Prepare-and-Send Verifiable Quantum Fully Homomorphic Encryption: Difference between revisions

Jump to navigation Jump to search
mNo edit summary
Line 5: Line 5:
==Outline==
==Outline==


This protocol consists mainly of four stages: Key Generation, Encryption, Homomorphic evaluation, and Verified decryption. For verification, the major changes from the standard [[Prepare and Send Quantum Fully Homomorphic Encryption]] is in stage 2, evaluation where a computational log is provided as an extra output and in stage 4, Verified decryption which accepts computational log and performs the verification. The verification performed in this protocol is mainly classical in nature
This protocol consists mainly of four stages: Key Generation, Encryption, Homomorphic evaluation, and Verified decryption. To introduce verification, the major changes from the standard [[Prepare and Send Quantum Fully Homomorphic Encryption]] protocol take place in stage 2 (Evaluation) where a computational log is provided as an extra output and in stage 4 (Verified decryption) which accepts computational log and performs the verification. The verification performed in this protocol is mainly classical in nature.
 
*'''Key Generation and encryption''': This procedure requires the generation of single-qubit and two-qubit states from a small fixed set, performing Bell measurements and Pauli gates, and executing the encoding procedure of a quantum error-correcting code on which the trap code is based.
'''Key gen''':
** The classical fully homomorphic encryption scheme is used here to generate the public key, the secret keys and the evaluation function key for the encryption.
** A message authenticating system (MAC) is used to authenticate this process. Using [[MAC]], a key is also generated.
** A random global permutation is selected from <math>3*m</math> letters. A tuple is generated now using the global permutation and all the keys generated in the above steps. These are the non-evaluation keys which used to encrypt the auxiliary states.
 
'''Encryption''': We encrypt each qubit of the plaintext using the trap code, and encrypt the trap code
keys using the FHE scheme. This again requires the ability to perform Paulis, execute an error-correcting encoding, and the generation of basic single-qubit states.
 
** Majority of the single-qubit and two-qubit quantum states are encrypted using the global permutation. A [[CSS]] concatenated Steane code is selected with specific requirements. The quantum state is first encoded using this CSS code which results in a state with $m$ qubits. Then, $m$ computational and $m$ Hadamard traps (<math>|0\rangle</math> and <math>|+\rangle</math> states) are added to that state and the resulting state is permutated using the global permutation. Next, if $n$ is the number of qubits that will be encrypted, two bits strings are picked of length $n$ to encrypt the state with [[Quantum one time pad]]. After this, we obtain our magic state for that particular quantum state. Here it is important to note that the keys for [[Quantum one time pad]] are selected during Encryption rather than Key Generation.
** For the <math>T</math> gate, error correcting gadgets are prepared from [[garden-hose gadgets]].
** Then the evaluation key is formed by MAC which uses the auxiliary states, including the magic states.


*'''Key Generation and Encryption'''
** This procedure requires the generation of single-qubit and two-qubit states from a small fixed set, performing Bell measurements and Pauli gates, and executing the encoding procedure of a quantum error-correcting code on which the trap code is based.
** In this step, using the classical fully homomorphic encryption scheme, public key, the secret keys and the evaluation function key for the encryption are generated. A message authenticating system (MAC) is used to authenticate this process. Using [[MAC]], a key is also generated.
** Majority of the single-qubit and two-qubit quantum states are encrypted using the global permutation <math>\pi</math>, but all the qubits in the error correcting gadget are encrypted using independent permutation. The encryption occurs through [[CSS]] where equal amounts of traps gates (<math>|0\rangle</math> and <math>|+\rangle</math>) are added and permuted using the global permutation, after which the overall state is encrypted by using [[Quantum one time pad]]. The final state formed of the single-qubit or two-qubit quantum used initially is known as the magic state.
** The keys for the quantum one-time pad are selected during the encryption stage, For the <math>T</math> gate, error correcting gadgets are prepared from garden-hose gadgets(Link here).
** Then the evaluation key is formed, using the auxiliary states mentioned, which includes the magic states too.
</br>
</br>
* '''Evaluation''': Evaluation of a circuit is done gate by gate. Throughout this procedure, apart from the outputs, a complete computational log is made of all randomness used, all computation steps, all intermediate results, and all the classical FHE computations. To measure a qubit, we measure all ciphertext qubits and place the outcomes in the log.
* '''Evaluation''': Evaluation of a circuit is done gate by gate. Throughout this procedure, apart from the outputs, a complete computational log is made of all randomness used, all computation steps, all intermediate results, and all the classical FHE computations. To measure a qubit, we measure all ciphertext qubits and place the outcomes in the log.
Line 26: Line 33:
**Here the correctness and consistency of the classical FHE transcript,  the measurement outcomes, and the claimed circuit are checked. The result of this computation is a set of keys for the trap code, which are correct provided that Eval was performed honestly. In this step, decryption takes place using these keys and the output is either plaintext or reject. In terms of quantum capabilities, decryption requires executing the decoding procedure of the error-correcting code, computational-basis and Hadamard-basis measurements, and Paulis.
**Here the correctness and consistency of the classical FHE transcript,  the measurement outcomes, and the claimed circuit are checked. The result of this computation is a set of keys for the trap code, which are correct provided that Eval was performed honestly. In this step, decryption takes place using these keys and the output is either plaintext or reject. In terms of quantum capabilities, decryption requires executing the decoding procedure of the error-correcting code, computational-basis and Hadamard-basis measurements, and Paulis.
** This procedure consists of two parts. Several classical checks are performed at first, where MAC-verification of all classically authenticated messages takes places. It also includes checking if the gates listing in the computational log match the circuit description. The portion of the log which specifies the purely classical, FHE steps taking during classical homomorphic encryption are also checked. Next, all the unmeasured traps are checked and the remaining qubits are decoded. If the logs don't match or if any of the traps are triggered, then the entire process is rejected.
** This procedure consists of two parts. Several classical checks are performed at first, where MAC-verification of all classically authenticated messages takes places. It also includes checking if the gates listing in the computational log match the circuit description. The portion of the log which specifies the purely classical, FHE steps taking during classical homomorphic encryption are also checked. Next, all the unmeasured traps are checked and the remaining qubits are decoded. If the logs don't match or if any of the traps are triggered, then the entire process is rejected.


==Hardware Requirements==
==Hardware Requirements==
Write, autoreview, editor, reviewer
3,129

edits

Navigation menu