computation]], [[Secure Multi-Party Delegated Computation]], [[Secure Delegated Classical Computation]], [[:Category: Quantum Functionality|Quantum Functionality]][[Category:Quantum Functioanlity]]
*[[Measurement Only-Universal Blind Quantum Computation|'''Measurement Only UBQC''']]  
*[[Measurement Only Verifiable Universal Blind Quantum Computation|'''Measurement Only VUBQC''']]


===Classical Online Communication-No Quantum Communication===
==Use-case==
It involves a fully classical Client exchanging classical messages with the server throughout. This can be done using protocols for generating secret random qubits, also called Secret Random Qubit Generator (SQRG). One could append SQRG with UBQC to eliminate quantum communication. A protocol falling under this category is [['''Pseudo-Secret Random Qubit Generator|Pseudo-Secret Random Qubit Generator (PSRQG)''']]. A verification protocol using PSQRG is still an open question.
* Quantum Task
* No classical analog for Blind Quantum Computing where input, output and computation can be hidden. Classical analogue for Homomorphic encryption techniques exist, hiding only the input and the output of the client and not the computation.
* [[Quantum machine learning]]


===Classical Offline Communication-Quantum Offline Communication===  
== Protocols ==
It involves a partially classical Client performing both classical and quantum communication with the Server during the preparation stage and output correction. There is no communication between the two parties during computation stage. Protocols falling under this category are Quantum Fully Homomorphic Encryption (QFHE). Client hides her input states with the help of some classical encryption using classical [[Supplementary Information#Homomorphic Encryption|'''Homomorphic Encryption''']] and prepares quantum gadgets (using [[Supplementary Information#entanglement|entanglement]]) which the Server uses perform computation on the encrypted state. This requires some steps which cannot be realised by classical HE scheme. Later Client decrypts the outcome sent by Server to get the correct result.  Just like UBQC, QFHE protocols can also be realised by a [[Prepare and Send Quantum Fully Homomorphic Encryption|'''Prepare and Send QFHE''']] protocol where client prepares and sends the input states to the Server. If the task performed by the Server can be verified by the Client, the protocol is called, Verifiable Quantum Fully Homomorphic Encryption (VQFHE). Same as QFHE, VQFHE can be realised by [[Prepare and Send Verifiable Quantum Fully Homomorphic Encryption|'''Prepare and Send VQFHE''']]. For both QFHE and VQFHE, Measurement Only protocols are an open case. Version for quantum input/output is also available in the descriptions.
[[Category:Two Party Protocols]]
*The protocols enlisted here mainly differ in terms of the type of communication channels required. An online link means it is used throughout the protocol. An offline link means it is used only at the starting or ending of the protocol (one-time use channels) and there is no continuous exchange of information. A quantum communication link is used to transfer quantum states/information and classical links are used for exchange of classical information. These terms will be related with each protocol enlisted below.


===Classical Offline Communication-No Quantum Communication===
# '''[[Prepare and Send-Universal Blind Quantum Computation]]''':[[:Category:Quantum Memory Network Stage|Quantum Memory Network Stage]][[Category:Quantum Memory Network Stage]]. Requires classical online communication-quantum offline communication. Hides input, output and computation of the client
It involves a fully classical Client assign quantum computation to a Server on her classical input/output using only classical communication during the preparation stage and output correction. There is no communication between the two parties during computation stage. It uses only classical [[Supplementary Information#Homomorphic Encryption|Homomorphic Encryption]] and no quantum gadgets to realize a quantum functionality. Quantum offline communication would be needed in case of quantum input/output. Protocols falling under this category are quantum capable Classical Fully Homomorphic Encryption [[Classical Fully Homomorphic Encryption for Quantum Circuits|'''(FHE) for Quantum Circuits''']]. A verification of FHE for Quantum Circuits protocol is still an open question.
# '''[[Measurement Only-Universal Blind Quantum Computation]]''':[[:Category:Quantum Memory Network Stage|Quantum Memory Network Stage]][[Category:Quantum Memory Network Stage]]. Requires classical online communication-quantum online communication. Hides input, output and computation of the client.
# '''[[Pseudo-Secret Random Qubit Generator (PSQRG)]]''':[[:Category:Quantum Memory Network Stage|Quantum Memory Network Stage]][[Category:Quantum Memory Network Stage]]. Requires classical offline communication- quantum offline  communication.
# '''[[Prepare and Send Quantum Fully Homomorphic Encryption]]''':[[:Category:Quantum Memory Network Stage|Quantum Memory Network Stage]][[Category:Quantum Memory Network Stage]]. Requires classical online communication-no quantum communication. Hides input and output of the client.  
# '''[[Classical Fully Homomorphic Encryption for Quantum Circuits]]''':[[:Category:Quantum Memory Network Stage|Quantum Memory Network Stage]][[Category:Quantum Memory Network Stage]]. Requires classical offline communication-no quantum communication. Hides input and output of the client.  


