Quantum Protocol Zoo

Prepare-and-Send Quantum Fully Homomorphic Encryption: Difference between revisions

Page Discussion

Prepare-and-Send Quantum Fully Homomorphic Encryption (edit)

Revision as of 08:58, 11 July 2019

112 bytes added ,  11 July 2019
→‎Outline
Line 14: Line 14:
*'''Key Generation'''  
*'''Key Generation'''  
This step generates homomorphic key sets consisting of the classical public key for encryption, a classical private key for decryption and a quantum evaluation key for operation on the encrypted input state. If the circuit involves L T gates, Client needs L+1 such key sets for L gadgets and one input state. The Client uses the classical HE Key Generation (HE.KeyGen) to get classical key sets. She stores all the public keys and secret keys in two separate sets (tuples). Quantum evaluation keys consist of the classical evaluation keys and L gadgets. Once constructed, the gadget is also encrypted using all public keys except the first one by the Client. As construction of gadgets takes secret keys (first L) as inputs, the public key used for its encryption should not belong to the same homomorphic key set used to construct the gadget. A classical description of the gadget, useful for evaluation is also encrypted and included in the gadget. Construction and encryption of gadgets is described in the last step.<br/>
This step generates homomorphic key sets consisting of the classical public key for encryption, a classical private key for decryption and a quantum evaluation key for operation on the encrypted input state. If the circuit involves L T gates, Client needs L+1 such key sets for L gadgets and one input state. The Client uses the classical HE Key Generation (HE.KeyGen) to get classical key sets. She stores all the public keys and secret keys in two separate sets (tuples). Quantum evaluation keys consist of the classical evaluation keys and L gadgets. Once constructed, the gadget is also encrypted using all public keys except the first one by the Client. As construction of gadgets takes secret keys (first L) as inputs, the public key used for its encryption should not belong to the same homomorphic key set used to construct the gadget. A classical description of the gadget, useful for evaluation is also encrypted and included in the gadget. Construction and encryption of gadgets is described in the last step.<br/>
**'''Gadget Construction''' This step involves the construction of gadgets to correct any additional phase gate error on the input due to T gates in the circuit. If there are L T gates in the Circuit, one needs L Gadgets constructed using L private keys and then encrypted using L public keys. The public key used for encryption should not belong to the same homomorphic key set of the private key used for construction. A gadget consists of 2m [[Glossary#EPR pairs|EPR pairs]] (maximally entangled qubits). The client starts with 4m such pairs. Performs pairwise Bell measurement on one-half of the EPR pairs. Pairs for Bell measurement are chosen according to the private decryption key used for the particular gadget. This leaves the other half of the EPR pairs entangled in the same pairs as chosen by Client to perform bell measurement. E.g. if (a,b) and (c,d) denote two EPR pairs and one performs bell measurement on a and c, then b and d become maximally entangled with some extra Pauli X, Z corrections due to measurement (refer to a one-pad key in supplementary draft). These corrections are determined by Client’s measurement outcomes. The resulting gadget thus has 2m EPR pairs, some of which have an inverse phase gate. Classical information of a gadget includes private key used, Client’s measurement outcomes and locations of inverse phase gates. This data is encrypted with the public key. Hence, L such gadgets consisting of encrypted classical information and 2m EPR pairs quantum one-time padded by the Pauli X, Z gates, are sent to the server.<br/>
**'''Gadget Construction''' This step involves the construction of gadgets to correct any additional phase gate error on the input due to T gates in the circuit. If there are L T gates in the Circuit, one needs L Gadgets constructed using L private keys and then encrypted using L public keys. The public key used for encryption should not belong to the same homomorphic key set of the private key used for construction. A gadget consists of 2m [[Glossary#EPR pairs|EPR pairs]] (maximally entangled qubits). The client starts with 4m such pairs. Performs pairwise [[Glosssary#Bell State Measurement|Bell measurement]] on one-half of the EPR pairs. Pairs for Bell measurement are chosen according to the private decryption key used for the particular gadget. This leaves the other half of the EPR pairs entangled in the same pairs as chosen by Client to perform bell measurement. E.g. if (a,b) and (c,d) denote two EPR pairs and one performs bell measurement on a and c, then b and d become maximally entangled with some extra [[Glossary#Unitary Operations|Pauli X, Z]] corrections due to measurement. These corrections are determined by Client’s measurement outcomes according to [[one pad key]]. The resulting gadget thus has 2m EPR pairs, some of which have an inverse phase gate. Classical information of a gadget includes private key used, Client’s measurement outcomes and locations of inverse phase gates. This data is encrypted with the public key. Hence, L such gadgets consisting of encrypted classical information and 2m EPR pairs quantum one-time padded by the Pauli X, Z gates, are sent to the server.<br/>
Finally, Client stores all the gadgets with the classical evaluation key of the corresponding secret key (generated from HE.KeyGen) used to construct the gadget, as the set of quantum evaluation keys. Note that, the gadgets are quantum states and classical evaluation keys are random numbers, the resulting quantum evaluation key is what we call a classical-quantum (CQ) state.
Finally, Client stores all the gadgets with the classical evaluation key of the corresponding secret key (generated from HE.KeyGen) used to construct the gadget, as the set of quantum evaluation keys. Note that, the gadgets are quantum states and classical evaluation keys are random numbers, the resulting quantum evaluation key is what we call a classical-quantum (CQ) state.
