Quantum Protocol Zoo

Classical Fully Homomorphic Encryption for Quantum Circuits: Difference between revisions

Page Discussion

Classical Fully Homomorphic Encryption for Quantum Circuits (edit)

Revision as of 14:12, 20 November 2018

25 bytes removed ,  20 November 2018
m
→‎Pseudo-Code
Line 48: Line 48:
   
   
*Input: <math>k, L, L_c</math>, classical message <math>m</math>
*Input: <math>k, L, L_c</math>, classical message <math>m</math>
*Output: Homomorphic key sets <math>(pk_i,evk_i,sk_i, t_{sk_i})</math>, encrypted pad key <math>\tilde{a}, \tilde{b}</math>, One time Padded message (<math> a\oplus m</math> )
*Output: Homomorphic key sets <math>(pk_i,evk_i,sk_i, t_{sk_i})</math>, encrypted pad key <math>\tilde{a}, \tilde{b}</math>, One time Padded message (<math>l</math>)
**'''Key Generation (FHE.KeyGen(<math>1^{\lambda}, 1^L</math>))'''
**'''Key Generation (FHE.KeyGen(<math>1^{\lambda}, 1^L</math>))'''
# For <math>1\leq i\leq L + 1</math>,  
# For <math>1\leq i\leq L + 1</math>,  
Line 54: Line 54:
**'''Encryption (FHE.Enc<math>_{pk}(m)</math>))'''
**'''Encryption (FHE.Enc<math>_{pk}(m)</math>))'''
#Client chooses pad key for each message bit <math>a,b\in\{0,1\}^{\lambda}</math>.
#Client chooses pad key for each message bit <math>a,b\in\{0,1\}^{\lambda}</math>.
#She one time pads the message m as <math> a\oplus m</math> (b is used for quantum input <math>X^aZ^b|\psi\rangle</math> where |\psi\rangle</math> is quantum input).
#She one time pads the message m <math>l= a\oplus m</math> (b is used for quantum input <math>X^aZ^b|\psi\rangle</math> where |\psi\rangle</math> is quantum input).
#She then encrypts the pad key. HE.Enc<math>_{pk_1}(a,b))</math>
#She then encrypts the pad key. HE.Enc<math>_{pk_1}(a,b))</math>
# She sends the encrypted message and pad key to the Server with the evaluation keys.
# She sends the encrypted message and pad key to the Server with the evaluation keys.
Line 60: Line 60:
=== '''Stage 2''' Server’s Computation ===
=== '''Stage 2''' Server’s Computation ===
   
   
*Input: <math>evk_i</math>, encrypted pad key elements concatenation (c), one time padded message l
*Input: <math>evk_i</math>, encrypted pad key elements concatenation (<math>c</math>), one time padded message (<math>l</math>)
*Output:  Updated encryption of pad key <math>\tilde{a},\tilde{b}</math> (and Quantum One time Padded Output State <math>X^{\tilde {a}}Z^{\tilde{b}}C|\psi\rangle</math> in case of quantum output, where C is the quantum circuit)
*Output:  Updated encryption of pad key <math>\tilde{a},\tilde{b}</math> (and Quantum One time Padded Output State <math>X^{\tilde {a}}Z^{\tilde{b}}C|\psi\rangle</math> in case of quantum output, where C is the quantum circuit)
**'''Circuit Evaluation (FHE.Eval())'''
**'''Circuit Evaluation (FHE.Eval())'''
#Server creates a superposition state for the encrypted classical message and Pauli one time pads it using encrypted pad key. He applies the circuit on it as follows:</br>Let the Circuit be denoted by C and the gates be <math>c_i</math>
#Server creates a quantum superposition state for the encrypted classical message. He applies the circuit on it as follows:</br>Let the Circuit be denoted by C and the gates be <math>c_i</math>
# For all i, <math>c_i</math> gate is applied on qubit l and the <math>l_{th}</math> bits of pad key <math>(\tilde {a}^{[l]},\tilde{b}^{[l]})</math> are updated to <math>(\tilde {a}'^{[l]},\tilde{b}'^{[l]})</math> as follows.  
# For all i, <math>c_i</math> gate is applied on qubit l and the <math>l_{th}</math> bits of pad key <math>(\tilde {a}^{[l]},\tilde{b}^{[l]})</math> are updated to <math>(\tilde {a}'^{[l]},\tilde{b}'^{[l]})</math> as follows.  
## If <math>c_i=\{P,H,CNOT\}</math>, a Clifford gate then <div class="floatright">//(<math>c_iX^{a^{[l]}}Z^{b^{[l]}}|\psi\rangle=X^{a'^{[l]}}Z^{b'^{[l]}}c_i|\psi\rangle</math>)</div>
## If <math>c_i=\{P,H,CNOT\}</math>, a Clifford gate then <div class="floatright">//(<math>c_iX^{a^{[l]}}Z^{b^{[l]}}|\psi\rangle=X^{a'^{[l]}}Z^{b'^{[l]}}c_i|\psi\rangle</math>)</div>
Line 90: Line 90:
# Client decrypts <math>\tilde{a},\tilde{b}</math> using <math>sk_{L+1}</math> to obtain <math>a,b</math>.  
# Client decrypts <math>\tilde{a},\tilde{b}</math> using <math>sk_{L+1}</math> to obtain <math>a,b</math>.  
# She then uses the decrypted Pauli corrections to get the output <math>X^aZ^b|l\rangle</math>, which can be represented as <math>a\oplus l</math>.</br>She operates <math>X^aZ^b</math> on quantum output to get C<math>|\psi\rangle</math>, in case of quantum output.
# She then uses the decrypted Pauli corrections to get the output <math>X^aZ^b|l\rangle</math>, which can be represented as <math>a\oplus l</math>.</br>She operates <math>X^aZ^b</math> on quantum output to get C<math>|\psi\rangle</math>, in case of quantum output.
==Discussion==
==Discussion==
This protocol is first and only protocol currently, to use a classical functionality to solve a quantum task. It provides computationally security. A verifiable variant of this protocol is still an open question.
This protocol is first and only protocol currently, to use a classical functionality to solve a quantum task. It provides computationally security. A verifiable variant of this protocol is still an open question.
Shraddha
Write, autoreview, editor, reviewer
3,129

edits

Retrieved from "https://wiki.veriqloud.fr/index.php?title=Special:MobileDiff/1376"