Write, autoreview, editor, reviewer
3,129
edits
Line 77: | Line 77: | ||
####Server entangles above superposition and <math>|\psi\rangle</math> with a third register:<math>\sum_{a,b,\mu\in\{0,1\},r}\alpha_{ab}\sqrt{D(\mu,r)}|a,b\rangle|\mu,r\rangle|f_a(r)\rangle</math>, such that </br><math>f_0=\mathrm{AltHE.Enc}_{pk}()</math>;</br><math>f_1(\mu_1,r_1)=f_0 (\mu_0,r_0)\oplus_H \hat{c}=\mathrm{AltHE.Enc}_{pk}(\mu_0,r_0)\oplus_H \mathrm{AltHE.Enc}_{pk}(s)</math> | ####Server entangles above superposition and <math>|\psi\rangle</math> with a third register:<math>\sum_{a,b,\mu\in\{0,1\},r}\alpha_{ab}\sqrt{D(\mu,r)}|a,b\rangle|\mu,r\rangle|f_a(r)\rangle</math>, such that </br><math>f_0=\mathrm{AltHE.Enc}_{pk}()</math>;</br><math>f_1(\mu_1,r_1)=f_0 (\mu_0,r_0)\oplus_H \hat{c}=\mathrm{AltHE.Enc}_{pk}(\mu_0,r_0)\oplus_H \mathrm{AltHE.Enc}_{pk}(s)</math> | ||
####Server measures the last register to get <math>y =\mathrm{AltHE.Enc}(\mu_0,r_0)=\mathrm{AltHE.Enc}_{pk}(\mu_1,r_1)\oplus_H AltHE.Enc_{pk}(s)</math>.</br> The resulting superposition state is:<math>\sum_{a,b,\mu\in\{0,1\},r}\alpha_{ab}\sqrt{D(\mu_0,r_0)}|a,b\rangle|\mu_a,r_a\rangle|\mathrm{AltHE.Enc}(\mu_0,r_0)\rangle=\sum_{a,b,\mu\in\{0,1\},r}\alpha_{ab}\sqrt{D(\mu_0,r_0)}|a,b\rangle|\mu_a,r_a\rangle|y\rangle</math> | ####Server measures the last register to get <math>y =\mathrm{AltHE.Enc}(\mu_0,r_0)=\mathrm{AltHE.Enc}_{pk}(\mu_1,r_1)\oplus_H AltHE.Enc_{pk}(s)</math>.</br> The resulting superposition state is:<math>\sum_{a,b,\mu\in\{0,1\},r}\alpha_{ab}\sqrt{D(\mu_0,r_0)}|a,b\rangle|\mu_a,r_a\rangle|\mathrm{AltHE.Enc}(\mu_0,r_0)\rangle=\sum_{a,b,\mu\in\{0,1\},r}\alpha_{ab}\sqrt{D(\mu_0,r_0)}|a,b\rangle|\mu_a,r_a\rangle|y\rangle</math> | ||
***'''Encrypted CNOT operation:''' <math>\sum_{a,b\in\{0,1\}}\alpha_{ab}CNOT_{a,b}^s|a | ***'''Encrypted CNOT operation:''' <math>\sum_{a,b\in\{0,1\}}\alpha_{ab}CNOT_{a,b}^s|a,b\rangle</math></br><math>=\alpha_{ab}|a,b\oplus a\cdot s\rangle</math></br><math>=\alpha_{ab}|a,b\oplus a\cdot(\mu_0+\mu_1)\rangle</math></br><math>=\alpha_{0b}|0,b\oplus 0\rangle+\alpha_{1b}|1,b\oplus \mu_0+\mu_1\rangle</math></br><math>=\alpha_{0b}|0,b\oplus \mu_0+\mu_1\rangle+\alpha_{1b}|1,b\oplus \mu_0+\mu_1\rangle</math>, <math>\because q\oplus q=0</math></br><math>=\alpha_{0b}|0\rangle\otimes X^{\mu_0}|b\oplus \mu_0\rangle+\alpha_{1b}|1\rangle \otimes X^{\mu_0}|b\oplus \mu_1\rangle</math>, <math>\because |q\oplus y\rangle=X^y|q\rangle</math></br><math>=\sum_{a,b\in\{0,1\}}\alpha_{ab}|a\rangle\otimes X^{\mu_0}|b\oplus \mu_a\rangle</math></br><math>=\sum_{a,b\in\{0,1\}}\alpha_{ab}(I\otimes