Si-Hui Tan,Joshua A Kettlewell,Yingkai Ouyang,Lin Chen,Joseph F Fitzsimons

DOI: https://doi.org/10.1038/srep33467

2016-09-23

Abstract:Encryption schemes often derive their power from the properties of the underlying algebra on the symbols used. Inspired by group theoretic tools, we use the centralizer of a subgroup of operations to present a private-key quantum homomorphic encryption scheme that enables a broad class of quantum computation on encrypted data. The quantum data is encoded on bosons of distinct species in distinct spatial modes, and the quantum computations are manipulations of these bosons in a manner independent of their species. A particular instance of our encoding hides up to a constant fraction of the information encrypted. This fraction can be made arbitrarily close to unity with overhead scaling only polynomially in the message length. This highlights the potential of our protocol to hide a non-trivial amount of information, and is suggestive of a large class of encodings that might yield better security.

Ching-Yi Lai,Kai-Min Chung

DOI: https://doi.org/10.48550/arXiv.1705.00139

2018-09-16

Abstract:Homomorphic encryption is an encryption scheme that allows computations to be evaluated on encrypted inputs without knowledge of their raw messages. Recently Ouyang et al. constructed a quantum homomorphic encryption (QHE) scheme for Clifford circuits with statistical security (or information-theoretic security (IT-security)). It is desired to see whether an information-theoretically-secure (ITS) quantum FHE exists. If not, what other nontrivial class of quantum circuits can be homomorphically evaluated with IT-security? We provide a limitation for the first question that an ITS quantum FHE necessarily incurs exponential overhead. As for the second one, we propose a QHE scheme for the instantaneous quantum polynomial-time (IQP) circuits. Our QHE scheme for IQP circuits follows from the one-time pad.

Quantum Physics,Cryptography and Security

Yanglin Hu,Yingkai Ouyang,Marco Tomamichel

DOI: https://doi.org/10.22331/q-2023-04-13-976

2023-04-14

Quantum

Abstract:Quantum 7, 976 (2023). https://doi.org/10.22331/q-2023-04-13-976 Quantum homomorphic encryption, which allows computation by a server directly on encrypted data, is a fundamental primitive out of which more complex quantum cryptography protocols can be built. For such constructions to be possible, quantum homomorphic encryption must satisfy two privacy properties: data privacy which ensures that the input data is private from the server, and circuit privacy which ensures that the ciphertext after the computation does not reveal any additional information about the circuit used to perform it, beyond the output of the computation itself. While circuit privacy is well-studied in classical cryptography and many homomorphic encryption schemes can be equipped with it, its quantum analogue has received little attention. Here we establish a definition of circuit privacy for quantum homomorphic encryption with information-theoretic security. Furthermore, we reduce quantum oblivious transfer to quantum homomorphic encryption. By using this reduction, our work unravels fundamental trade-offs between circuit privacy, data privacy and correctness for a broad family of quantum homomorphic encryption protocols, including schemes that allow only the computation of Clifford circuits.

physics, multidisciplinary,quantum science & technology

Yingkai Ouyang,Si-Hui Tan,Joseph Fitzsimons

DOI: https://doi.org/10.1103/PhysRevA.98.042334

2018-10-26

Abstract:The recent discovery of fully-homomorphic classical encryption schemes has had a dramatic effect on the direction of modern cryptography. Such schemes, however, implicitly rely on the assumptions that solving certain computation problems are intractable. Here we present a quantum encryption scheme which is homomorphic for arbitrary classical and quantum circuits which have at most some constant number of non-Clifford gates. Unlike classical schemes, the security of the scheme we present is information theoretic and hence independent of the computational power of an adversary.

