Write, autoreview, editor, reviewer
3,129
edits
Classical Fully Homomorphic Encryption for Quantum Circuits: Difference between revisions
Classical Fully Homomorphic Encryption for Quantum Circuits (edit)
Revision as of 12:24, 20 November 2018
, 20 November 2018→Stage 2 Server’s Computation
| Line 59: | Line 59: | ||
=== '''Stage 2''' Server’s Computation === | === '''Stage 2''' Server’s Computation === | ||
*Input: evaluation key (<math>evk_i</math>), encrypted pad key <math>\tilde{a}, \tilde{b}</math> concatenation (c), one time padded message l (and Quantum One time Padded Output State in case of quantum output) | |||
*Output: updated encryption of pad key <math>\tilde{a},\tilde{b}</math> (and Quantum One time Padded Output State <math>X^{\tilde {a}}Z^{\tilde{b}}C|\psi\rangle</math> in case of quantum output, where C is the quantum circuit) | |||
**''Circuit Evaluation (FHE.Eval())'' | |||
#Server creates a superposition state for the encrypted classical message and Pauli one time pads it using encrypted pad key. He applies the circuit on it as follows:</br>Let the Circuit be denoted by C and the gates be <math>c_i</math> | |||
# For all i, <math>c_i</math> gate is applied on qubit l and the <math>l_{th}</math> bits of pad key <math>(\tilde {a}^{[l]},\tilde{b}^{[l]})</math> are updated to <math>(\tilde {a}'^{[l]},\tilde{b}'^{[l]})</math> as follows. | |||
# Server creates a superposition state for the encrypted classical message and Pauli one time pads it using encrypted pad key. He applies the circuit on it as follows: | ## If <math>c_i=\{P,H,CNOT\}</math>, a Clifford gate then<comment/>(<math>c_iX^{a^{[l]}}Z^{b^{[l]}}|\psi\rangle=X^{a'^{[l]}}Z^{b'^{[l]}}c_i|\psi\rangle</math>) | ||
# For all i, | ### if <math>c_i=</math>H then <comment/>Hadamard Gate | ||
## If | |||
### if | |||
### if ci =P then //Pauli Gate<br/>(a˜[l],˜b[l]) → (a˜[l],a˜[l] ⊕˜b[l]) | ### if ci =P then //Pauli Gate<br/>(a˜[l],˜b[l]) → (a˜[l],a˜[l] ⊕˜b[l]) | ||
### if ci =CNOT with m as target bit and n as control bit then (CNOT)<br/>(a˜[l],˜b[l];˜a[n],˜b[n]) → (a˜[l],˜b[l] ⊕˜b[n];˜a[l] ⊕ a˜[n],˜b[n]) | ### if ci =CNOT with m as target bit and n as control bit then (CNOT)<br/>(a˜[l],˜b[l];˜a[n],˜b[n]) → (a˜[l],˜b[l] ⊕˜b[n];˜a[l] ⊕ a˜[n],˜b[n]) | ||
| Line 83: | Line 81: | ||
#### The server homomorphically computes (µ0,r0) and (µ1,r1), using the ciphertexts encrypting tski,ski,c,y,dˆ (all encrypted with HE under public key pki+1). The server then uses this result, along with the ciphertexts encrypting a,b,d, to homomorphically compute ˜b = b + (d · ((µ0,r0) ⊕ (µ1,r1)),0) and ˜a = a + (0,µ0). | #### The server homomorphically computes (µ0,r0) and (µ1,r1), using the ciphertexts encrypting tski,ski,c,y,dˆ (all encrypted with HE under public key pki+1). The server then uses this result, along with the ciphertexts encrypting a,b,d, to homomorphically compute ˜b = b + (d · ((µ0,r0) ⊕ (µ1,r1)),0) and ˜a = a + (0,µ0). | ||
# Server sends updated encryptions of Pauli corrections ˜a,˜b and the classical outcome after measurement of the output state (or Quantum one time padded state in case of quantum output) to Client. | # Server sends updated encryptions of Pauli corrections ˜a,˜b and the classical outcome after measurement of the output state (or Quantum one time padded state in case of quantum output) to Client. | ||
=== '''Stage 3''' Client’s Output Correction === | === '''Stage 3''' Client’s Output Correction === | ||