Write, autoreview, editor, reviewer
3,129
edits
Classical Fully Homomorphic Encryption for Quantum Circuits: Difference between revisions
Jump to navigation
Jump to search
m
Classical Fully Homomorphic Encryption for Quantum Circuits (edit)
Revision as of 17:17, 23 November 2018
, 23 November 2018→Stage 2 Server’s Computation
| Line 80: | Line 80: | ||
####Server performs Hadamard on second register. The resulting superposition state is:</br><math>\sum_{a,b,\mu\in\{0,1\},r}\alpha_{ab}\sqrt{D(\mu_0,r_0)}(I\otimes X^{\mu_0})CNOT_{ab}^s|a\rangle |b\oplus \mu_a\rangle\otimes H|\mu_a,r_a\rangle|y\rangle</math></br><math>=\sum_{a,b,\mu\in\{0,1\},r}\alpha_{ab}\sqrt{D(\mu_0,r_0)}(I\otimes X^{\mu_0})CNOT_{ab}^s|a\rangle |b\oplus \mu_a\rangle\otimes\bigg(\sum_{e\in\{0,1\}}(-1)^{e\cdot(\mu_a,r_a) }|e\rangle\bigg)|y\rangle</math>, <math>\because H|q\rangle=\sum_{e\in\{0,1\}}(-1)^{e\cdot q}|e\rangle</math></br> | ####Server performs Hadamard on second register. The resulting superposition state is:</br><math>\sum_{a,b,\mu\in\{0,1\},r}\alpha_{ab}\sqrt{D(\mu_0,r_0)}(I\otimes X^{\mu_0})CNOT_{ab}^s|a\rangle |b\oplus \mu_a\rangle\otimes H|\mu_a,r_a\rangle|y\rangle</math></br><math>=\sum_{a,b,\mu\in\{0,1\},r}\alpha_{ab}\sqrt{D(\mu_0,r_0)}(I\otimes X^{\mu_0})CNOT_{ab}^s|a\rangle |b\oplus \mu_a\rangle\otimes\bigg(\sum_{e\in\{0,1\}}(-1)^{e\cdot(\mu_a,r_a) }|e\rangle\bigg)|y\rangle</math>, <math>\because H|q\rangle=\sum_{e\in\{0,1\}}(-1)^{e\cdot q}|e\rangle</math></br> | ||
####Server measures the second register to get d. The resulting superposition is:</br><math>=\sum_{a,b,\mu\in\{0,1\},r}\alpha_{ab}\sqrt{D(\mu_0,r_0)}(I\otimes X^{\mu_0})CNOT_{ab}^s|a\rangle |b\oplus \mu_a\rangle\otimes(-1)^{d\cdot | ####Server measures the second register to get d. The resulting superposition is:</br><math>=\sum_{a,b,\mu\in\{0,1\},r}\alpha_{ab}\sqrt{D(\mu_0,r_0)}(I\otimes X^{\mu_0})CNOT_{ab}^s|a\rangle |b\oplus \mu_a\rangle\otimes(-1)^{d\cdot(\mu_a,r_a)}|d\rangle|y\rangle</math></br>=<math>(Z^{d\cdot ((\mu_0,r_0)\oplus (\mu_1,r_1))}\otimes X^{\mu_0})\mathrm{CNOT}_{1,2}^s|\psi\rangle</math> </br>where <math>(\mu_0,r_0)=(\mu_1,r_1)\oplus_H s</math>, as <math>\oplus_H</math> is the homomorphic XOR operation. | ||
####The server uses <math>pk_{i+1}</math> to compute HE.Enc<math>_{pk_{i+1}}(c_{x,z,pk_i})</math> and <math>\mathrm{HE.Enc}_{pk_{i+1}}(\hat{c},y,d)</math>. | ####The server uses <math>pk_{i+1}</math> to compute HE.Enc<math>_{pk_{i+1}}(c_{x,z,pk_i})</math> and <math>\mathrm{HE.Enc}_{pk_{i+1}}(\hat{c},y,d)</math>. | ||
####The server computes the encryption of <math>x,z</math> under <math>pk_{i+1}</math> by homomorphically running the decryption circuit on inputs <math>\mathrm{HE.Enc}_{pk_{i+1}}(sk_i)</math> and <math>\mathrm{HE.Enc}_{pk_{i+1}}(c_{x,z,pk_i})</math>. | ####The server computes the encryption of <math>x,z</math> under <math>pk_{i+1}</math> by homomorphically running the decryption circuit on inputs <math>\mathrm{HE.Enc}_{pk_{i+1}}(sk_i)</math> and <math>\mathrm{HE.Enc}_{pk_{i+1}}(c_{x,z,pk_i})</math>. | ||