Prepare-and-Send Verifiable Quantum Fully Homomorphic Encryption: Difference between revisions

**Here the correctness and consistency of the classical FHE transcript,  the measurement outcomes, and the claimed circuit are checked. The result of this computation is a set of keys for the trap code, which are correct provided that Eval was performed honestly. In this step, decryption takes place using these keys and the output is either plaintext or reject. In terms of quantum capabilities, decryption requires executing the decoding procedure of the error-correcting code, computational-basis and Hadamard-basis measurements, and Paulis.

** This procedure consists of two parts. Several classical checks are performed at first, where MAC-verification of all classically authenticated messages takes places. It also includes checking if the gates listing in the computational log match the circuit description. The portion of the log which specifies the purely classical, FHE steps taking during classical homomorphic encryption are also checked. Next, all the unmeasured traps are checked and the remaining qubits are decoded. If the logs don't match or if any of the traps are triggered, then the entire process is rejected.