Prepare-and-Measure Certified Deletion


This example protocol implements the functionality of Quantum Encryption with Certified Deletion using single-qubit state preparation and measurement. This scheme is limited to the single-use, private-key setting.

RequirementsEdit

OutlineEdit

The scheme consists of 5 circuits-

  • Key: This circuit generates the key used in later stages
  • Enc: This circuit encrypts the message using the key
  • Dec: This circuit decrypts the ciphertext using the key and generates an error flag bit
  • Del: This circuit deletes the ciphertext state and generates a deletion certificate
  • Ver: This circuit verifies the validity of the deletion certificate using the key

NotationEdit

  • For any string   and set   denotes the string   restricted to the bits indexed by  
  • For  
  •   denotes the state space of a single qubit, 
  •   denotes the set of density operators on a Hilbert space  
  •  : Security parameter
  •  : Length, in bits, of the message
  •   : Hamming weight function
  •  : Total number of qubits sent from encrypting party to decrypting party
  •  : Length, in bits, of the string used for verification of deletion
  •  : Length, in bits, of the string used for extracting randomness
  •  : Length, in bits, of error correction hash
  •  : Length, in bits, of error syndrome
  • Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \theta} : Basis in which the encrypting party prepare her quantum state
  •  : Threshold error rate for the verification test
  •  : Set of possible bases from which \theta is chosen
  • Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \mathfrak{H}_{pa}} : UniversalFailed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle _2} family of hash functions used in the privacy amplification scheme
  • Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \mathfrak{H}_{ec}} : Universal  family of hash functions used in the error correction scheme
  • Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle H_{pa}} : Hash function used in the privacy amplification scheme
  •  : Hash function used in the error correction scheme
  •  : Function that computes the error syndrome
  • Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle corr} : Function that computes the corrected string

Protocol DescriptionEdit

Circuit 1: KeyEdit

The key generation circuit

Input : None

Output: A key state  

  1. Sample  
  2. Sample   where  
  3. Sample  
  4. Sample Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle d \gets \{0,1\}^\mu}
  5. Sample  
  6. Sample  
  7. Sample  
  8. Output  

Circuit 2: EncEdit

The encryption circuit

Input : A plaintext state   and a key state Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle | r|_\tilde{\mathcal{I}},\theta,u,d,e,H_{pa},H_{ec}\rangle \langle r|_\tilde{\mathcal{I}},\theta,u,d,e,H_{pa},H_{ec}| \in \mathcal{D}(\mathcal{Q}(k+m+n+\mu+\tau)\otimes\mathfrak{H}_{pa}\otimes\mathfrak{H}_{ec}}

Output: A ciphertext state  

  1. Sample   where Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \mathcal{I} = \{i \in [m]| \theta_i = 0 \}}
  2. Compute   where  
  3. Compute Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle p = H_{ec}(r|_\mathcal{I}) \oplus d}
  4. Compute  
  5. Output Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \rho = |r^\theta\rangle\langle r^\theta |\otimes|\mathrm{msg}\oplus x \oplus u,p,q\rangle\langle \mathrm{msg}\oplus x \oplus u,p,q |}

Circuit 3: DecEdit

The decryption circuit

Input : A key state Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle | r|_\tilde{\mathcal{I}},\theta,u,d,e,H_{pa},H_{ec}\rangle \langle r|_\tilde{\mathcal{I}},\theta,u,d,e,H_{pa},H_{ec}| \in \mathcal{D}(\mathcal{Q}(k+m+n+\mu+\tau)\otimes\mathfrak{H}_{pa}\otimes\mathfrak{H}_{ec}} and a ciphertext  

Output: A plaintext state   and an error flag  

  1. Compute  
  2. Measure   in the computational basis. Call the result  
  3. Compute   where  
  4. Compute  
  5. If  , then set  . Else, set  
  6. Compute  
  7. Output  

Circuit 4: DelEdit

The deletion circuit

Input : A ciphertext  

Output: A certificate string  

  1. Measure   in the Hadamard basis. Call the output y.
  2. Output  

Circuit 5: VerEdit

The verification circuit

Input : A key state   and a certificate string  

Output: A bit

  1. Compute   where  
  2. Compute  
  3. If  , output  . Else, output  .

PropertiesEdit

This scheme has the following properties:

  • Correctness: The scheme includes syndrome and correction functions and is thus robust against a certain amount of noise, i.e. below a certain noise threshold, the decryption circuit outputs the original message with high probability.
  • Ciphertext Indistinguishability: This notion implies that an adversary, given a ciphertext, cannot discern whether the original plaintext was a known message or a dummy plaintext  
  • Certified Deletion Security: After producing a valid deletion certificate, the adversary cannot obtain the original message, even if the key is leaked (after deletion).

ReferencesEdit

*contributed by Chirag Wadhwa