Classical Fully Homomorphic Encryption for Quantum Circuits: Difference between revisions

m
Line 70: Line 70:
### if <math>c_i=</math>P then <div class="floatright">//Pauli Gate</div></br><math>(\tilde {x}^{[l]},\tilde{z}^{[l]})\rightarrow (\tilde{x}^{[l]},\tilde{x}^{[l]}\oplus\tilde{z}^{[l]})</math>
### if <math>c_i=</math>P then <div class="floatright">//Pauli Gate</div></br><math>(\tilde {x}^{[l]},\tilde{z}^{[l]})\rightarrow (\tilde{x}^{[l]},\tilde{x}^{[l]}\oplus\tilde{z}^{[l]})</math>
### if <math>c_i=CNOT_{l,n}</math> with m as target bit and n as control bit then <div class="floatright">//CNOT</div></br>(<math>\tilde {x}^{[l]},\tilde{z}^{[l]};\tilde {x}^{[n]},\tilde{z}^{[n]})\rightarrow (\tilde {x}^{[l]},\tilde{z}^{[l]}\oplus \tilde {z}^{[n]};\tilde{x}^{[l]}\oplus \tilde {x}^{[n]},\tilde{z}^{[n]})</math>
### if <math>c_i=CNOT_{l,n}</math> with m as target bit and n as control bit then <div class="floatright">//CNOT</div></br>(<math>\tilde {x}^{[l]},\tilde{z}^{[l]};\tilde {x}^{[n]},\tilde{z}^{[n]})\rightarrow (\tilde {x}^{[l]},\tilde{z}^{[l]}\oplus \tilde {z}^{[n]};\tilde{x}^{[l]}\oplus \tilde {x}^{[n]},\tilde{z}^{[n]})</math>
## If <math>c_i=T</math> gate then <div class="floatright">//Toffoli Gate on <math>l_{th}, n_{th}, o_{th}</math> key bits</div></br>  
## If <math>c_i=T</math> gate then <div class="floatright">//Toffoli Gate on <math>l_{th}, n_{th}, o_{th}</math> key bits</br>
<div style="background-color: white; border: solid thin black;title=Functionality Description;">
<div style="background-color: gray; border: solid thin black;title=Functionality Description;">The Toffoli gate application can be deduced as follows:</br><math>TZ^{z^{[l]}}X^{x^{[l]}}Z^{z^{[n]}}X^{x^{[n]}}Z^{z^{[o]}}X^{x^{[o]}}|\psi\rangle</math></br><math>=TZ^{z^{[l]}}X^{x^{[l]}}Z^{z^{[n]}}X^{x^{[n]}}Z^{z^{[o]}}X^{x^{[o]}}T\dagger T|\psi\rangle</math></br><math>=CNOT_{l,o}^{x^{[n]}}CNOT_{n,o}^{x^{[l]}}CZ_{l,n}^{z^{[o]}}Z^{z^{[l]}}X^{x^{[l]}}T|\psi\rangle</math></br><math>=CNOT_{l,o}^{x^{[n]}}CNOT_{n,o}^{x^{[l]}}H_nCNOT_{l,n}^{z^{[o]}}H_{n}Z^{z^{[l]}}X^{x^{[l]}}T|\psi\rangle</math></br><math>=C_{zx}P_{zx}T|\psi\rangle</math>, where <math>C\epsilon \{\text{CNOT,H}\}</math> and <math>P\epsilon\{X,Z\}</math>