*'''Encryption''' This step is used to encrypt the quantum input into a quantum ciphertext using the first public key which has not been used for gadget construction. Every input qubit state is quantum one time padded by the Client, using two classical random bits, one of which decided the operation of Pauli-X and the other operation of Pauli-Z gate on the qubit state. She also encrypts the classical random bits (called pad key) with the same public key using classical HE (HE.Enc) and hence stores it with the corresponding encrypted qubit state as a classical-quantum state. She then sends this CQ state, encrypted pad key, public key tuple, and evaluation key tuple to Server.
*'''Encryption''' This step is used to encrypt the quantum input into a quantum cipher-text (secret text) using the first public key which has not been used for gadget construction. Every input qubit state is [[quantum one time padded]] by the Client, using two classical random bits, one of which decided the operation of Pauli-X and the other operation of Pauli-Z gate on the qubit state. She also encrypts the classical random bits (called pad key) with the same public key using classical HE (HE.Enc) and hence stores it with the corresponding encrypted qubit state as a classical-quantum state. She then sends this CQ state, encrypted pad key, public key tuple, and evaluation key tuple to Server.
*'''Circuit Evaluation''' This step operates the circuit on the encrypted input state and updates the encrypted classical information using the evaluation key. As stated earlier, any circuit can be implemented using a set of Universal Gates. This set consists of Clifford Gates and T gates.
*'''Circuit Evaluation''' This step operates the circuit on the encrypted input state and updates the encrypted classical information using the evaluation key. As stated earlier, any circuit can be implemented using a set of Universal Gates. This set consists of Clifford Gates and T gates.
The Clifford group gates may affect a single qubit or multiple qubits but they follow a simple set of rules for updation of the encrypted classical information (pad key), given in the pseudocode. The server operates the circuit and with each gate in the circuit, it updates the encrypted classical description.<br/>
The Clifford group gates may affect a single qubit or multiple qubits but they follow a simple set of rules for updation of the encrypted classical information (pad key), given in the pseudocode. The server operates the circuit and with each gate in the circuit, it updates the encrypted classical description.<br/>
Line 24: Line 24:
*'''Gadget Correction (QFHE.Measurement())''' Server performs the required measurements. The last unmeasured qubit is corrected input qubit. The qubit is one time padded with pad key determined by Client’s measurement outcomes, encrypted with the public key used for the gadget and Server’s measurement outcomes. Hence, it is still hidden from the Server.<br/>
*'''Gadget Correction (QFHE.Measurement())''' Server performs the required measurements. The last unmeasured qubit is corrected input qubit. The qubit is one time padded with pad key determined by Client’s measurement outcomes, encrypted with the public key used for the gadget and Server’s measurement outcomes. Hence, it is still hidden from the Server.<br/>
*'''Recryption (QFHE.Rec())''' Server recrypts pad key of the qubit with the same public key that encrypts the corrected output state i.e. the one used for the corresponding gadget. Then, he updates the encrypted pad key according to the T Gate (similar to what is done for the Clifford Gate), Client’s encrypted measurement outcomes and Server’s (his) measurement outcomes.
*'''Recryption (QFHE.Rec())''' Server recrypts pad key of the qubit with the same public key that encrypts the corrected output state i.e. the one used for the corresponding gadget. Then, he updates the encrypted pad key according to the T Gate (similar to what is done for the Clifford Gate), Client’s encrypted measurement outcomes and Server’s (his) measurement outcomes.
The server performs all the Clifford and T gates in the circuit following the respective procedure given above. Finally, he is left with the one time padded quantum output of the computation together with the required classical pad key encrypted with the public key of the gadget used for the last T gate, Lth public key. The server sends both the quantum state and classical encryptions to the Client.
The server performs all the Clifford and T gates in the circuit following the respective procedure given above. Finally, he is left with the one time padded quantum output of the computation together with the required classical pad key encrypted with the public key of the gadget used for the last T gate, the last public key in the set. The server sends both the quantum state and classical encryptions to the Client.
'''Decryption''' The Client uses skL, which was not used to create any gadget (Gadgets used 0-(L-1) secret keys only) and decrypts sent encryptions to obtain the pad key. The pad key thus obtained determines the Pauli operations on the sent quantum state to obtain the final and correct outcome of the computation. The client performs the required operations on individual qubits of the quantum state and gets the output of his computation.
'''Decryption''' The Client uses the last secret key in the set, which was not used to create any gadget (Gadgets used 0-(L-1) secret keys only) and decrypts sent encryptions to obtain the pad key. The pad key thus obtained determines the Pauli operations on the sent quantum state to obtain the final and correct outcome of the computation. The client performs the required operations on individual qubits of the quantum state and gets the output of his computation.


== Notation ==
== Notation ==
Shraddha
Write, autoreview, editor, reviewer
3,125

edits

Retrieved from "https://wiki.veriqloud.fr/index.php?title=Special:MobileDiff/3606"