== Use Case ==
*All the above protocols require the server to be a quantum memory network stage node. However, with respect to the client, (1) requires the client to only prepare and send quantum states while (2) requires client to just receive and measure quantum states. Thus, client belongs to a simple prepare and measure network stage node. This information is useful in case there are only a few nodes with advanced technologies like quantum memory.
Quantum Cloud Computing
*Protcols for verifiable version of protocols (1), (2), (4) can be found on the page [[Secure Verifiable Client-Server Delegated Quantum Computation|Verifiable Delegated Quantum Computation]]. Verifiable versions of protocols (3) and (5) are open questions.


'''Tags:''' [[Two Party Protocols|Two Party]], [[Universal Task|Universal Task]], [[Quantum Functionality|Quantum Functionality]], [[Multiparty Delegated Quantum Computation|Multiparty Delegated Quantum Computation]], [[Quantum Enhanced Classical Delegated Computation|Quantum Enhanced Classical Delegated Computing]]
[[Category:Universal Task]]


== Properties ==
==Properties==
* ''Blindness'' asserts the Client’s input/output/computation are blind (unknown) to the Server.
*'''Universality''' A protocol for delegated quantum computation is universal if it client can use the server to compute any quantum circuit.
* ''Universality'' asserts the protocol can compute universal set of quantum gates.
*'''Correctness''' A protocol is correct if the output of client's input after Server's processing is correct, given that both parties follow the protocol honestly.
* ''Correctness'' asserts that if the protocol is followed it results the same output as when circuit is operated on the input states directly.
*'''Blindness''' The protocol is blind to the server (who, in this case is the adversary/dishonest party) means that client's computation is hidden from the server during the entire protocol.
* ''Compactness'' asserts the decryption of the encrypted messages does not depend on the size of the computation circuit.
*'''Compactness''' Decryption of datat the end of the protocol should be independent of the size of the quantum circuit used for computation
* ''Circuit Privacy'' asserts circuit is private from the party who did not create it.
*'''Full Homomorphism''' A homomorphic encryption which can perform any quantum computation
* ''Indistinguishability under Chosen Plaintext Attacks by adversary with quantum computational powers(q-IND-CPA)'' means that an adversary cannot distinguish between encrypted text from a message and encrypted text from an arbitrary state.
 
* ''Full Homomorphism'' A fully homomorphic scheme is capable of performing any quantum computation on encrypted text and give the correct outcome after decryption. If a scheme cannot perform all quantum gates, it is called Quantum Homomorphic Encryption (QHE) instead of QFHE.
==Knowledge Graph==
* ''Quantum Capable'' A classical HE scheme is quantum capable if it can be used to evaluate quantum circuits
{{graph}}
* ''Circular Security'' An encryption scheme that encrypts (hides) its own keys
 
==Further Information==
Secure Delegated Computation was an open problem in classical computation until Gentry's work in 1994 on Homomorphic Encryption using Lattice Based Cryptography [[Secure Client- Server Delegated Computation#References|(1)]]. An analogue was required in case of delegating quantum data. Childs proposed the first work in the field in 2005 [[Secure Client- Server Delegated Computation#References|(2)]]. Unlike the classical scheme, this protocol could not only hide the input and output of the client from the sever but also client's computation. This was a breakthrough as there exists no such scheme in classical cryptography which could provide this additional functionality, called 'blindness'. Arrighi and Salvail  later showed [[Secure Client- Server Delegated Computation#References|(3)]] that hiding of computation was possible only for a few functions. They also coined the notion of [[Secure Verifiable Client-Server Delegated Quantum Computation|verifiability]]. In 2009, Broadbent, Fitzsimons and Kashefi developed prepare and send universal blind quantum computation, which was the first scheme to solve this problem for any quantum circuit. This property, also known as universality, opened the gates for further research in this field. New protocols came into picture, some using the measurement based quantum computation framework like blind quantum computation and some devising homomorphic encryption for quantum data. Out of which, prepare-and-send universal blind quantum computation has been proven to be universally composable i.e. it is secure in any and every scenerio possible. The only other protocol which is proven to be universally composable is [[Quantum Key Distribution]]. All the above protocols required quantum communication until the latest work by Urmila Mahadev in 2018, classical fully homomorphic encryption for quantum circuits. It requires no quantum operation on the client's side. pseudo-secret random qubit generator is a functionality different from delegation of quantum computation. It comes with multiple uses, one of which being universal blind quantum computation. This protocol also requires no quantum computation on client's side in order to instruct server to prepare her secret random qubits, of which she has complete knowledge but not the server.<br/>
'''Review Papers:'''
* [https://www.nature.com/articles/s41534-017-0025-3 Fitzsimons (2017)] gives an overview of delegated quantum computation
* [https://arxiv.org/abs/1301.3662 Dunjko et al (2013)] gives the abstract cryptography framework for delegated computing and uses it prove universal composability of UBQC.
 
