Secure Client- Server Delegated Computation: Difference between revisions

From Quantum Protocol Zoo
Jump to navigation Jump to search
No edit summary
No edit summary
 
(48 intermediate revisions by 4 users not shown)
Line 1: Line 1:


== Functionality Description==
== Functionality Description==
Delegated Computation is the task of assigning computation on hidden data to a powerful untrusted party (a device) by a weak (in terms of computational powers) party while maintaining privacy of hidden data from the powerful party. Protocols under this functionality are commonly called Client (weak party)-Server (powerful party) protocols. Delegated Quantum Computation (DQC) protocols involve partially/fully classical Client delegating a quantum computation to fully powerful single/multiple quantum Server/Servers. All DQC protocols involve three main stages, Preparation Stage, Computation Stage and Output Correction Stage. The roles of Client and Server in the different stages may differ according to the type of communication used. It can be performed via classical and quantum communication. If it is carried out only during Preparation and Correction stage, it is called offline communication else if the communication is carried out during the computation stage, it is online communication. If the outcome can be verified by the Client it is a verifiable delegated quantum computation protocol. Hence, based on the above requirements, DQC protocols can be classified as follows.
===Classical Online Communication-Quantum Offline Communication===
It involves a partially quantum Client who can prepare and send quantum states use quantum offline communication to send input to the Server, in the preparation Stage and to receive outputs from the Server, during output correction. Client and Server then use classical online communication to exchange classical messages during computation phase. Universal Blind Quantum Computation (UBQC) falls under this category, where Client hides his input, output and computation from the Server using [[Supplementary Information#Measurement Based Quantum Computation|'''MBQC''']].  If the task performed by Server can be verified by the Client, it is Verifiable Universal Blind Quantum Computation (VUBQC). Classes of protocols under this category are:
*[[Prepare and Send-Universal Blind Quantum Computation|'''Prepare and Send UBQC''']]
*[[Prepare and Send Verifiable Universal Blind Quantum Computation|'''Prepare and Send VUBQC''']].


===Classical Online Communication-Quantum Online Communication===
Delegated Computation is the task of assigning computation on hidden data to a powerful untrusted party (a device) by a weak (in terms of computational powers) party while maintaining privacy of hidden data from the powerful party. Protocols under this functionality are commonly called Client-Server protocols. Delegated Quantum Computation (DQC) protocols involve partially or fully classical Client delegating a quantum computation to fully powerful single/multiple quantum Server/Servers. All DQC protocols involve three main stages, Preparation Stage, Computation Stage and Output Correction Stage. The roles of Client and Server in the different stages may differ according to the type of communication used see Protocols list.</br></br>
It involves a partially quantum Client who can measure quantum states use quantum and classical communication throughout the protocol. Client performs the hidden [[Supplementary Information|MBQC]] on states prepared by Server using her measurement device in the computation Stage. She then corrects her classical outcomes in Correction Stage. Classes of protocols under this category are:
'''Tags:''' [[:Category:Two Party Protocols|Two Party]],[[Category:Two Party Protocols]] [[:Category:Universal Task|Universal Tasks]], [[Category:Universal Task]] [[Secure Verifiable Client-Server Delegated Quantum Computation]], [[Secure Multi-Party Delegated Computation]], [[Secure Delegated Classical Computation]], [[:Category: Quantum Functionality|Quantum Functionality]][[Category:Quantum Functioanlity]]
*[[Measurement Only-Universal Blind Quantum Computation|'''Measurement Only UBQC''']]  
*[[Measurement Only Verifiable Universal Blind Quantum Computation|'''Measurement Only VUBQC''']]


===Classical Online Communication-No Quantum Communication===
==Use-case==
It involves a fully classical Client with no quantum power exchanging classical messages with the server throughout. This can be done using protocols for generating secret random qubits, under the functionality, Secret Random Qubit Generator (SQRG). One could append SQRG with UBQC to eliminate quantum communication. A verification protocol using SQRG is still an open question. Class of protocols for SQRG:
* Quantum Task
*[[Pseudo-Secret Random Qubit Generator|'''Pseudo-Secret Random Qubit Generator (PSRQG)''']].
* No classical analogue
* [[Quantum machine learning]]