Quantum Physics

Michael Newman,Yaoyun Shi

DOI: https://doi.org/10.48550/arXiv.1704.07798

2017-08-13

Abstract:Transversality is a simple and effective method for implementing quantum computation fault-tolerantly. However, no quantum error-correcting code (QECC) can transversally implement a quantum universal gate set (Eastin and Knill, Phys. Rev. Lett., 102, 110502). Since reversible classical computation is often a dominating part of useful quantum computation, whether or not it can be implemented transversally is an important open problem. We show that, other than a small set of non-additive codes that we cannot rule out, no binary QECC can transversally implement a classical reversible universal gate set. In particular, no such QECC can implement the Toffoli gate transversally. We prove our result by constructing an information theoretically secure (but inefficient) quantum homomorphic encryption (ITS-QHE) scheme inspired by Ouyang et al. (<a class="link-https" data-arxiv-id="1508.00938" href="https://arxiv.org/abs/1508.00938">arXiv:1508.00938</a>). Homomorphic encryption allows the implementation of certain functions directly on encrypted data, i.e. homomorphically. Our scheme builds on almost any QECC, and implements that code's transversal gate set homomorphically. We observe a restriction imposed by Nayak's bound (FOCS 1999) on ITS-QHE, implying that any ITS quantum fully homomorphic scheme (ITS-QFHE) implementing the full set of classical reversible functions must be highly inefficient. While our scheme incurs exponential overhead, any such QECC implementing Toffoli transversally would still violate this lower bound through our scheme.

Quantum Physics,Cryptography and Security,Information Theory

Min Liang

DOI: https://doi.org/10.1007/s11128-015-1034-9

2014-10-09

Abstract:Fully homomorphic encryption enables arbitrary computation on encrypted data without decrypting the data. Here it is studied in the context of quantum information processing. Based on universal quantum circuit, we present a quantum fully homomorphic encryption (QFHE) scheme, which permits arbitrary quantum transformation on an encrypted data. The QFHE scheme is proved to be perfectly secure. In the scheme, the decryption key is different from the encryption key, however, the encryption key cannot be public. Moreover, the evaluate algorithm of the scheme is independent of the encryption key, so it is very applicable in delegated quantum computing between two parties.

Quantum Physics,Cryptography and Security

Yingkai Ouyang,Si-Hui Tan,Joseph Fitzsimons,Peter P. Rohde

DOI: https://doi.org/10.1103/PhysRevResearch.2.013332

2020-03-19

Abstract:Future quantum computers are likely to be expensive and affordable outright by few, motivating client/server models for outsourced computation. However, the applications for quantum computing will often involve sensitive data, and the client would like to keep her data secret, both from eavesdroppers and the server itself. Homomorphic encryption is an approach for encrypted, outsourced quantum computation, where the client's data remains secret, even during execution of the computation. We present a scheme for the homomorphic encryption of arbitrary quantum states of light with no more than a fixed number of photons, under the evolution of both passive and adaptive linear optics, the latter of which is universal for quantum computation. The scheme uses random coherent displacements in phase-space to obfuscate client data. In the limit of large coherent displacements, the protocol exhibits asymptotically perfect information-theoretic secrecy. The experimental requirements are modest, and easily implementable using present-day technology.

Quantum Physics

Frederik Armknecht,Tommaso Gagliardoni,Stefan Katzenbeisser,Andreas Peter

DOI: https://doi.org/10.48550/arXiv.1401.2417

2014-01-14

Abstract:Group homomorphic encryption represents one of the most important building blocks in modern cryptography. It forms the basis of widely-used, more sophisticated primitives, such as CCA2-secure encryption or secure multiparty computation. Unfortunately, recent advances in quantum computation show that many of the existing schemes completely break down once quantum computers reach maturity (mainly due to Shor's algorithm). This leads to the challenge of constructing quantum-resistant group homomorphic cryptosystems. In this work, we prove the general impossibility of (abelian) group homomorphic encryption in the presence of quantum adversaries, when assuming the IND-CPA security notion as the minimal security requirement. To this end, we prove a new result on the probability of sampling generating sets of finite (sub-)groups if sampling is done with respect to an arbitrary, unknown distribution. Finally, we provide a sufficient condition on homomorphic encryption schemes for our quantum attack to work and discuss its satisfiability in non-group homomorphic cases. The impact of our results on recent fully homomorphic encryption schemes poses itself as an open question.