The Toffoli gate application can be deduced as follows:</br><math>TZ^{z^{[l]}}X^{x^{[l]}}Z^{z^{[n]}}X^{x^{[n]}}Z^{z^{[o]}}X^{x^{[o]}}|\psi\rangle</math></br><math>=TZ^{z^{[l]}}X^{x^{[l]}}Z^{z^{[n]}}X^{x^{[n]}}Z^{z^{[o]}}X^{x^{[o]}}T\dagger T|\psi\rangle</math></br><math>=CNOT_{l,o}^{x^{[n]}}CNOT_{n,o}^{x^{[l]}}CZ_{l,n}^{z^{[o]}}Z^{z^{[l]}}X^{x^{[l]}}T|\psi\rangle</math></br><math>=CNOT_{l,o}^{x^{[n]}}CNOT_{n,o}^{x^{[l]}}H_nCNOT_{l,n}^{z^{[o]}}H_{n}Z^{z^{[l]}}X^{x^{[l]}}T|\psi\rangle</math></br><math>=C_{zx}P_{zx}T|\psi\rangle</math>, where <math>C\epsilon \{\text{CNOT,H}\}</math> and <math>P\epsilon\{X,Z\}</math>
</div>
</div>
###The Pauli key encryptions are homomorphically updated  according to <math>P_{zx}</math>.</br> (<math>\tilde {x}^{[l]},\tilde{z}^{[l]};\tilde {x}^{[n]},\tilde{z}^{[n]};\tilde {x}^{[o]},\tilde{z}^{[o]})\rightarrow (\tilde {x}^{[l]},\tilde{z}^{[l]};0,0;0,0)</math>
###The Pauli key encryptions are homomorphically updated  according to <math>P_{zx}</math>.</br> (<math>\tilde {x}^{[l]},\tilde{z}^{[l]};\tilde {x}^{[n]},\tilde{z}^{[n]};\tilde {x}^{[o]},\tilde{z}^{[o]})\rightarrow (\tilde {x}^{[l]},\tilde{z}^{[l]};0,0;0,0)</math>
### Three encrypted CNOTs are used to correct <math>C^{zx}</math> as follows under <math>\mathrm{AltHE}</math>.
### Three encrypted CNOTs are used to correct <math>C^{zx}</math> as follows under <math>\mathrm{AltHE}</math>.</br></br>
***'''Server's Preparation:'''
***'''Server's Preparation:'''
####Server converts <math>\hat{c} = \mathrm{HE.Convert(c)}</math>.
####Server converts <math>\hat{c} = \mathrm{HE.Convert(c)}</math>.
Line 81: Line 80:
####Server entangles above superposition and <math>|\psi\rangle</math> with a third register:<math>\sum_{a,b,\mu\in\{0,1\},r}\alpha_{ab}\sqrt{D(\mu,r)}|a,b\rangle|\mu,r\rangle|f_a(r)\rangle</math>, such that </br><math>f_0=\mathrm{AltHE.Enc}_{pk}()</math>;</br><math>f_1(\mu_1,r_1)=f_0 (\mu_0,r_0)\oplus_H \hat{c}=\mathrm{AltHE.Enc}_{pk}(\mu_0,r_0)\oplus_H \mathrm{AltHE.Enc}_{pk}(s)</math> </br><math>\therefore \mu_0\oplus\mu_1=s</math>
####Server entangles above superposition and <math>|\psi\rangle</math> with a third register:<math>\sum_{a,b,\mu\in\{0,1\},r}\alpha_{ab}\sqrt{D(\mu,r)}|a,b\rangle|\mu,r\rangle|f_a(r)\rangle</math>, such that </br><math>f_0=\mathrm{AltHE.Enc}_{pk}()</math>;</br><math>f_1(\mu_1,r_1)=f_0 (\mu_0,r_0)\oplus_H \hat{c}=\mathrm{AltHE.Enc}_{pk}(\mu_0,r_0)\oplus_H \mathrm{AltHE.Enc}_{pk}(s)</math> </br><math>\therefore \mu_0\oplus\mu_1=s</math>
