Classical Fully Homomorphic Encryption for Quantum Circuits: Difference between revisions

m
mNo edit summary
Line 4: Line 4:
==Assumptions==
==Assumptions==
* This protocol is secure against honest but curious adversary setting.
* This protocol is secure against honest but curious adversary setting.
* HE is a classical leveled fully homomorphic encryption scheme which is quantum capable for depth Lc.
* HE is a classical leveled fully homomorphic encryption scheme which is [[Supplementary Information#Quantum Cryptography Techniques#Quantum Capable Homomorphic Encryption|quantum capable]] for given depth of the circuit (<math>L_c</math>).
* A BQP Server can generate a superposition of inputs for the encryption function over some distribution given the public key used for encryption. The protocol takes the learning with errors assumption.
* A [[Supplementary Information#Complexity Definitions|BQP]] Server can generate a superposition of inputs for the encryption function over some distribution given the public key used for encryption. The protocol takes learning with errors assumption.
 
== Outline==
== Outline==
FHE presents a classical protocol with the help of which a completely classical Client could assign Server a quantum computation for her encrypted (hidden) input/output. Similar to any classical HE this scheme is divided into four steps: Key Generation generates keys for encryption, decryption and evaluation of the circuit, Encryption encodes the input into a ciphertext using encryption key, Homomorphic Evauation performs operations (imlpements the circuit) on the encrypted input using evaluation key and Decryption transforms result of the ciphertext to actual outcome of the circuit using decryption key. Following the stages of Delegated Quantum Computation, in preparation stage, Client encrypts (hides) her inputs from the Server who, in the computation stage, performs quantum computation by a completely classical evaluation step where applying Clifford gates remains a simple step as it leaves the state with only Pauli corrections which are easy to handle by QOTP, but when applying Toffoli Gates, it leaves the state with some Pauli corrections and Clifford gate corrections depending on the one pad key used for (QOTP) by Client. QOTP cannot deal with Clifford gate errors and hence it needs to be corrected before the operation of next gate. These Clifford gate corrections are a combination of CNOT corrections dependent on pad key and Hadamard correction independent of pad key. Applying Hadamard requires no extra information but CNOT gate errors require revelation of one pad keys. FHE deals with this problem via Encrypted CNOT operation using TCF which only needs client to prepare one-time padded superposition states. Sever thus, updates the Pauli keys accordingly and at the end of computation, sends encrypted output to the Client with updated Pauli keys. Client decrypts sent states and gets correct output in Output Correction stage. Following is an outline of the steps involved in the scheme, assuming depth of circuit (see notations used) equal to L.
FHE presents a classical protocol with the help of which a completely classical Client could assign Server a quantum computation for her encrypted (hidden) input/output. Similar to any classical HE this scheme is divided into four steps: Key Generation generates keys for encryption, decryption and evaluation of the circuit, Encryption encodes the input into a ciphertext using encryption key, Homomorphic Evauation performs operations (imlpements the circuit) on the encrypted input using evaluation key and Decryption transforms result of the ciphertext to actual outcome of the circuit using decryption key. Following the stages of Delegated Quantum Computation, in preparation stage, Client encrypts (hides) her inputs from the Server who, in the computation stage, performs quantum computation by a completely classical evaluation step where applying Clifford gates remains a simple step as it leaves the state with only Pauli corrections which are easy to handle by QOTP, but when applying Toffoli Gates, it leaves the state with some Pauli corrections and Clifford gate corrections depending on the one pad key used for (QOTP) by Client. QOTP cannot deal with Clifford gate errors and hence it needs to be corrected before the operation of next gate. These Clifford gate corrections are a combination of CNOT corrections dependent on pad key and Hadamard correction independent of pad key. Applying Hadamard requires no extra information but CNOT gate errors require revelation of one pad keys. FHE deals with this problem via Encrypted CNOT operation using TCF which only needs client to prepare one-time padded superposition states. Sever thus, updates the Pauli keys accordingly and at the end of computation, sends encrypted output to the Client with updated Pauli keys. Client decrypts sent states and gets correct output in Output Correction stage. Following is an outline of the steps involved in the scheme, assuming depth of circuit (see notations used) equal to L.
Write, autoreview, editor, reviewer
3,129

edits