Cryptography and Security,Group Theory

Zheng-Yao Su,Ming-Chung Tsai

2024-05-09

Abstract:Inspired by the concept of fault tolerance quantum computation, this article proposes a framework dubbed Exact Homomorphic Encryption, EHE, enabling exact computations on encrypted data without the need for pre-decryption. The introduction of quantum gates is a critical step for constructing the message encryption and the computation encryption within the framework. Of significance is that both encryptions are respectively accomplished in a multivariate polynomial set generated by quantum gates. Two fundamental traits of quantum gates, the invertibility and the noncommutativity, establish the success of EHE. The encrypted computation is exact because its encryption transformation is conducted with invertible gates. In the same vein, decryptions for both an encrypted message and encrypted computation are exact. The second trait of noncommutativity among applied quantum gates brings forth the security for the two encryptions. Toward the message encryption, a plaintext is encoded into a ciphertext via a polynomial set generated by a product of noncommuting gates randomly chosen. In the computation encryption, a desired operation is encoded into an encrypted polynomial set generated by another product of noncommuting gates. The encrypted computation is then the evaluation of the encrypted polynomial set on the ciphertext and is referred to as the cryptovaluation. EHE is not only attainable on quantum computers, but also straightforwardly realizable on traditional computing environments. Surpassing the standard security 2^128 of quantum resilience, both the encryptions further reach a security greater than the suggested threshold 2^1024 and are characterized as hyper quantum-resilient. Thanks to the two essential traits of quantum gates, this framework can be regarded as the initial tangible manifestation of the concept noncommutative cryptography.

Quantum Physics,Cryptography and Security

Min Liang

DOI: https://doi.org/10.1007/s11128-013-0626-5

IF: 1.965

2013-08-24

Quantum Information Processing

Abstract:Suppose some data have been encrypted, can you compute with the data without decrypting them? This problem has been studied as homomorphic encryption and blind computing. We consider this problem in the context of quantum information processing, and present the definitions of quantum homomorphic encryption (QHE) and quantum fully homomorphic encryption (QFHE). Then, based on quantum one-time pad (QOTP), we construct a symmetric QFHE scheme, where the evaluate algorithm depends on the secret key. This scheme permits any unitary transformation on any n$$n$$-qubit state that has been encrypted. Compared with classical homomorphic encryption, the QFHE scheme has perfect security. Finally, we also construct a QOTP-based symmetric QHE scheme, where the evaluate algorithm is independent of the secret key.

physics, multidisciplinary,quantum science & technology, mathematical

W.K. Tham,Hugo Ferretti,Kent Bonsma-Fisher,Aharon Brodutch,Barry C. Sanders,Aephraim M. Steinberg,Stacey Jeffery

DOI: https://doi.org/10.1103/PhysRevX.10.011038

2018-11-06

Abstract:A fully homomorphic encryption system hides data from unauthorized parties, while still allowing them to perform computations on the encrypted data. Aside from the straightforward benefit of allowing users to delegate computations to a more powerful server without revealing their inputs, a fully homomorphic cryptosystem can be used as a building block in the construction of a number of cryptographic functionalities. Designing such a scheme remained an open problem until 2009, decades after the idea was first conceived, and the past few years have seen the generalization of this functionality to the world of quantum machines. Quantum schemes prior to the one implemented here were able to replicate some features in particular use-cases often associated with homomorphic encryption but lacked other crucial properties, for example, relying on continual interaction to perform a computation or leaking information about the encrypted data. We present the first experimental realisation of a quantum fully homomorphic encryption scheme. We further present a toy two-party secure computation task enabled by our scheme. Finally, as part of our implementation, we also demonstrate a post-selective two-qubit linear optical controlled-phase gate with a much higher post-selection success probability (1/2) when compared to alternate implementations, e.g. with post-selective controlled-$Z$ or controlled-$X$ gates (1/9).

Quantum Physics,Optics

Yuan Li,Lin Cao,Wei Luo,Hui Zhang,Hong Cai,Muhammad Faeyz Karim,Feng Gao,Joseph Fitzsimons,Qinghua Song,Ai-Qun Liu

DOI: https://doi.org/10.1103/physrevlett.132.200801

IF: 8.6

2024-05-15

Physical Review Letters

Abstract:A fully homomorphic encryption system enables computation on encrypted data without the necessity for prior decryption. This facilitates the seamless establishment of a secure quantum channel, bridging the server and client components, and thereby providing the client with secure access to the server's substantial computational capacity for executing quantum operations. However, traditional homomorphic encryption systems lack scalability, programmability, and stability. In this Letter, we experimentally demonstrate a proof-of-concept implementation of a homomorphic encryption scheme on a compact quantum chip, verifying the feasibility of using photonic chips for quantum homomorphic encryption. Our work not only provides a solution for circuit expansion, addressing the longstanding challenge of scalability while significantly reducing the size of quantum network infrastructure, but also lays the groundwork for the development of highly sophisticated quantum fully homomorphic encryption systems. https://doi.org/10.1103/PhysRevLett.132.200801 © 2024 American Physical Society

