Prepare-and-Send Quantum Fully Homomorphic Encryption: Difference between revisions

Line 43: Line 43:


==Properties ==
==Properties ==
 
* ''Indistinguishability under Chosen Plaintext Attacks by an adversary with quantum computational powers(q-IND-CPA).'' If FHE is q-IND-CPA secure then this protocol is q-IND-CPA secure. It means that an adversary cannot distinguish between ciphertext from a message and a ciphertext from an arbitrary quantum state such as <math>|0\rangle \langle 0|</math>
===Security Claim/ Theorems===
* ''Indistinguishability under Chosen Plaintext Attacks by an adversary with quantum computational powers(q-IND-CPA).'' If FHE is q-IND-CPA secure then this protocol is q-IND-CPA secure. It means that an adversary cannot distinguish between ciphertext from a message and a ciphertext from an arbitrary quantum state such as |0ih0|
* ''Correctness.'' This protocol is perfectly correct such that,<br/>
* ''Correctness.'' This protocol is perfectly correct such that,<br/>
Pr[QFHE.Decsk(QFHE.EvalevkC (HE.Encpk(x))) 6= C(x)] ≤ η(k)<br/>
<math>Pr[QFHE.Dec_{s_k}(QFHE.Eval^C_{evk}(HE.Enc_{p_k}(x)))\neq C(x)] \le \eta(k)</math><br/>
, where ηk is a negligible function. This means that if the protocol is followed it results in the same output as when the circuit is operated on the input states directly with overwhelming probability.
, where <math>\eta_k</math> is a negligible function.Note that, negligible function $\eta(n)$ is a function such that for every positive integer d, <math>\eta(n) < 1/n^d</math>, for big enough n. This means that if the protocol is followed it results in the same output as when the circuit is operated on the input states directly with overwhelming probability.
* ''Compactness.'' If HE is compact then this protocol is compact. The complexity of applying QFHE.Dec on the results of QFHE.Eval is at most p(k), where p(k) is a polynomial dependent only on the security parameter k. This implies that decryption is independent of the size of the quantum circuit for evaluation.
* ''Compactness.'' If HE is compact then this protocol is compact. The complexity of applying QFHE.Dec on the results of QFHE.Eval is at most p(k), where p(k) is a polynomial dependent only on the security parameter k. This implies that decryption is independent of the size of the quantum circuit for evaluation.
* ''Circuit Privacy.'' This protocol is not circuit private as it does not guarantee that the client cannot gain information about the circuit evaluated i.e. the circuit is not private to one party and unknown to another. It can make the circuit private to the evaluator (Server) and hidden from the Client apart from the necessary leakage the output states gives if one uses circuit private HE for the protocol.  
* ''Circuit Privacy.'' This protocol is not circuit private as it does not guarantee that the client cannot gain information about the circuit evaluated i.e. the circuit is not private to one party and unknown to another. It can make the circuit private to the evaluator (Server) and hidden from the Client apart from the necessary leakage the output states gives if one uses circuit private HE for the protocol.  
Write, autoreview, editor, reviewer
3,129

edits