===Classical Offline Communication-Quantum Offline Communication===  
== Protocols ==
It involves a partially classical Client who can generate entanglement, use both classical and quantum communication with the Server during the preparation stage and output correction. There is no communication between the two parties during computation stage. Quantum Fully Homomorphic Encryption (QFHE) falls under this category, where Client hides her input states with the help of classical [[Supplementary Information#Homomorphic Encryption|'''Homomorphic Encryption''']]. In addition to this she also prepares some quantum gadgets (using [[Supplementary Information#entanglement|entanglement]]) which she sends with the encrypted state to Server, in the prepapration stage. Server uses the quantum gadgets for computation on the encrypted state. Such gadgets require steps which cannot be realized by classical HE scheme. Later Client decrypts/deciphers the outcome sent by Server to get the correct result, in the correction Stage. If the task performed by the Server can be verified by the Client, the protocol is called, Verifiable Quantum Fully Homomorphic Encryption (VQFHE). Classes of protocols under this category are:
[[Category:Two Party Protocols]]
*[[Prepare and Send Quantum Fully Homomorphic Encryption|'''Prepare and Send QFHE''']]
*The protocols enlisted here mainly differ in terms of the type of communication channels required. An online link means it is used throughout the protocol. An offline link means it is used only at the starting or ending of the protocol (one-time use channels) and there is no continuous exchange of information. A quantum communication link is used to transfer quantum states/information and classical links are used for exchange of classical information. These terms will be related with each protocol enlisted below.
*[[Prepare and Send Verifiable Quantum Fully Homomorphic Encryption|'''Prepare and Send VQFHE''']]


===Classical Offline Communication-No Quantum Communication===
# '''[[Prepare and Send-Universal Blind Quantum Computation]]''':[[:Category:Quantum Memory Network Stage|Quantum Memory Network Stage]][[Category:Quantum Memory Network Stage]]. Requires classical online communication-quantum offline communication. Hides input, output and computation of the client
It involves a fully classical Client assign quantum computation to a Server on her classical input/output using only classical communication during the preparation stage and output correction. There is no communication between the two parties during computation stage. It uses only classical [[Supplementary Information#Homomorphic Encryption|Homomorphic Encryption]] and no quantum gadgets to realize a quantum function/computation. Quantum offline communication would be needed in case of quantum input/output. A verification scheme for such protocols is still an open question. Class of protocols under this category are:
# '''[[Measurement Only-Universal Blind Quantum Computation]]''':[[:Category:Quantum Memory Network Stage|Quantum Memory Network Stage]][[Category:Quantum Memory Network Stage]]. Requires classical online communication-quantum online communication. Hides input, output and computation of the client.
*Quantum Capable Classical Fully Homomorphic Encryption [[Classical Fully Homomorphic Encryption for Quantum Circuits|'''(FHE) for Quantum Circuits''']]
# '''[[Pseudo-Secret Random Qubit Generator (PSQRG)]]''':[[:Category:Quantum Memory Network Stage|Quantum Memory Network Stage]][[Category:Quantum Memory Network Stage]]. Requires classical offline communication- quantum offline  communication.
# '''[[Prepare and Send Quantum Fully Homomorphic Encryption]]''':[[:Category:Quantum Memory Network Stage|Quantum Memory Network Stage]][[Category:Quantum Memory Network Stage]]. Requires classical online communication-no quantum communication. Hides input and output of the client.  
# '''[[Classical Fully Homomorphic Encryption for Quantum Circuits]]''':[[:Category:Quantum Memory Network Stage|Quantum Memory Network Stage]][[Category:Quantum Memory Network Stage]]. Requires classical offline communication-no quantum communication. Hides input and output of the client.


'''Tags:''' [[Two Party Protocols|Two Party]], [[Universal Task|Universal Task]], [[Multiparty Delegated Quantum Computation|Multiparty Delegated Quantum Computation]], [[Quantum Enhanced Classical Delegated Computation|Quantum Enhanced Classical Delegated Computation]]
*All the above protocols require the server to be a quantum memory network stage node. However, with respect to the client, (1) requires the client to only prepare and send quantum states while (2) requires client to just receive and measure quantum states. Thus, client belongs to a simple prepare and measure network stage node. This information is useful in case there are only a few nodes with advanced technologies like quantum memory.
*Protcols for verifiable version of protocols (1), (2), (4) can be found on the page [[Secure Verifiable Client-Server Delegated Quantum Computation|Verifiable Delegated Quantum Computation]]. Verifiable versions of protocols (3) and (5) are open questions.


