Prepare-and-Send Verifiable Quantum Fully Homomorphic Encryption: Difference between revisions

no edit summary
No edit summary
No edit summary
Line 26: Line 26:
**Here the correctness and consistency of the classical FHE transcript,  the measurement outcomes, and the claimed circuit are checked. The result of this computation is a set of keys for the trap code, which are correct provided that Eval was performed honestly. In this step, decryption takes place using these keys and the output is either plaintext or reject. In terms of quantum capabilities, decryption requires executing the decoding procedure of the error-correcting code, computational-basis and Hadamard-basis measurements, and Paulis.
**Here the correctness and consistency of the classical FHE transcript,  the measurement outcomes, and the claimed circuit are checked. The result of this computation is a set of keys for the trap code, which are correct provided that Eval was performed honestly. In this step, decryption takes place using these keys and the output is either plaintext or reject. In terms of quantum capabilities, decryption requires executing the decoding procedure of the error-correcting code, computational-basis and Hadamard-basis measurements, and Paulis.
** This procedure consists of two parts. Several classical checks are performed at first, where MAC-verification of all classically authenticated messages takes places. It also includes checking if the gates listing in the computational log match the circuit description. The portion of the log which specifies the purely classical, FHE steps taking during classical homomorphic encryption are also checked. Next, all the unmeasured traps are checked and the remaining qubits are decoded. If the logs don't match or if any of the traps are triggered, then the entire process is rejected.
** This procedure consists of two parts. Several classical checks are performed at first, where MAC-verification of all classically authenticated messages takes places. It also includes checking if the gates listing in the computational log match the circuit description. The portion of the log which specifies the purely classical, FHE steps taking during classical homomorphic encryption are also checked. Next, all the unmeasured traps are checked and the remaining qubits are decoded. If the logs don't match or if any of the traps are triggered, then the entire process is rejected.
==Properties==
* Compactness: This protocol is compact if verified decryption is divisible into a classical verification procedure Verification (outputting only an accept/reject flag), followed by a quantum decryption procedure Decryption. The running time of Verification is allowed to depend on the circuit size, but the running time of Decryption is not when it is compact.
* Semantic Security: A QPT adversary with access to the ciphertext can be simulated by a simulator that only has access to an ideal functionality that simply applies the claimed circuit. (Explain when this protocol is semantically secure)
* Indistinguishability: For a defined security game, if the success probability for an QPT adversary is at-most <math>\frac{1}{2} + negl(\kappa)</math>, then this protocol is indistinguishable. The security game is based on the QPT adversary determining the outcome of a hidden coin flip.
* Fully Homomorphic: This protocol is fully homomorphic i.e. Server can operate any quantum circuit using this protocol.
* Privacy: this scheme is private if its ciphertexts are indistinguishable under chosen plaintext attack.
* Computational logs are generally classical in nature.


==Notation==
==Notation==
Line 92: Line 100:


</br>
</br>
'''Function 6''': TrapTP.EvalCondX($\tilde{b}, \tilde{\sigma}, \tilde{x}, \tilde{z}, \tilde{\pi}, pk, evk$)
'''Function 6''': TrapTP.EvalCondX(<math>\tilde{b}, \tilde{\sigma}, \tilde{x}, \tilde{z}, \tilde{\pi}, pk, evk</math>)


* <math>(\tilde{x}, log_1) \xleftarrow[]{}</math> HE.Eval<math>_{evk}^{unpermute}(\tilde{\pi}, \tilde{x})</math>
* <math>(\tilde{x}, log_1) \xleftarrow[]{}</math> HE.Eval<math>_{evk}^{unpermute}(\tilde{\pi}, \tilde{x})</math>
Write, autoreview, editor, reviewer
3,129

edits