Secure Client- Server Delegated Computation

Functionality Description

Delegated Computation is the task of assigning quantum computation to an untrusted device while maintaining privacy of the computation. Protocols under this functionality are commonly called ClientServer protocols. Delegated Quantum Computation (DQC) protocols involve partially/fully classical Client delegate a quantum computation task to a fully powerful quantum Server. All DQC protocols involve three main stages, Prepataion Stage, Computation Stage, Output Correction Stage. The roles of Client and Server in the different stages may differ according to the type of communication used. It can be performed via classical online/offline and quantum online/offline communication. It can be verifiable or non-verifiable. Hence, it is classified as follows.

Classical Online Communication-Quantum Offline Communication

It involves a partially quantum Client perform a one time quantum communication to send input to the Server, in the preparation Stage and then to receive outputs from the Server, during output correction. The Client and Server then exchange classical messages during the computation phase. Universal Blind Quantum Computation (UBQC) is a protocol falling under this category. In this protocol Client hides his input, output and computation from the Server using MBQC by sending hidden quantum states to the Server. UBQC protocols can be realised by a Prepare and Send UBQC protocol where client prepares and sends the input states to the Server. If the task performed by the Server can be verified by the Client, the protocol is Verifiable Universal Blind Quantum Computation (VUBQC). Same as UBQC, VUBQC can also be realised by Prepare and Send VUBQC.

Classical Online Communication-Quantum Online Communication

It involves a partially quantum Client perform quantum and classical communication throughout the protocol. The Client and Server then exchange classical messages during the computation phase. Universal Blind Quantum Computation (UBQC) is a protocol falling under this category. In this protocol Client hides his input, output and computation from the Server using MBQC by sending hidden quantum states to the Server. Such UBQC protocols can be realised by a Measurement Only UBQC protocol where the client measures some known quantum state prepared by server in a rotated basis to generate input states. Same as UBQC, VUBQC can also be realised by Measurement Only VUBQC protocols. Version for quantum input/output is also available in the descriptions.

Classical Online Communication-No Quantum Communication

It involves a fully classical Client exchanging classical messages with the server throughout. Protocols falling under this category are Q-Factory. A verification of Q-Factory protocol is still an open question.

Classical Offline Communication-Quantum Offline Communication

It involves a partially classical Client exchanging performing both classical and quantum communication with the Server during the preparation stage and output correction. There is no communication between the two parties during computation stage. Protocols falling under this category are Quantum Fully Homomorphic Encryption (QFHE) and classical Fully Homomorphic Encryption(FHE).

  • QFHE: Client hides her input states with the help of some classical encryption using HE and prepares quantum gadgets (using entanglement) which the Server uses perform computation on the encrypted state. This requires some steps which cannot be realised by classical HE scheme. Later Client decrypts the outcome sent by Server to get the correct result. Just like UBQC, QFHE protocols can also be realised by a Prepare and Send QFHE protocol where client prepares and sends the input states to the Server. If the task performed by the Server can be verified by the Client, the protocol is called, Verifiable Quantum Fully Homomorphic Encryption (VQFHE). Same as QFHE, VQFHE can be realised by Prepare and Send VQFHE. For both QFHE and VQFHE, Measurement Only protocols are an open case. Version for quantum input/output is also available in the descriptions.
  • FHE: It uses only classical HE and no quantum gadgets to realize a quantum functionality. Instead it used Encrypted CNOT operation using superposition states. This step can be performed with classical HE. Protocols falling under this category are quantum capable Classical Fully Homomorphic Encryption (FHE) for Quantum Circuits. A verification of FHE for Quantum Circuits protocol is still an open question.
Tags: Two Party, Universal Task, Quantum Functionality, Multiparty Delegated Quantum Computation, Quantum Enhanced Classical Delegated Computing

Property/Security Definitions

Following are the definitions of various properties and security realized by the different DQC protocols mentioned above.

Adversarial Assumption

  • Secure against Honest But Curious adversary protocols are non-verifiable protocols. In this setting, protocols assumes a dishonest server only tries to learn Client’s hidden variables (input, output or computation) and not mutate it.
  • Secure against Malicious adversary protocol are verifiable protocols. In this setting, a dishonest server apart from trying to learn the Client’s hidden variable may also try to change it.

Properties

  • Blindness asserts the Client’s input/output/server are blind (unknown) to the Server.
  • Universality asserts the protocol can compute universal set of quantum gates.
  • Correctness asserts that if the protocol is followed it results the same output as when circuit is operated on the input states directly.
  • Compactness asserts the decryption of the encrypted messages does not depend on the size of the computation circuit.
  • Circuit Privacy asserts circuit is private from the party who did not create it.
  • Indistinguishability under Chosen Plaintext Attacks by adversary with quantum computational powers(q-IND-CPA) means that an adversary cannot distinguish between encrypted text from a message and encrypted text from an arbitrary state.
  • Full Homomorphism A fully homomorphic scheme is capable of performing any quantum computation on encrypted text and give the correct outcome after decryption. If a scheme cannot perform all quantum gates, it is called Quantum Homomorphic Encryption (QHE) instead of QFHE.
  • Quantum Capable A classical HE scheme is quantum capable if it can be used to evaluate quantum circuits
  • Circular Security An encryption scheme that encrypts (hides) its own keys

Use Case

Quantum Cloud Computing