Write, autoreview, editor, reviewer
3,129
edits
Classical Fully Homomorphic Encryption for Quantum Circuits: Difference between revisions
Classical Fully Homomorphic Encryption for Quantum Circuits (edit)
Revision as of 21:37, 21 November 2018
, 21 November 2018→Outline
mNo edit summary |
m (→Outline) |
||
| Line 16: | Line 16: | ||
'''Encrypted CNOT operation''' All errors imposed by Toffoli gates can be represented using encrypted CNOT operation, a Hadamard operation and a set of Pauli gates (X, Z). All errors imposed by Clifford gates can be represented by a combination of Pauli gates. A mathematical representation of this step can be found in the [[Supplementary Information]]. | '''Encrypted CNOT operation''' All errors imposed by Toffoli gates can be represented using encrypted CNOT operation, a Hadamard operation and a set of Pauli gates (X, Z). All errors imposed by Clifford gates can be represented by a combination of Pauli gates. A mathematical representation of this step can be found in the [[Supplementary Information]]. | ||
#'''TCF:''' This operation uses Trapdoor Claw Free function pairs which have the same image (output) for different pre-images(inputs) called 'random claw pair'. Given the image, it is rendered a hard problem to find this corresponding random claw without its trapdoor information (example, a piece of information required to invert the function). For this protocol, the HE Encryption function (HE.Enc()) is taken as one of the functions. A second function whose distribution is shifted from the previous function by a natural (homomorphic) XOR operation (a requirement for the [[Supplementary Information#Quantum cryptography Techniques#Quantum Capable Homomorphic Encryption|classical HE]] scheme used) of encrypted key bit used for that encryption function. This means, the functions have a common range such that for every image (output), the pre-images (input) for each of the functions stated above would also differ by a XOR operation of actual (not encrypted) key bit. Thus, any element in the said range set would have one pre-image in the domain set of each function, together called random claw pair. If one performs a XOR operation on the pair, the result is pad key bit. This is implied from the properties of homomorphic XOR. Thus, any pre-image pair (random claw) thus, obtained, hides the pad key (to be used later for Encrypted CNOT operation). In simple words, the above paragraph implies that if two functions are separated by encrypted pad key via a homomorphic XOR operation, their inputs for a common output (random claw pair) would be separated by the (not encrypted) pad key bit. | #'''TCF:''' This operation uses Trapdoor Claw Free function pairs which have the same image (output) for different pre-images(inputs) called 'random claw pair'. Given the image, it is rendered a hard problem to find this corresponding random claw without its trapdoor information (example, a piece of information required to invert the function). For this protocol, the HE Encryption function (HE.Enc()) is taken as one of the functions. A second function whose distribution is shifted from the previous function by a natural (homomorphic) XOR operation (a requirement for the [[Supplementary Information#Quantum cryptography Techniques#Quantum Capable Homomorphic Encryption|classical HE]] scheme used) of encrypted key bit used for that encryption function. This means, the functions have a common range such that for every image (output), the pre-images (input) for each of the functions stated above would also differ by a XOR operation of actual (not encrypted) key bit. Thus, any element in the said range set would have one pre-image in the domain set of each function, together called random claw pair. If one performs a XOR operation on the pair, the result is pad key bit. This is implied from the properties of homomorphic XOR. Thus, any pre-image pair (random claw) thus, obtained, hides the pad key (to be used later for Encrypted CNOT operation). In simple words, the above paragraph implies that if two functions are separated by encrypted pad key via a homomorphic XOR operation, their inputs for a common output (random claw pair) would be separated by the (not encrypted) pad key bit. | ||
#'''Server's preparation''' Thus, Server creates a superposition of inputs for the functions over some distribution. Next, he creates a superposition of quantum states generated from Client's input. After applying the gates on qubits, for correction of CNOT errors, Server creates three registers. First | #'''Server's preparation''' Thus, Server creates a superposition of inputs for the functions over some distribution. Next, he creates a superposition of quantum states generated from Client's input. After applying the gates on qubits, for correction of CNOT errors, Server creates three registers. First has the superposition of quantum states generated from Client's input, second has the superposition on a distribution chosen for inputs of the function while third register has the output of one of the two functions illustrated above, where the function (one of the two) is chosen according to the first qubit of the first register and its quantum input is taken from the second register. Hence, these registers are entangled. Server, now measures the third register which reduces second register to a random claw pair as discussed before, hiding the pad key. It is still hidden from the Server as he does not know trapdoor information to be able to know the random claw pair and he cannot compute it from the measured output as it is a hard problem. | ||
#'''Server's Toffoli gate operation''' After some calculations it can be shown that if Server performs Hadamard operation on the second register and then measures it, the first register is reduced to corrected quantum state with some extra Pauli corrections. These final Pauli corrections require trapdoor information and measurement outcome of the second register. To perform the above operation one needs the secret text to be same throughtout the protocol and existence of a natural XOR operation. This is not known to have been achieved by a single HE together. Hence, this protocol uses AltHE (an alternate HE) which can operate XOR for encrypted CNOT operation while he uses HE for updation of Pauli keys. In order to do this, HE provides a conversion of secret text under HE to secret text under AltHE and vice versa. Thus, after encrypted CNOT operation, encrypted pad key bit and other measurement outcomes are recrypted using public key provided in the evaluation key for that step, under HE. Thus, the trapdoor information and pad key bit are encrypted under same public key. Now, using the measurement outcome and the encrypted trapdoor information with recrypted pad key, Server obtains Pauli corrections. The Server encrypts Pauli corrections under public key for corresponding layer and hence updates the recrypted pad key<br/> | #'''Server's Toffoli gate operation''' After some calculations it can be shown that if Server performs Hadamard operation on the second register and then measures it, the first register is reduced to corrected quantum state with some extra Pauli corrections. These final Pauli corrections require trapdoor information and measurement outcome of the second register. To perform the above operation one needs the secret text to be same throughtout the protocol and existence of a natural XOR operation. This is not known to have been achieved by a single HE together. Hence, this protocol uses AltHE (an alternate HE) which can operate XOR for encrypted CNOT operation while he uses HE for updation of Pauli keys. In order to do this, HE provides a conversion of secret text under HE to secret text under AltHE and vice versa. Thus, after encrypted CNOT operation, encrypted pad key bit and other measurement outcomes are recrypted using public key provided in the evaluation key for that step, under HE. Thus, the trapdoor information and pad key bit are encrypted under same public key. Now, using the measurement outcome and the encrypted trapdoor information with recrypted pad key, Server obtains Pauli corrections. The Server encrypts Pauli corrections under public key for corresponding layer and hence updates the recrypted pad key<br/> | ||
#'''Server's Clifford gate operation''' Server obtains with Pauli corrections according to rules described in the Pseudo code and updates the recrypted pad key as before.</br> | #'''Server's Clifford gate operation''' Server obtains with Pauli corrections according to rules described in the Pseudo code and updates the recrypted pad key as before.</br> | ||