Classical Fully Homomorphic Encryption for Quantum Circuits: Difference between revisions

Line 21: Line 21:
* '''Decryption''' Server repeats the same procedure for each layer and at the end of last layer, sends the updated recryption of pad key and classical measurement output of the first register (containing the corrected quantum state encrypted by pad key) to Client. Client converts the pad key to another secret text using AltHE. The sent pad key is recrypted with public key of the last (<math>L_{th}</math>) evaluation key used. This is the <math>(L + 1)_{th}</math> public key. Hence, Client uses <math>(L + 1)_{th}</math> secret key (which was not included in the evaluation keys) to decrypt the updated encryption of pad key sent by the Server. She (Client) uses the resulting pad key to undo the one time pad on the sent output.
* '''Decryption''' Server repeats the same procedure for each layer and at the end of last layer, sends the updated recryption of pad key and classical measurement output of the first register (containing the corrected quantum state encrypted by pad key) to Client. Client converts the pad key to another secret text using AltHE. The sent pad key is recrypted with public key of the last (<math>L_{th}</math>) evaluation key used. This is the <math>(L + 1)_{th}</math> public key. Hence, Client uses <math>(L + 1)_{th}</math> secret key (which was not included in the evaluation keys) to decrypt the updated encryption of pad key sent by the Server. She (Client) uses the resulting pad key to undo the one time pad on the sent output.


== Properties ==
*''Quantum Capable'' A classical HE is quantum capable i.e. can perform quantum computation efficiently if there exists AltHE which can execute natural XOR operations.
*''Indistinguishability under Chosen Plaintext Attacks by adversary(IND-CPA)'' The presented classical FHE scheme is CPA secure i.e. it is not possible for any polynomial time adversary to distinguish between the encrypted classical message bits 0 and 1, by learning with errors.
*''Compactness'' This protocol is compact i.e. decryption does not depend on the complexity of the quantum circuit.
*''Correctness'' Correctness is implied from the correctness of encrypted CNOT operation.
*''Circuit Privacy'' This protocol is not circuit private as both Client and Server know the quantum circuit used for performing the computation.
*''Full Homomorphism'' This protocol is fully homomorphic i.e. Server can operate any quantum circuit using this protocol.
*''Circular Security'' This protocol has a stronger notion of circular security where not only the secret key but also the trapdoor functions are encrypted when provided to the Server.
== Notation ==
== Notation ==
* <math>k</math>: security parameter
* <math>k</math>: security parameter
Write, autoreview, editor, reviewer
3,129

edits