X^{\mu_0})|a,b\oplus \mu_a\rangle</math></br> Thus, Server's superposition state could be written as:</br><math>\sum_{a,b,\mu\in\{0,1\},r}\alpha_{ab}\sqrt{D(\mu_0,r_0)}(I\otimes X^{\mu_0})CNOT_{ab}^s|a,b\oplus \mu_a\rangle\otimes|\mu_a,r_a\rangle\otimes|y\rangle</math> | ||
####Server performs Hadamard on second register. The resulting superposition state is:</br><math>\sum_{a,b,\mu\in\{0,1\},r}\alpha_{ab}\sqrt{D(\mu_0,r_0)}(I\otimes X^{\mu_0})CNOT_{ab}^s|a | ####Server performs Hadamard on second register. The resulting superposition state is:</br><math>\sum_{a,b,\mu\in\{0,1\},r}\alpha_{ab}\sqrt{D(\mu_0,r_0)}(I\otimes X^{\mu_0})CNOT_{ab}^s|a,b\oplus \mu_a\rangle\otimes H|\mu_a,r_a\rangle\otimes|y\rangle</math></br><math>=\sum_{a,b,\mu\in\{0,1\},r}\alpha_{ab}\sqrt{D(\mu_0,r_0)}\bigg((I\otimes X^{\mu_0})CNOT_{ab}^s|a,b\oplus \mu_a\rangle\bigg)\otimes\bigg(\sum_{e\in\{0,1\}}(-1)^{e\cdot(\mu_a,r_a) }|e\rangle\bigg)|y\rangle</math>, <math>\because H|q\rangle=\sum_{e\in\{0,1\}}(-1)^{e\cdot q}|e\rangle</math></br> | ||
####Server measures the second register to get d. The resulting superposition is:</br><math>=\sum_{a,b,\mu\in\{0,1\},r}\alpha_{ab}\sqrt{D(\mu_0,r_0)}(I\otimes X^{\mu_0})CNOT_{ab}^s|a | ####Server measures the second register to get d. The resulting superposition is:</br><math>=\sum_{a,b,\mu\in\{0,1\},r}\alpha_{ab}\sqrt{D(\mu_0,r_0)}((I\otimes X^{\mu_0})CNOT_{ab}^s|a,b\oplus \mu_a\rangle)\otimes(-1)^{d\cdot(\mu_a,r_a)}|d\rangle|y\rangle</math></br>=<math>(Z^{d\cdot ((\mu_0,r_0)\oplus (\mu_1,r_1))}\otimes X^{\mu_0})\mathrm{CNOT}_{1,2}^s|\psi\rangle</math> </br>where <math>(\mu_0,r_0)=(\mu_1,r_1)\oplus_H s</math>, as <math>\oplus_H</math> is the homomorphic XOR operation. | ||
####The server uses <math>pk_{i+1}</math> to compute HE.Enc<math>_{pk_{i+1}}(c_{x,z,pk_i})</math> and <math>\mathrm{HE.Enc}_{pk_{i+1}}(\hat{c},y,d)</math>. | ####The server uses <math>pk_{i+1}</math> to compute HE.Enc<math>_{pk_{i+1}}(c_{x,z,pk_i})</math> and <math>\mathrm{HE.Enc}_{pk_{i+1}}(\hat{c},y,d)</math>. | ||
####The server computes the encryption of <math>x,z</math> under <math>pk_{i+1}</math> by homomorphically running the decryption circuit on inputs <math>\mathrm{HE.Enc}_{pk_{i+1}}(sk_i)</math> and <math>\mathrm{HE.Enc}_{pk_{i+1}}(c_{x,z,pk_i})</math>. | ####The server computes the encryption of <math>x,z</math> under <math>pk_{i+1}</math> by homomorphically running the decryption circuit on inputs <math>\mathrm{HE.Enc}_{pk_{i+1}}(sk_i)</math> and <math>\mathrm{HE.Enc}_{pk_{i+1}}(c_{x,z,pk_i})</math>. |