Write, autoreview, editor, reviewer
3,129
edits
Line 25: | Line 25: | ||
** Pauli gates: Applying a logical Pauli is done by applying the same Pauli to all physical qubits. The application of Pauli gates (<math>X</math> and/or <math>Z</math>) to a state encrypted with a quantum one-time pad can be achieved without touching the actual state, by updating the keys to QOTP in the appropriate way. The logical Pauli-X is performed by (homomorphically) flipping the X-key bits of the QOTP and Pauli-Y works in the same manner for Z-key bits. Hence, this is a classical task. | ** Pauli gates: Applying a logical Pauli is done by applying the same Pauli to all physical qubits. The application of Pauli gates (<math>X</math> and/or <math>Z</math>) to a state encrypted with a quantum one-time pad can be achieved without touching the actual state, by updating the keys to QOTP in the appropriate way. The logical Pauli-X is performed by (homomorphically) flipping the X-key bits of the QOTP and Pauli-Y works in the same manner for Z-key bits. Hence, this is a classical task. | ||
** CNOT gate: The effect of applying CNOT to the encrypted qubits, without the quantum one-time padding is that logical CNOT is applied to the physical data qubits in the permutation and the remaining traps are unchanged due to its action. Hence in the quantum one-time pad, the secret key bits are homomorphically updated during evaluation while applying CNOT. | ** CNOT gate: The effect of applying CNOT to the encrypted qubits, without the quantum one-time padding is that logical CNOT is applied to the physical data qubits in the permutation and the remaining traps are unchanged due to its action. Hence in the quantum one-time pad, the secret key bits are homomorphically updated during evaluation while applying CNOT. | ||
** Phase gates: Performing this gate requires homomorphic evaluation of all the above gates: (classically controlled) Paulis, CNOTs, and measurements. Here the corresponding encrypted magic state is also used. | ** Phase gates: Performing this gate requires homomorphic evaluation of all the above gates: (classically controlled) Paulis, CNOTs, and measurements. Here the corresponding encrypted magic state is also used. | ||
** Hadamard gate: The Hadamard gate can be applied using the same method used in the Phase gate. | ** Hadamard gate: The Hadamard gate can be applied using the same method used in the Phase gate. | ||
** T gate: Applying T requires a magic state and an encrypted [[garden-hose gadget]] (because the T-gate magic state circuit applies a P-gate conditioned on a measurement outcome). The evaluation of that circuit is complicated and hence that specific error correcting gadget is used. | ** T gate: Applying T requires a magic state and an encrypted [[garden-hose gadget]] (because the T-gate magic state circuit applies a P-gate conditioned on a measurement outcome). The evaluation of that circuit is complicated and hence that specific error correcting gadget is used. | ||
Line 32: | Line 32: | ||
*'''Verified decryption''' | *'''Verified decryption''' | ||
**Here the correctness and consistency of the classical FHE transcript, the measurement outcomes, and the claimed circuit are checked. The result of this computation is a set of keys for the trap code, which are correct provided that Eval was performed honestly. In this step, decryption takes place using these keys and the output is either plaintext or reject. In terms of quantum capabilities, decryption requires executing the decoding procedure of the error-correcting code, computational-basis and Hadamard-basis measurements, and Paulis. | **Here the correctness and consistency of the classical FHE transcript, the measurement outcomes, and the claimed circuit are checked. The result of this computation is a set of keys for the trap code, which are correct provided that Eval was performed honestly. In this step, decryption takes place using these keys and the output is either plaintext or reject. In terms of quantum capabilities, decryption requires executing the decoding procedure of the error-correcting code, computational-basis and Hadamard-basis measurements, and Paulis. | ||
** This procedure consists of two parts. Several classical checks are performed at first, where MAC-verification of all classically authenticated messages takes places. It also includes checking if the gates listing in the computational log match the circuit description. The portion of the log which specifies the purely classical, FHE steps taking during classical homomorphic encryption are also checked. Next, all the unmeasured traps are checked and the remaining qubits are decoded. If the logs don't match or if any of the traps are triggered, then the entire process is rejected. | ** This procedure consists of two parts. Several classical checks are performed at first, where MAC-verification of all classically authenticated messages takes places. It also includes checking if the gates listing in the computational log match the circuit description. The portion of the log which specifies the purely classical, FHE steps taking during classical homomorphic encryption are also checked. | ||
** Next, all the unmeasured traps are checked and the remaining qubits are decoded. If the logs don't match or if any of the traps are triggered, then the entire process is rejected. | |||
==Hardware Requirements== | ==Hardware Requirements== |