Prepare-and-Send Quantum Fully Homomorphic Encryption: Difference between revisions

Line 109: Line 109:


=== Stage 2 Server’s Computation===
=== Stage 2 Server’s Computation===
'''Circuit Evaluation (QFHE.Eval())'''
*'''Input:''' public key tuple <math>(pk_i)_{i = 0}^{L}</math>, Evaluation key tuple, Encrypted Pad key (<math>\{\tilde{a}^{[0]}...\tilde{a}^{[n]}</math>, <math>\tilde{b}^{[i]}...\tilde{b}^{[n]}\}</math>), QOTP Input State (<math> X^{a^{[1]}}Z^{b^{[1]}}\otimes.....\otimes X^{a^{[n]}}Z^{b^{[n]}}\rho Z^{b^{[1]}}X^{a^{[1]}}\otimes.....\otimes X^{a^{[n]}}Z^{b^{[n]}}</math>)</br>
*Input: public key tuple ( , Evaluation key tuple, Encrypted Pad key ({[0]...[n], ˜b[i]...˜b[n]}), QOTP Input State (Xa[1]Zb[1] ..... ⊗ Xa[n]Zb[n]ρZb[1]Xa[1] ..... ⊗ Xa[n]Zb[n])
*'''Output:''' QOTP Circuit Output State (<math> X^{a'^{[1]}}Z^{b'^{[1]}}\otimes.....\otimes X^{a'^{[k]}}Z^{b'^{[k]}}\rho' Z^{b'^{[1]}}X^{a'^{[1]}}\otimes.....\otimes X^{a'^{[k]}}Z^{b'^{[k]}}</math>), Corresponding Encrypted Pad key (<math>\tilde{a'},\tilde{b'}</math>)=(HE.Eval<math>_{evk_L}^\text{C}(\tilde{a}</math>),HE.Eval<math>_{evk_L}^\text{C}(\tilde{b}</math>))</br></br>
*Output: QOTP Circuit Output State (Xa0[1]Zb0[1].....⊗Xa0[k]Zb0[k]ρ0Zb0[1]Xa0[1].....⊗Xa0[k]Zb0[k]), Corresponding Encrypted Pad key (a˜0,b˜0)=(HE.EvalCevkL(),HE.EvalCevkL(˜b))
Let the Circuit be denoted by C and the gates be <math>c_i</math>
Let the Circuit be denoted by C and the gates be ci
# For all i, <math>c_i</math> gate is applied on qubit m and the <math>m_{th}</math> bits of pad key <math>(\tilde {a}^{[m]},\tilde{b}^{[m]})</math> are updated to <math>(\tilde {a}'^{[m]},\tilde{b}'^{[m]})</math> as follows.  
# For all i, ci gate is applied on qubit m and the mth bits of pad key (˜a[m],˜b[m]) are updated to
# If <math>c_i=\{P,H,CNOT\}</math>, a Clifford gate then: <math>c_iX^{a^{[m]}}Z^{b^{[m]}}\psi=X^{a'^{[m]}}Z^{b'^{[m]}}c_i\psi</math>)
(a˜0[m],˜b0[m]) as follows.
## if <math>c_i=</math>H then //Hadamard Gate: <math>(\tilde {a}^{[m]},\tilde{b}^{[m]})\rightarrow (\tilde{b}^{[m]},\tilde{a}^{[m]})</math> (Hadamard tranforms X gate into Z and Z into X)
## If ci = {P,H,CNOT}, a Clifford gate then (ciXa[m]Zb[m]ψ = Xa0[m]Zb0[m]ciψ)
\item if $c_i=$P then //Pauli Gate
### if ci =H then{missing math} (Hadamard tranforms X gate into Z and Z into X)
\item[] $(\tilde {a}^{[m]},\tilde{b}^{[m]})\rightarrow (\tilde{a}^{[m]},\tilde{a}^{[m]}\oplus\tilde{b}^{[m]})$
### if ci =P then<br/>{missing math}  
\item if $c_i=$CNOT with m as target bit and n as control bit then (CNOT)
###if ci =CNOT with m as target bit and n as control bit then (CNOT)<br/>([m],˜b[m];˜a[n],˜b[n]) ([m],˜b[m] ⊕˜b[n];˜a[m] ⊕a˜[n],˜b[n])
\item[] $(\tilde {a}^{[m]},\tilde{b}^{[m]};\tilde {a}^{[n]},\tilde{b}^{[n]})\rightarrow (\tilde {a}^{[m]},\tilde{b}^{[m]}\oplus \tilde {b}^{[n]};\tilde{a}^{[m]}\oplus \tilde {a}^{[n]},\tilde{b}^{[n]})$
## If ci = Tj gate then (TjXa[m]Zb[m]ψ = Pa[m]Xa[m]Zb[m]Tjψ)
\end{enumerate}
### Generate Measurement<br/>M← QFHE.GenMeasurement(˜a[m],Γpkj+1(skj),evkj)<br/>
\item If $c_i=T_j$ gate then //T Gate
### Gadget Correction<br/>(Xa0[m]Zb0[m]Tj)ψ ← QFHE.Measurement(M, Pa[m]Xa[m]Zb[m]Tjψ);<br/> Server gets measurement outcome x’,z’
\item[] ($T_jX^{a^{[m]}}Z^{b^{[m]}}\psi=P^{a^{[m]}}X^{a^{[m]}}Z^{b^{[m]}}T_j\psi$)
### Recryption Server recrypts one-pad key using pkk+1<br/>QFHE.Recpkk+1([m],˜b[m]).<br/>
\begin{enumerate}
##Server updates the recrypted key using x,z and x’,z’.
\item \textbf{Generate Measurement}
## Server sends the updated encryption and QOTP output state to Client.
\item[] M$\leftarrow$ QFHE.GenMeasurement($\tilde {a}^{[m]},\Gamma_{pk_{j+1}}(sk_j),evk_j)$
\item \textbf{Gadget Correction}
\item[] $(X^{a'^{[m]}}Z^{b'^{[m]}}T_j)\psi\leftarrow$ QFHE.Measurement(M, $P^{a^{[m]}}X^{a^{[m]}}Z^{b^{[m]}}T_j\psi)$;
\item[] Server gets measurement outcome x',z'
\item\textbf {Recryption} Server recrypts one-pad key using pk$_{k+1}$
\item[] ($\tilde {a''}^{[m]},\tilde{b''}^{[m]})\leftarrow$ QFHE.Rec$_{pk_{k+1}}(\tilde {a}^{[m]},\tilde{b}^{[m]})$.
\item Server updates the recrypted key using x,z and x',z'.  
\item[]($\tilde {a'}^{[m]},\tilde{b'}^{[m]})\leftarrow (\tilde {a''}^{[m]},\tilde{b''}^{[m]}$)
\end{enumerate}
\item Server sends the updated encryption and QOTP output state to Client.
 
===Stage 3 Client’s Correction===
===Stage 3 Client’s Correction===
'''Decryption (QFHE.Dec())
'''Decryption (QFHE.Dec())
Write, autoreview, editor, reviewer
3,129

edits