Classical Fully Homomorphic Encryption for Quantum Circuits: Difference between revisions

Jump to navigation Jump to search
m
Line 89: Line 89:
</div>
</div>
::::#The server uses <math>pk_{i+1}</math> to recrypt 'c' (previously encrypted using <math>pk_{i}</math>) and encrypt other variables under HE: <math>\mathrm{HE.Enc}_{pk_{i+1}}(c)</math>, <math>\mathrm{HE.Enc}_{pk_{i+1}}(\hat{c},y,d)</math>.  
::::#The server uses <math>pk_{i+1}</math> to recrypt 'c' (previously encrypted using <math>pk_{i}</math>) and encrypt other variables under HE: <math>\mathrm{HE.Enc}_{pk_{i+1}}(c)</math>, <math>\mathrm{HE.Enc}_{pk_{i+1}}(\hat{c},y,d)</math>.  
::::#The server computes the encryption of <math>x,z</math> (stored in <math>\tilde{z},\tilde{x}</math>) under <math>pk_{i+1}</math> by performing decryption circuit on <math>\mathrm{HE.Enc}_{pk_{i+1}}(c)</math> using <math>\mathrm{HE.Enc}_{pk_{i+1}}(sk_i)</math> (provided by the evaluation key). Here, c, as stated before was the concatenation of encryptions of x, z under <math>pk_{i}</math>.
::::#The server computes the encryption of <math>x,z</math> (stored in <math>\tilde{z},\tilde{x}</math>) under <math>pk_{i+1}</math> by performing decryption circuit on <math>\mathrm{HE.Enc}_{pk_{i+1}}(c)</math> using <math>\mathrm{HE.Enc}_{pk_{i+1}}(sk_i)</math> (provided by the evaluation key). Here, c, as stated before is the concatenation of encryption of x, z under <math>pk_{i}</math>, provided by the Client.
::::#The server (homomorphically) computes <math>(\mu_0,r_0)</math> and <math>(\mu_1,r_1)</math>, using <math>t_{sk_i},sk_i</math>, provided by the evaluation key <math>\mathrm{evk}_i</math> encrypted under <math>pk_{i+1}</math>, and <math>\mathrm{HE.Enc}_{pk_{i+1}}(\hat{c},y,d)</math>, from the previous step.  
::::#The server (homomorphically) computes <math>(\mu_0,r_0)</math> and <math>(\mu_1,r_1)</math>, using <math>\mathrm{HE.Enc}_{pk_{i+1}}(t_{sk_i},sk_i)</math>, provided by the evaluation key <math>\mathrm{evk}_i</math> encrypted under <math>pk_{i+1}</math>, and <math>\mathrm{HE.Enc}_{pk_{i+1}}(\hat{c},y,d)</math>, from the previous step.  
::::#The server then uses this results of the last three steps, to (homomorphically) update Pauli encryptions for encrypted <math>CNOT^s_{l,n}</math>: </br>(<math>\tilde {x}^{[l]},\tilde{z}^{[l]};\tilde {x}^{[n]},\tilde{z}^{[n]})\rightarrow (<math>\tilde {x}^{[l]},\tilde{z}^{[l]}+d\cdot ((\mu_0,r_0)\oplus (\mu_1,r_1);\tilde {x}^{[n]}+\mu_0,\tilde{z}^{[n]})</math></br>  
::::#The server then uses this results of the last three steps, to (homomorphically) update Pauli encryptions for encrypted <math>CNOT^s_{l,n}</math>: </br>(<math>\tilde {x}^{[l]},\tilde{z}^{[l]};\tilde {x}^{[n]},\tilde{z}^{[n]})\rightarrow (\tilde {x}^{[l]},\tilde{z}^{[l]}+d\cdot ((\mu_0,r_0)\oplus (\mu_1,r_1);\tilde {x}^{[n]}+\mu_0,\tilde{z}^{[n]})</math></br>  
3. Server sends updated encryptions of Pauli corrections <math>\tilde{x},\tilde{z}</math> and the classical outcome after measurement of the output state (or Quantum one time padded state in case of quantum output) to Client.
3. Server sends updated encryptions of Pauli corrections <math>\tilde{x},\tilde{z}</math> and the classical outcome after measurement of the output state (or Quantum one time padded state in case of quantum output) to Client.


Write, autoreview, editor, reviewer
3,129

edits

Navigation menu