physics, multidisciplinary

Anne Broadbent,Stacey Jeffery

DOI: https://doi.org/10.1007/978-3-662-48000-7_30

2015-01-01

Abstract:Fully homomorphic encryption is an encryption method with the property that any computation on the plaintext can be performed by a party having access to the ciphertext only. Here, we formally define and give schemes for quantum homomorphic encryption, which is the encryption of quantum information such that quantum computations can be performed given the ciphertext only. Our schemes allow for arbitrary Clifford group gates, but become inefficient for circuits with large complexity, measured in terms of the non-Clifford portion of the circuit (we use the “π/8$$\pi /8$$” non-Clifford group gate, also known as the T$$\mathsf{T}$$-gate).More specifically, two schemes are proposed: the first scheme has a decryption procedure whose complexity scales with the square of the number of T$$\mathsf{T}$$-gates (compared with a trivial scheme in which the complexity scales with the total number of gates); the second scheme uses a quantum evaluation key of length given by a polynomial of degree exponential in the circuit’s T$$\mathsf{T}$$-gate depth, yielding a homomorphic scheme for quantum circuits with constant T$$\mathsf{T}$$-depth. Both schemes build on a classical fully homomorphic encryption scheme.A further contribution of ours is to formally define the security of encryption schemes for quantum messages: we define quantum indistinguishability under chosen plaintext attacks in both the public- and private-key settings. In this context, we show the equivalence of several definitions. Our schemes are the first of their kind that are secure under modern cryptographic definitions, and can be seen as a quantum analogue of classical results establishing homomorphic encryption for circuits with a limited number of multiplication gates. Historically, such results appeared as precursors to the breakthrough result establishing classical fully homomorphic encryption.

Urs Achim Wiedemann,Ulrich Heinz

DOI: https://doi.org/10.1103/PhysRevC.56.3265

1998-01-12

Abstract:We study the effect of resonance decays on intensity interferometry for heavy ion collisions. Collective expansion of the source leads to a dependence of the two-particle correlation function on the pair momentum K. This opens the possibility to reconstruct the dynamics of the source from the K-dependence of the measured HBT radii. Here we address the question to what extent resonance decays can fake such a flow signal. Within a simple parametrization for the emission function we present a comprehensive analysis of the interplay of flow and resonance decays on the one- and two-particle spectra. We discuss in detail the non-Gaussian features of the correlation function introduced by long-lived resonances and the resulting problems in extracting meaningful HBT radii. We propose to define them in terms of the second order q-moments of the correlator C(q, K). We show that this yields a more reliable characterisation of the correlator in terms of its width and the correlation strength `lambda' than other commonly used fit procedures. The normalized fourth-order q-moments (kurtosis) provide a quantitative measure for the non-Gaussian features of the correlator. At least for the class of models studied here, the kurtosis helps separating effects from expansion flow and resonance decays, and provides the cleanest signal to distinguish between scenarios with and without transverse flow.

Nuclear Theory,High Energy Physics - Phenomenology

Yingkai Ouyang,Peter P. Rohde

DOI: https://doi.org/10.48550/arXiv.2204.10471

2022-04-22

Abstract:Two essential primitives for universal, cloud-based quantum computation with security based on the laws of quantum mechanics, are quantum homomorphic encryption with information-theoretic security and quantum error correction. The former enables information-theoretic security of outsourced quantum computation, while the latter allows reliable and scalable quantum computations in the presence of errors. Previously these ingredients have been considered in isolation from one another. By establishing group-theoretic requirements that these two ingredients must satisfy, we provide a general framework for composing them. Namely, a quantum homomorphic encryption scheme enhanced with quantum error correction can directly inherit its properties from its constituent quantum homomorphic encryption and quantum error correction schemes. We apply our framework to both discrete- and continuous-variable models for quantum computation, such as Pauli-key and permutation-key encryptions in the qubit model, and displacement-key encryptions in a continuous-variable model based on Gottesman-Kitaev-Preskill codes.