####Server measures the last register to get <math>y =\mathrm{AltHE.Enc}(\mu_0,r_0)=\mathrm{AltHE.Enc}_{pk}(\mu_1,r_1)\oplus_H AltHE.Enc_{pk}(s)</math>.</br> The resulting superposition state is:<math>\sum_{a,b,\mu\in\{0,1\},r}\alpha_{ab}\sqrt{D(\mu_0,r_0)}|a,b\rangle|\mu_a,r_a\rangle|\mathrm{AltHE.Enc}(\mu_0,r_0)\rangle=\sum_{a,b,\mu\in\{0,1\},r}\alpha_{ab}\sqrt{D(\mu_0,r_0)}|a,b\rangle|\mu_a,r_a\rangle|y\rangle</math>
####Server measures the last register to get <math>y =\mathrm{AltHE.Enc}(\mu_0,r_0)=\mathrm{AltHE.Enc}_{pk}(\mu_1,r_1)\oplus_H AltHE.Enc_{pk}(s)</math>.</br> The resulting superposition state is:<math>\sum_{a,b,\mu\in\{0,1\},r}\alpha_{ab}\sqrt{D(\mu_0,r_0)}|a,b\rangle|\mu_a,r_a\rangle|\mathrm{AltHE.Enc}(\mu_0,r_0)\rangle=\sum_{a,b,\mu\in\{0,1\},r}\alpha_{ab}\sqrt{D(\mu_0,r_0)}|a,b\rangle|\mu_a,r_a\rangle|y\rangle</math>
***'''Encrypted CNOT operation:'''  
***'''Encrypted CNOT operation:'''<div style="background-color: gray; border: solid thin black;title=Functionality Description;"><math>\sum_{a,b\in\{0,1\}}\alpha_{ab}CNOT_{a,b}^s|a,b\rangle</math></br><math>=\sum_{a,b\in\{0,1\}}\alpha_{ab}|a,b\oplus a\cdot s\rangle</math></br><math>=\sum_{a,b\in\{0,1\}}\alpha_{ab}|a,b\oplus a\cdot(\mu_0\oplus\mu_1)\rangle</math></br><math>=\sum_{b\in\{0,1\}}\alpha_{0b}|0,b\oplus \mu_0\oplus\mu_0\rangle+\alpha_{1b}|1,b\oplus \mu_0\oplus\mu_1\rangle</math>,  <math>\because q\oplus q=0</math></br><math>=\sum_{b\in\{0,1\}}\alpha_{0b}|0\rangle\otimes X^{\mu_0}|b\oplus \mu_0\rangle+\alpha_{1b}|1\rangle \otimes X^{\mu_0}|b\oplus \mu_1\rangle</math>, <math>\because |q\oplus y\rangle=X^y|q\rangle</math></br><math>=\sum_{a,b\in\{0,1\}}\alpha_{ab}|a\rangle\otimes X^{\mu_0}|b\oplus \mu_a\rangle</math></br><math>=\sum_{a,b\in\{0,1\}}\alpha_{ab}(I\otimes X^{\mu_0})|a,b\oplus \mu_a\rangle</math></br> </div>
<div style="background-color: white; border: solid thin black;title=Functionality Description;">
<math>\sum_{a,b\in\{0,1\}}\alpha_{ab}CNOT_{a,b}^s|a,b\rangle</math></br><math>=\sum_{a,b\in\{0,1\}}\alpha_{ab}|a,b\oplus a\cdot s\rangle</math></br><math>=\sum_{a,b\in\{0,1\}}\alpha_{ab}|a,b\oplus a\cdot(\mu_0\oplus\mu_1)\rangle</math></br><math>=\sum_{b\in\{0,1\}}\alpha_{0b}|0,b\oplus \mu_0\oplus\mu_0\rangle+\alpha_{1b}|1,b\oplus \mu_0\oplus\mu_1\rangle</math>,  <math>\because q\oplus q=0</math></br><math>=\sum_{b\in\{0,1\}}\alpha_{0b}|0\rangle\otimes X^{\mu_0}|b\oplus \mu_0\rangle+\alpha_{1b}|1\rangle \otimes X^{\mu_0}|b\oplus \mu_1\rangle</math>, <math>\because |q\oplus y\rangle=X^y|q\rangle</math></br><math>=\sum_{a,b\in\{0,1\}}\alpha_{ab}|a\rangle\otimes X^{\mu_0}|b\oplus \mu_a\rangle</math></br><math>=\sum_{a,b\in\{0,1\}}\alpha_{ab}(I\otimes X^{\mu_0})|a,b\oplus \mu_a\rangle</math></br>  
