Classical Fully Homomorphic Encryption for Quantum Circuits: Difference between revisions

Classical Fully Homomorphic Encryption for Quantum Circuits (edit)

Revision as of 16:21, 19 November 2018

1,302 bytes added , 19 November 2018

m

no edit summary

Shraddha

Write, autoreview, editor, reviewer

3,129

edits

@@ Line 8: / Line 8: @@
 == Outline==
-FHE presents a classical protocol with the help of which a completely classical Client could assign Server a quantum computation for her encrypted (hidden) input/output. Similar to any classical HE this scheme is divided into four steps: Key Generation generates keys for encryption, decryption and evaluation of the circuit, Encryption encodes the input into a ciphertext using encryption key, Homomorphic Evauation performs operations (imlpements the circuit) on the encrypted input using evaluation key and Decryption transforms result of the ciphertext to actual outcome of the circuit using decryption key. Following the stages of Delegated Quantum Computation, in preparation stage, Client encrypts (hides) her inputs from the Server who, in the computation stage, performs quantum computation by a completely classical evaluation step where applying Clifford gates remains a simple step as it leaves the state with only Pauli corrections which are easy to handle by QOTP, but when applying Toffoli Gates, it leaves the state with some Pauli corrections and Clifford gate corrections depending on the one pad key used for (QOTP) by Client. QOTP cannot deal with Clifford gate errors and hence it needs to be corrected before the operation of next gate. These Clifford gate corrections are a combination of CNOT corrections dependent on pad key and Hadamard correction independent of pad key. Applying Hadamard requires no extra information but CNOT gate errors require revelation of one pad keys. FHE deals with this problem via Encrypted CNOT operation using TCF which only needs client to prepare one-time padded superposition states. Sever thus, updates the Pauli keys accordingly and at the end of computation, sends encrypted output to the Client with updated Pauli keys. Client decrypts sent states and gets correct output in Output Correction stage. Following is an outline of the steps involved in the scheme, assuming depth of circuit (see notations used) equal to L.
+FHE presents a classical protocol with the help of which a completely classical Client could assign Server a quantum computation for her encrypted (hidden) input/output. Similar to any classical HE this scheme is divided into four steps: Key Generation generates keys for encryption, decryption and evaluation of the circuit; Encryption encodes the input into a secret text using the encryption key generated during Key Generation; Evaluation performs operations (implements the circuit) on the encrypted input using evaluation key generated and Decryption transforms result of the evaluation step hidden in the secret text, to outcome of the circuit for Client's input using decryption key. Following the stages of [[Secure Delegated Quantum Computation]], in preparation stage, Client encrypts her input to hide it from the Server performing [[Supplementary Information#Quantum Cryptography Techniques#Quantum One Time Pad|Quantum One Time Pad]] (QOTP) using her encryption key, who, in the computation stage, performs quantum computation by a completely classical evaluation step. There are two kinds of gates in Quantum Computation (See Heirarchy of Quantum Gates in [[Supplementary Information]]) Clifford Gates, which consists of Hadamard gate, CNOT and Pauli gates (X, Y, Z) and Toffoli gates (any single qubit phase/rotation gate). A universal scheme can perform both these types of gates implying that it can perform any quantum operation. Now, applying [[Supplementary Information#A General Introduction to Quantum Information#Heirarchy of Quantum Gates|Clifford gates]] remains a simple step as it leaves the state with only Pauli corrections (X, Z) which are easy to handle as these gates commute with every quantum gate and hence can be shifted and cancelled out by applying corresponding inverse gate later by the Client, but when applying [[Supplementary Information#A General Introduction to Quantum Information#Heirarchy of Quantum Gates|Toffoli Gates]], it leaves the state with some Pauli corrections and Clifford gate corrections depending on the one pad key used for encryption key used by Client. Decryption key cannot deal with Clifford gate errors as they do not commute with all quantum operations and hence it needs to be corrected by applying corresponding inverse gate before the operation of next gate for computation by the Server. These Clifford gate corrections are a combination of CNOT corrections dependent on encryption key and a Hadamard correction independent of encryption key. Applying Hadamard requires no extra information but CNOT gate errors require revelation of the encryption key. FHE deals with this problem via [[Supplementary Information#Quantum Cryptography Techniques#Encrypted CNOT operation|Encrypted CNOT operation]] using [[Supplementary Information#Quantum Cryptography Techniques#Trapdoor Claw-Free Function|TCF]] which only needs client to prepare one-time padded superposition states. Sever thus, updates the Pauli keys accordingly and at the end of computation, sends encrypted output to the Client with updated Pauli keys. Client decrypts sent states and gets correct output in Output Correction stage. Following is an outline of the steps involved in the scheme, assuming depth of circuit (see notations used) equal to L.
 * '''Key Generation:''' Client generates L+1 classical homomorphic key sets consisting of public key, evaluation key, secret key, trapdoor information using HE.KeyGen (classical HE step). Evaluation key consists of first L pairs of secret key-trapdoor information encrypted with last L public keys such that secret key-trapdoor key pair and public key do not belong to the same key set. Evaluation key also contains this public key used to encrypt the pair.
 * '''Encryption Client''' uses one time pad to hide her input and encrypts the pad key using a public key not used to encrypt the trapdoors and secret in the previous step. She then sends the hidden input with encypted pad key and classical evaluation key to the Server. In case of classical input Client uses the public key to encrypt her classical message and send it to the Server over classical channel.