[[Category:Two Party Protocols]]
[[Category:Universal Task]]
[[Category:Universal Task]]
==Properties==
*'''Universality''' A protocol for delegated quantum computation is universal if it client can use the server to compute any quantum circuit.
*'''Correctness''' A protocol is correct if the output of client's input after Server's processing is correct, given that both parties follow the protocol honestly.
*'''Blindness''' The protocol is blind to the server (who, in this case is the adversary/dishonest party) means that client's computation is hidden from the server during the entire protocol.
*'''Compactness''' Decryption of datat the end of the protocol should be independent of the size of the quantum circuit used for computation
*'''Full Homomorphism''' A homomorphic encryption which can perform any quantum computation
==Knowledge Graph==
{{graph}}
==Further Information==
Secure Delegated Computation was an open problem in classical computation until Gentry's work in 1994 on Homomorphic Encryption using Lattice Based Cryptography [[Secure Client- Server Delegated Computation#References|(1)]]. An analogue was required in case of delegating quantum data. Childs proposed the first work in the field in 2005 [[Secure Client- Server Delegated Computation#References|(2)]]. Unlike the classical scheme, this protocol could not only hide the input and output of the client from the sever but also client's computation. This was a breakthrough as there exists no such scheme in classical cryptography which could provide this additional functionality, called 'blindness'. Arrighi and Salvail  later showed [[Secure Client- Server Delegated Computation#References|(3)]] that hiding of computation was possible only for a few functions. They also coined the notion of [[Secure Verifiable Client-Server Delegated Quantum Computation|verifiability]]. In 2009, Broadbent, Fitzsimons and Kashefi developed prepare and send universal blind quantum computation, which was the first scheme to solve this problem for any quantum circuit. This property, also known as universality, opened the gates for further research in this field. New protocols came into picture, some using the measurement based quantum computation framework like blind quantum computation and some devising homomorphic encryption for quantum data. Out of which, prepare-and-send universal blind quantum computation has been proven to be universally composable i.e. it is secure in any and every scenerio possible. The only other protocol which is proven to be universally composable is [[Quantum Key Distribution]]. All the above protocols required quantum communication until the latest work by Urmila Mahadev in 2018, classical fully homomorphic encryption for quantum circuits. It requires no quantum operation on the client's side. pseudo-secret random qubit generator is a functionality different from delegation of quantum computation. It comes with multiple uses, one of which being universal blind quantum computation. This protocol also requires no quantum computation on client's side in order to instruct server to prepare her secret random qubits, of which she has complete knowledge but not the server.<br/>
'''Review Papers:'''
* [https://www.nature.com/articles/s41534-017-0025-3 Fitzsimons (2017)] gives an overview of delegated quantum computation
* [https://arxiv.org/abs/1301.3662 Dunjko et al (2013)] gives the abstract cryptography framework for delegated computing and uses it prove universal composability of UBQC.
==References==
#[https://crypto.stanford.edu/craig/craig-thesis.pdf Gentry (1994)]
#[https://arxiv.org/abs/quant-ph/0111046 Childs (2005)]
#[https://arxiv.org/abs/quant-ph/0309152 Arrighi and Salavil (2006)]
<div style='text-align: right;'>''*contributed by Shraddha Singh''</div>

Latest revision as of 18:57, 21 December 2020

Functionality Description

Delegated Computation is the task of assigning computation on hidden data to a powerful untrusted party (a device) by a weak (in terms of computational powers) party while maintaining privacy of hidden data from the powerful party. Protocols under this functionality are commonly called Client-Server protocols. Delegated Quantum Computation (DQC) protocols involve partially or fully classical Client delegating a quantum computation to fully powerful single/multiple quantum Server/Servers. All DQC protocols involve three main stages, Preparation Stage, Computation Stage and Output Correction Stage. The roles of Client and Server in the different stages may differ according to the type of communication used see Protocols list.

