Pseudo-Secret Random Qubit Generator (PSQRG): Difference between revisions

No edit summary
Line 41: Line 41:
#Client: instructs the Server to measure all the qubits (except the last one) of the first register in the  basis. Server obtains the outcomes b = (b1,··· ,bn−1) and returns the result b to the Client
#Client: instructs the Server to measure all the qubits (except the last one) of the first register in the  basis. Server obtains the outcomes b = (b1,··· ,bn−1) and returns the result b to the Client
#Client: using the trapdoor tk computes x,x0. Then check if the nth bit of x and x0 (corresponding to the y received in stage 1) are the same or different. If they are the same, returns abort, otherwise, obtains the classical description of the Server’s state.
#Client: using the trapdoor tk computes x,x0. Then check if the nth bit of x and x0 (corresponding to the y received in stage 1) are the same or different. If they are the same, returns abort, otherwise, obtains the classical description of the Server’s state.
== Properties ==
*<math>f_k</math>, the function with required properties as given below in point 4.
*n, number of qubits in the control register.
*This protocol assumes an honest Client and proves security only for an adversarial Server.
*This protocol takes the assumption of a Quantum Honest But Curious (QHBC) adversary setting i.e. the protocol is secure against an honest Server who just wants to know Client’s hidden data but not modify it without Client’s consent.
*The function used for the protocol is required to satisfy the following properties: one-way, trapdoor, two-regular, collision resistance, quantum-safe (See Definitions).
*This protocol is secure under learning with errors assumption i.e. it relies on assumption over a quantum Server to be unable solve a computationally hard problem.
*The protocol assumes that all quantum operators are described by polynomially-sized circuits.
*The randomness of the output qubit is due to the (fundamental) randomness of quantum measurements that are part of the instructions that the Client gives.
*The Server cannot guess the state any better than if he had just received that state directly from the Client (up to negligible probability).
*''Correctness'' If both the Client and the Server follow the protocol, the protocol aborts when {missing equation}, while otherwise the Server ends up with the output (single) qubit being in the state  ), where <math>\theta</math> is given by [[equation|equation]] (see Pseudo Code).
* The single qubit state generated by the protocol remains private against a QHBC Server.


==Definitions (informal)==
==Definitions (informal)==
Write, autoreview, editor, reviewer
3,129

edits