</div>
####Server XORs the second qubit of first register with <math>\mu_a</math> to get:</br><math>\sum_{a,b\in\{0,1\}}\alpha_{ab}\sqrt{D(\mu_0,r_0)}(I\otimes X^{\mu_0})CNOT_{a,b}^s|a,b\rangle\otimes|\mu_a,r_a\rangle|y\rangle</math>
####Server XORs the second qubit of first register with <math>\mu_a</math> to get:</br><math>\sum_{a,b\in\{0,1\}}\alpha_{ab}\sqrt{D(\mu_0,r_0)}(I\otimes X^{\mu_0})CNOT_{a,b}^s|a,b\rangle\otimes|\mu_a,r_a\rangle|y\rangle</math>
####Server performs Hadamard on second register. The resulting superposition state is:</br><math>\sum_{a,b\in\{0,1\}}\alpha_{ab}\sqrt{D(\mu_0,r_0)}(I\otimes X^{\mu_0})CNOT_{ab}^s|a,b\rangle\otimes H^k|\mu_a,r_a\rangle|y\rangle</math></br><math>=\sum_{a,b\in\{0,1\}}\alpha_{ab}\sqrt{D(\mu_0,r_0)}(I\otimes X^{\mu_0})CNOT_{ab}^s|a,b\rangle\otimes\bigg(\sum_{e\in\{0,1\}^k}(-1)^{e\cdot(\mu_a,r_a) }|e\rangle\bigg)|y\rangle</math>, <math>\because H^k|q\rangle=\sum_{e\in\{0,1\}^k}(-1)^{e\cdot q}|e\rangle</math>, where q has k qubits</br>
####Server performs Hadamard on second register. The resulting superposition state is:</br><math>\sum_{a,b\in\{0,1\}}\alpha_{ab}\sqrt{D(\mu_0,r_0)}(I\otimes X^{\mu_0})CNOT_{ab}^s|a,b\rangle\otimes H^k|\mu_a,r_a\rangle|y\rangle</math></br><math>=\sum_{a,b\in\{0,1\}}\alpha_{ab}\sqrt{D(\mu_0,r_0)}(I\otimes X^{\mu_0})CNOT_{ab}^s|a,b\rangle\otimes\bigg(\sum_{e\in\{0,1\}^k}(-1)^{e\cdot(\mu_a,r_a) }|e\rangle\bigg)|y\rangle</math>, <math>\because H^k|q\rangle=\sum_{e\in\{0,1\}^k}(-1)^{e\cdot q}|e\rangle</math>, where q has k qubits</br>
####Server measures the second register to get d. The resulting superposition is:</br><math>=\sum_{a,b\in\{0,1\}}\alpha_{ab}\sqrt{D(\mu_0,r_0)}(I\otimes X^{\mu_0})CNOT_{ab}^s|a,b\rangle\otimes(-1)^{d\cdot(\mu_a,r_a)}|d\rangle|y\rangle</math></br>
####Server measures the second register to get d. The resulting superposition is:</br><math>=\sum_{a,b\in\{0,1\}}\alpha_{ab}\sqrt{D(\mu_0,r_0)}(I\otimes X^{\mu_0})CNOT_{ab}^s|a,b\rangle\otimes(-1)^{d\cdot(\mu_a,r_a)}|d\rangle|y\rangle</math></br>
<div style="background-color: white; border: solid thin black;title=Functionality Description;">
<div style="background-color: gray; border: solid thin black;title=Functionality Description;">