==References==
#[https://crypto.stanford.edu/craig/craig-thesis.pdf Gentry (1994)]
#[https://arxiv.org/abs/quant-ph/0111046 Childs (2005)]
#[https://arxiv.org/abs/quant-ph/0309152 Arrighi and Salavil (2006)]
<div style='text-align: right;'>''*contributed by Shraddha Singh''</div>

Latest revision as of 14:27, 29 August 2024

Functionality Description

Delegated Computation is the task of assigning computation on hidden data to a powerful untrusted party (a device) by a weak (in terms of computational powers) party while maintaining privacy of hidden data from the powerful party. Protocols under this functionality are commonly called Client-Server protocols. Delegated Quantum Computation (DQC) protocols involve partially or fully classical Client delegating a quantum computation to fully powerful single/multiple quantum Server/Servers. All DQC protocols involve three main stages, Preparation Stage, Computation Stage and Output Correction Stage. The roles of Client and Server in the different stages may differ according to the type of communication used see Protocols list.

Tags: Two Party, Universal Tasks, Secure Verifiable Client-Server Delegated Quantum Computation, Secure Multi-Party Delegated Computation, Secure Delegated Classical Computation, Quantum Functionality

Use-case

  • Quantum Task
  • No classical analog for Blind Quantum Computing where input, output and computation can be hidden. Classical analogue for Homomorphic encryption techniques exist, hiding only the input and the output of the client and not the computation.
  • Quantum machine learning

Protocols

  • The protocols enlisted here mainly differ in terms of the type of communication channels required. An online link means it is used throughout the protocol. An offline link means it is used only at the starting or ending of the protocol (one-time use channels) and there is no continuous exchange of information. A quantum communication link is used to transfer quantum states/information and classical links are used for exchange of classical information. These terms will be related with each protocol enlisted below.
  1. Prepare and Send-Universal Blind Quantum Computation:Quantum Memory Network Stage. Requires classical online communication-quantum offline communication. Hides input, output and computation of the client
  2. Measurement Only-Universal Blind Quantum Computation:Quantum Memory Network Stage. Requires classical online communication-quantum online communication. Hides input, output and computation of the client.
  3. Pseudo-Secret Random Qubit Generator (PSQRG):Quantum Memory Network Stage. Requires classical offline communication- quantum offline communication.
  4. Prepare and Send Quantum Fully Homomorphic Encryption:Quantum Memory Network Stage. Requires classical online communication-no quantum communication. Hides input and output of the client.
  5. Classical Fully Homomorphic Encryption for Quantum Circuits:Quantum Memory Network Stage. Requires classical offline communication-no quantum communication. Hides input and output of the client.
  • All the above protocols require the server to be a quantum memory network stage node. However, with respect to the client, (1) requires the client to only prepare and send quantum states while (2) requires client to just receive and measure quantum states. Thus, client belongs to a simple prepare and measure network stage node. This information is useful in case there are only a few nodes with advanced technologies like quantum memory.
  • Protcols for verifiable version of protocols (1), (2), (4) can be found on the page Verifiable Delegated Quantum Computation. Verifiable versions of protocols (3) and (5) are open questions.

Properties

  • Universality A protocol for delegated quantum computation is universal if it client can use the server to compute any quantum circuit.
  • Correctness A protocol is correct if the output of client's input after Server's processing is correct, given that both parties follow the protocol honestly.
  • Blindness The protocol is blind to the server (who, in this case is the adversary/dishonest party) means that client's computation is hidden from the server during the entire protocol.
  • Compactness Decryption of datat the end of the protocol should be independent of the size of the quantum circuit used for computation
  • Full Homomorphism A homomorphic encryption which can perform any quantum computation

Knowledge Graph

Further Information

Secure Delegated Computation was an open problem in classical computation until Gentry's work in 1994 on Homomorphic Encryption using Lattice Based Cryptography (1). An analogue was required in case of delegating quantum data. Childs proposed the first work in the field in 2005 (2). Unlike the classical scheme, this protocol could not only hide the input and output of the client from the sever but also client's computation. This was a breakthrough as there exists no such scheme in classical cryptography which could provide this additional functionality, called 'blindness'. Arrighi and Salvail later showed (3) that hiding of computation was possible only for a few functions. They also coined the notion of verifiability. In 2009, Broadbent, Fitzsimons and Kashefi developed prepare and send universal blind quantum computation, which was the first scheme to solve this problem for any quantum circuit. This property, also known as universality, opened the gates for further research in this field. New protocols came into picture, some using the measurement based quantum computation framework like blind quantum computation and some devising homomorphic encryption for quantum data. Out of which, prepare-and-send universal blind quantum computation has been proven to be universally composable i.e. it is secure in any and every scenerio possible. The only other protocol which is proven to be universally composable is Quantum Key Distribution. All the above protocols required quantum communication until the latest work by Urmila Mahadev in 2018, classical fully homomorphic encryption for quantum circuits. It requires no quantum operation on the client's side. pseudo-secret random qubit generator is a functionality different from delegation of quantum computation. It comes with multiple uses, one of which being universal blind quantum computation. This protocol also requires no quantum computation on client's side in order to instruct server to prepare her secret random qubits, of which she has complete knowledge but not the server.
Review Papers:

  • Fitzsimons (2017) gives an overview of delegated quantum computation
  • Dunjko et al (2013) gives the abstract cryptography framework for delegated computing and uses it prove universal composability of UBQC.

References

  1. Gentry (1994)
  2. Childs (2005)
  3. Arrighi and Salavil (2006)
*contributed by Shraddha Singh