Tags: Two Party, Universal Tasks, Secure Verifiable Client-Server Delegated Quantum Computation, Secure Multi-Party Delegated Computation, Secure Delegated Classical Computation, Quantum Functionality

Use-case

Protocols

  • The protocols enlisted here mainly differ in terms of the type of communication channels required. An online link means it is used throughout the protocol. An offline link means it is used only at the starting or ending of the protocol (one-time use channels) and there is no continuous exchange of information. A quantum communication link is used to transfer quantum states/information and classical links are used for exchange of classical information. These terms will be related with each protocol enlisted below.
  1. Prepare and Send-Universal Blind Quantum Computation:Quantum Memory Network Stage. Requires classical online communication-quantum offline communication. Hides input, output and computation of the client
  2. Measurement Only-Universal Blind Quantum Computation:Quantum Memory Network Stage. Requires classical online communication-quantum online communication. Hides input, output and computation of the client.
  3. Pseudo-Secret Random Qubit Generator (PSQRG):Quantum Memory Network Stage. Requires classical offline communication- quantum offline communication.
  4. Prepare and Send Quantum Fully Homomorphic Encryption:Quantum Memory Network Stage. Requires classical online communication-no quantum communication. Hides input and output of the client.
  5. Classical Fully Homomorphic Encryption for Quantum Circuits:Quantum Memory Network Stage. Requires classical offline communication-no quantum communication. Hides input and output of the client.
  • All the above protocols require the server to be a quantum memory network stage node. However, with respect to the client, (1) requires the client to only prepare and send quantum states while (2) requires client to just receive and measure quantum states. Thus, client belongs to a simple prepare and measure network stage node. This information is useful in case there are only a few nodes with advanced technologies like quantum memory.
  • Protcols for verifiable version of protocols (1), (2), (4) can be found on the page Verifiable Delegated Quantum Computation. Verifiable versions of protocols (3) and (5) are open questions.

Properties

  • Universality A protocol for delegated quantum computation is universal if it client can use the server to compute any quantum circuit.
  • Correctness A protocol is correct if the output of client's input after Server's processing is correct, given that both parties follow the protocol honestly.
  • Blindness The protocol is blind to the server (who, in this case is the adversary/dishonest party) means that client's computation is hidden from the server during the entire protocol.
  • Compactness Decryption of datat the end of the protocol should be independent of the size of the quantum circuit used for computation
  • Full Homomorphism A homomorphic encryption which can perform any quantum computation

Knowledge Graph

Further Information

Secure Delegated Computation was an open problem in classical computation until Gentry's work in 1994 on Homomorphic Encryption using Lattice Based Cryptography (1). An analogue was required in case of delegating quantum data. Childs proposed the first work in the field in 2005 (2). Unlike the classical scheme, this protocol could not only hide the input and output of the client from the sever but also client's computation. This was a breakthrough as there exists no such scheme in classical cryptography which could provide this additional functionality, called 'blindness'. Arrighi and Salvail later showed (3) that hiding of computation was possible only for a few functions. They also coined the notion of verifiability. In 2009, Broadbent, Fitzsimons and Kashefi developed prepare and send universal blind quantum computation, which was the first scheme to solve this problem for any quantum circuit. This property, also known as universality, opened the gates for further research in this field. New protocols came into picture, some using the measurement based quantum computation framework like blind quantum computation and some devising homomorphic encryption for quantum data. Out of which, prepare-and-send universal blind quantum computation has been proven to be universally composable i.e. it is secure in any and every scenerio possible. The only other protocol which is proven to be universally composable is Quantum Key Distribution. All the above protocols required quantum communication until the latest work by Urmila Mahadev in 2018, classical fully homomorphic encryption for quantum circuits. It requires no quantum operation on the client's side. pseudo-secret random qubit generator is a functionality different from delegation of quantum computation. It comes with multiple uses, one of which being universal blind quantum computation. This protocol also requires no quantum computation on client's side in order to instruct server to prepare her secret random qubits, of which she has complete knowledge but not the server.
Review Papers:

  • Fitzsimons (2017) gives an overview of delegated quantum computation
  • Dunjko et al (2013) gives the abstract cryptography framework for delegated computing and uses it prove universal composability of UBQC.

References

  1. Gentry (1994)
  2. Childs (2005)
  3. Arrighi and Salavil (2006)
*contributed by Shraddha Singh
Retrieved from "https://wiki.veriqloud.fr/index.php?title=Secure_Client-_Server_Delegated_Computation&oldid=4318"