Quantum Fingerprinting

This example protocol allows two quantum clients to distinguish between their quantum inputs while maintaining the privacy of their own input just by comparing the fingerprints of their inputs. The protocol does not permit the two parties to interact directly with each other, hence they send the fingerprints of their respective inputs to a trusted third party (quantum server). This server performs a test to distinguish between two unknown quantum fingerprints with a high probability. The quantum fingerprints are exponentially shorter than the original inputs.

Tags: Fingerprinting

Assumptions

• The two quantum clients have no shared key in this protocol.
• The server is trusted.
• The fingerprints can consist of quantum information.

Outline

Here, two quantum clients want to check if their quantum inputs are distinct while also keeping their inputs secret. They prepare quantum fingerprints of their individual inputs and send these states to the server. Next stage involves the server performing a SWAP test on the fingerprints to check their equality. The server repeats this test several times on the received fingerprints to reduce the error probability.

• Client's preparation:
• The client prepares the fingerprint of initial input which is sized ${\displaystyle n}$-bits. This fingerprint has a length of ${\displaystyle O(\log {}n)}$ bits.
• This fingerprint is prepared using particular error correcting codes, which converts the ${\displaystyle n}$-bit input to ${\displaystyle m}$-bits, where ${\displaystyle m}$ is greater than ${\displaystyle n}$, and the two outputs of any two distinct inputs can be equal at atmost ${\displaystyle \delta m}$ positions, where ${\displaystyle \delta <0}$. The fingerprint has the length of ${\displaystyle log{}m+1}$ bits.
• Here for error correcting code, Justesen codes are used.
• The client now sends this fingerprint to the server through a quantum channel. Both the clients do this process simultaneously.
• Server's test: The server receives the two fingerprints from both the clients and performs the quantum SWAP Test on these states to check if the states are distinguishable. The server independently repeats this SWAP test on fingerprints several times to reduce the error probability in detecting if the two states are different.

Hardware Requirements

• Authenticated Quantum channel capable of sending a pair of qubits.
• Measurement devices for the server.
• A one-time quantum channel from both clients to the server.

Notation

• ${\displaystyle x}$, ${\displaystyle y}$: inputs of both the clients
• ${\displaystyle n}$: length of inputs
• ${\displaystyle m}$: Length of output of error correcting codes, using x and y as input.
• ${\displaystyle E(x)}$: Error correcting code associated with input ${\displaystyle {x\in \{0,1\}^{n}}}$, where ${\displaystyle E:\{0,1\}^{n}{\xrightarrow {}}{}\{0,1\}^{m}}$.
• ${\displaystyle |h_{x}\rangle }$: ${\displaystyle (log{}m+1)}$ qubit state quantum fingerprint for ${\displaystyle x}$.

${\displaystyle |h_{x}\rangle ={\frac {1}{\sqrt {m}}}\sum _{i=1}^{m}|i\rangle |E_{i}(x)\rangle }$

• ${\displaystyle c}$: Parameter for error correcting code. ${\displaystyle m=cn,c>1}$
• ${\displaystyle \delta }$: Parameter for error correcting code. ${\displaystyle \delta <1}$.
• ${\displaystyle \epsilon }$: Error probability
• ${\displaystyle k}$: Number of times a fingerprint is repeated, ${\displaystyle k\in O(log{}{\frac {1}{\epsilon }})}$

Properties

• The computational complexity of this protocol is ${\displaystyle {\mathcal {O}}(\log {}n)}$.
• Given an ${\displaystyle n}$-bit input, the protocol requires a quantum fingerprint of minimum ${\displaystyle \log {}n}$ bits which contains quantum information.
• The Hamming distance i.e. the number of positions between two strings of same length, at which the corresponding symbols are different, of ${\displaystyle {E(x)}}$ and ${\displaystyle {E(y)}}$ is at least ${\displaystyle {(1+\delta )m}}$.
• For Justesen codes, ${\displaystyle \delta <9/10+1/(15c)}$ for any chosen ${\displaystyle c>2}$
• Any two fingerprints, ${\displaystyle |h_{x}\rangle }$ and ${\displaystyle |h_{y}\rangle }$ have an inner product of at most ${\displaystyle {\delta }}$.
• The one sided error probability of the SWAP test is ${\displaystyle ({\frac {1+\delta }{2}})}$.

Protocol Description

Stage 1: Client's preparation
Input: ${\displaystyle {x\in \{0,1\}^{n}},{y\in \{0,1\}^{n}}}$ for first client and second client respectively.
Output: ${\displaystyle |h_{x}\rangle }$, ${\displaystyle |h_{y}\rangle }$ sent to server

• First client prepares ${\displaystyle |h_{x}\rangle }$ from ${\displaystyle x}$, ${\displaystyle |h_{x}\rangle ={\frac {1}{\sqrt {m}}}\sum _{i=1}^{m}|i\rangle |E_{i}(x)\rangle }$
• Second client prepares ${\displaystyle |h_{y}\rangle }$ from ${\displaystyle y}$, ${\displaystyle |h_{y}\rangle ={\frac {1}{\sqrt {m}}}\sum _{i=1}^{m}|i\rangle |E_{i}(y)\rangle }$
• Both clients send ${\displaystyle |h_{x}\rangle }$, ${\displaystyle |h_{y}\rangle }$ to server

Stage 2: Server's test Input: ${\displaystyle |h_{x}\rangle }$, ${\displaystyle |h_{y}\rangle }$
Output: SWAP test result

• Server prepares an ancilla qubit ${\displaystyle |0\rangle }$ for SWAP test and starts with state ${\displaystyle |0\rangle |h_{x}\rangle |h_{y}\rangle }$
• Server applies gate ${\displaystyle G={(H\otimes I)(c-SWAP)(H\otimes I)}}$, resulting in final state ${\displaystyle {\frac {1}{2}}|0\rangle (|h_{x}\rangle |h_{y}\rangle +|h_{y}\rangle |h_{x}\rangle )+{\frac {1}{2}}|1\rangle (|h_{x}\rangle |h_{y}\rangle -|h_{y}\rangle |h_{x}\rangle )}$
• The server measures the first qubit and transmits the result to both the clients.

Further Information

• To reduce the error probability to any ${\displaystyle \epsilon }$, the fingerprint of ${\displaystyle x}$ should be set to ${\displaystyle |h_{x}\rangle ^{\otimes k}}$, for a suitable ${\displaystyle k\in O(log{}{\frac {1}{\epsilon }})}$

Related Papers

*contributed by Rhea Parekh