The first register could be equivalently written as:</br><math>(-1)^{d\cdot(\mu_0,r_0)}|0,b\rangle+(-1)^{d\cdot(\mu_1,r_1)}|1,b\rangle</math></br><math>=(-1)^{d\cdot (\mu_0,r_0)}((-1)^{d\cdot((\mu_0,r_0)\oplus(\mu_0,r_0))}|0,b\rangle+(-1)^{d\cdot((\mu_0,r_0)\oplus(\mu_1,r_1))}|1,b\rangle)</math></br><math>=(-1)^{d\cdot (\mu_0,r_0)}((-1)^{0\cdot(d\cdot((\mu_0,r_0)\oplus(\mu_1,r_1))})|0,b\rangle+(-1)^{1\cdot(d\cdot((\mu_0,r_0)\oplus(\mu_1,r_1)))}|1,b\rangle)</math></br><math>=(-1)^{d\cdot (\mu_0,r_0)}((-1)^{a\cdot(d\cdot((\mu_0,r_0)\oplus(\mu_1,r_1))})|a,b\rangle</math></br><math>=(-1)^{d\cdot (\mu_0,r_0)}(Z^{d\cdot((\mu_0,r_0)\oplus(\mu_1,r_1))}|a,b\rangle)</math>, <math>\because Z|q\rangle=(-1)^q|q\rangle</math></br>Thus, the resulting state (upto a global phase) is: </br><math>\approx(Z^{d\cdot((\mu_0,r_0)\oplus(\mu_1,r_1))}\otimes X^{\mu_0})CNOT_{12}^s\sum_{a,b\in\{0,1\}}\alpha_{ab}|a,b\rangle</math></br>
The first register could be equivalently written as:</br><math>(-1)^{d\cdot(\mu_0,r_0)}|0,b\rangle+(-1)^{d\cdot(\mu_1,r_1)}|1,b\rangle</math></br><math>=(-1)^{d\cdot (\mu_0,r_0)}((-1)^{d\cdot((\mu_0,r_0)\oplus(\mu_0,r_0))}|0,b\rangle+(-1)^{d\cdot((\mu_0,r_0)\oplus(\mu_1,r_1))}|1,b\rangle)</math></br><math>=(-1)^{d\cdot (\mu_0,r_0)}((-1)^{0\cdot(d\cdot((\mu_0,r_0)\oplus(\mu_1,r_1))})|0,b\rangle+(-1)^{1\cdot(d\cdot((\mu_0,r_0)\oplus(\mu_1,r_1)))}|1,b\rangle)</math></br><math>=(-1)^{d\cdot (\mu_0,r_0)}((-1)^{a\cdot(d\cdot((\mu_0,r_0)\oplus(\mu_1,r_1))})|a,b\rangle</math></br><math>=(-1)^{d\cdot (\mu_0,r_0)}(Z^{d\cdot((\mu_0,r_0)\oplus(\mu_1,r_1))}|a,b\rangle)</math>, <math>\because Z|q\rangle=(-1)^q|q\rangle</math></br>Thus, the resulting state (upto a global phase) is: </br><math>\approx(Z^{d\cdot((\mu_0,r_0)\oplus(\mu_1,r_1))}\otimes X^{\mu_0})CNOT_{12}^s\sum_{a,b\in\{0,1\}}\alpha_{ab}|a,b\rangle</math></br>
Final superposition at the end of encrypted CNOT operation is:</br> <math>(Z^{d\cdot ((\mu_0,r_0)\oplus (\mu_1,r_1))}\otimes X^{\mu_0})\mathrm{CNOT}_{1,2}^s|\psi_{12}\rangle</math> </br>where <math>(\mu_0,r_0)=(\mu_1,r_1)\oplus_H s</math>, as <math>\oplus_H</math> is the homomorphic XOR operation.
Final superposition at the end of encrypted CNOT operation is:</br> <math>(Z^{d\cdot ((\mu_0,r_0)\oplus (\mu_1,r_1))}\otimes X^{\mu_0})\mathrm{CNOT}_{1,2}^s|\psi_{12}\rangle</math> </br>where <math>(\mu_0,r_0)=(\mu_1,r_1)\oplus_H s</math>, as <math>\oplus_H</math> is the homomorphic XOR operation.
Write, autoreview, editor, reviewer
3,129

edits