Prepare-and-Measure Certified Deletion
Jump to navigation
Jump to search
This example protocol implements the functionality of Quantum Encryption with Certified Deletion using single-qubit state preparation and measurement. This scheme is limited to the single-use, private-key setting.
Requirements[edit]
- Network Stage: Prepare and Measure
Outline[edit]
The scheme consists of 5 circuits-
- Key: This circuit generates the key used in later stages
- Enc: This circuit encrypts the message using the key
- Dec: This circuit decrypts the ciphertext using the key and generates an error flag bit
- Del: This circuit deletes the ciphertext state and generates a deletion certificate
- Ver: This circuit verifies the validity of the deletion certificate using the key
Notation[edit]
- For any string and set denotes the string restricted to the bits indexed by
- For
- denotes the state space of a single qubit,
- denotes the set of density operators on a Hilbert space
- : Security parameter
- : Length, in bits, of the message
- : Hamming weight function
- : Total number of qubits sent from encrypting party to decrypting party
- : Length, in bits, of the string used for verification of deletion
- : Length, in bits, of the string used for extracting randomness
- : Length, in bits, of error correction hash
- : Length, in bits, of error syndrome
- : Basis in which the encrypting party prepare her quantum state
- : Threshold error rate for the verification test
- : Set of possible bases from which \theta is chosen
- : Universal family of hash functions used in the privacy amplification scheme
- : Universal family of hash functions used in the error correction scheme
- : Hash function used in the privacy amplification scheme
- : Hash function used in the error correction scheme
- : Function that computes the error syndrome
- : Function that computes the corrected string
Protocol Description[edit]
Circuit 1: Key[edit]
The key generation circuit
Input : None
Output: A key state
- Sample
- Sample where
- Sample
- Sample
- Sample
- Sample
- Sample
- Output
Circuit 2: Enc[edit]
The encryption circuit
Input : A plaintext state and a key state
Output: A ciphertext state
- Sample where
- Compute where
- Compute
- Compute
- Output
Circuit 3: Dec[edit]
The decryption circuit
Input : A key state and a ciphertext
Output: A plaintext state and an error flag
- Compute
- Measure in the computational basis. Call the result
- Compute where
- Compute
- If , then set . Else, set
- Compute
- Output
Circuit 4: Del[edit]
The deletion circuit
Input : A ciphertext
Output: A certificate string
- Measure in the Hadamard basis. Call the output y.
- Output
Circuit 5: Ver[edit]
The verification circuit
Input : A key state and a certificate string
Output: A bit
- Compute where
- Compute
- If , output . Else, output .
Properties[edit]
This scheme has the following properties:
- Correctness: The scheme includes syndrome and correction functions and is thus robust against a certain amount of noise, i.e. below a certain noise threshold, the decryption circuit outputs the original message with high probability.
- Ciphertext Indistinguishability: This notion implies that an adversary, given a ciphertext, cannot discern whether the original plaintext was a known message or a dummy plaintext
- Certified Deletion Security: After producing a valid deletion certificate, the adversary cannot obtain the original message, even if the key is leaked (after deletion).
References[edit]
- The scheme along with its formal security definitions and their proofs can be found in Broadbent & Islam (2019)
*contributed by Chirag Wadhwa