Quantum Physics,Cryptography and Security

Ke Li,Tao Shang,Jian-wei Liu

DOI: https://doi.org/10.1007/s11128-017-1689-5

IF: 1.965

2017-08-24

Quantum Information Processing

Abstract:Quantum cryptography is believed to be unconditionally secure because its security is ensured by physical laws rather than computational complexity. According to spectrum characteristic, quantum information can be classified into two categories, namely discrete variables and continuous variables. Continuous-variable quantum protocols have gained much attention for their ability to transmit more information with lower cost. To verify the identities of different data sources in a quantum network, we propose a continuous-variable quantum homomorphic signature scheme. It is based on continuous-variable entanglement swapping and provides additive and subtractive homomorphism. Security analysis shows the proposed scheme is secure against replay, forgery and repudiation. Even under nonideal conditions, it supports effective verification within a certain verification threshold.

physics, multidisciplinary,quantum science & technology, mathematical

Daniel O'Malley,John K. Golden

DOI: https://doi.org/10.48550/arXiv.2009.00111

2020-09-01

Abstract:Homomorphic encryption has been an area of study in classical computing for decades. The fundamental goal of homomorphic encryption is to enable (untrusted) Oscar to perform a computation for Alice without Oscar knowing the input to the computation or the output from the computation. Alice encrypts the input before sending it to Oscar, and Oscar performs the computation directly on the encrypted data, producing an encrypted result. Oscar then sends the encrypted result of the computation back to Alice, who can decrypt it. We describe an approach to homomorphic encryption for quantum annealing based on spin reversal transformations and show that it comes with little or no performance penalty. This is in contrast to approaches to homomorphic encryption for classical computing, which incur a significant additional computational cost. This implies that the performance gap between quantum annealing and classical computing is reduced when both paradigms use homomorphic encryption. Further, homomorphic encryption is critical for quantum annealing because quantum annealers are native to the cloud -- a third party (such as untrusted Oscar) performs the computation. If sensitive information, such as health-related data subject to the Health Insurance Portability and Accountability Act, is to be processed with quantum annealers, such a technique could be useful.

Quantum Physics,Cryptography and Security

Muhammad Nadeem

DOI: https://doi.org/10.48550/arXiv.1507.07918

2015-07-28

Abstract:Methods of quantum mechanics promise information-theoretic security for various protocols in cryptography. However, impossibility of some cryptographic applications such as standard bit commitment, oblivious transfer, multiparty secure computations and ideal coin tossing in quantum regime leaves an obvious question on the completeness of quantum cryptography. Instead of using wide range of rules and techniques for a variety of cryptographic applications, we demonstrate here a unified structure for quantum cryptography based on quantum non-local correlations. The unified framework achieves same goals in information-theoretic way as classical cryptography does with computational hardness. To cover the broad range of cryptographic applications, we show that the framework (i) assures secrecy by providing encryption completely unintelligible to eavesdroppers, (ii) guarantees that input from distant parties is concealed unless they are willing to reveal, (iii) assures binding, (iv) allows splitting information between several parties securely and more generally, (v) evades both quantum and classical attacks from internal as well as external eavesdropping.

Quantum Physics

Xuejian Zhang,Yan Chang,Lin Zeng,Weifeng Xue,Lili Yan,Shibin Zhang

DOI: https://doi.org/10.1088/2058-9565/ad749a

IF: 6.568

2024-09-12

Quantum Science and Technology

Abstract:Due to the stringent hardware requirements and high cost, quantum computing as a service (QCaaS) is currently the main way to output quantum computing capabilities. However, the current QCaaS has significant shortcomings in privacy protection. The existing researches mainly focus on dataset privacy in some specific quantum machine learning algorithms, and there is no general and comprehensive research on privacy protection for dataset, parameter sets and algorithm models. To solve this problem, this paper defines the concept of generalized quantum homomorphic encryption and pioneers a novel method termed quantum circuit equivalence homomorphic encryption (QCEHE), aiming at protecting the privacy of the complete quantum circuits—encompassing data, parameters, and model. Based on QCEHE, a privacy protection scheme and its approximate implementation called quantum circuit equivalent substitution algorithm are proposed for any quantum algorithm, which can encrypt the complete quantum circuit on a classical computer, ensuring that the encrypted quantum circuit is physically equivalent to the original one, and does not reveal data holders' privacy (data, parameters and model). By theoretical derivation, we prove that the proposed solution can effectively execute any quantum algorithm while protecting privacy. By applying the proposed solution to the privacy protection of the Harrow–Hassidim–Lloyd algorithm and the variational quantum classifier algorithm, the results showed that the accuracy rate before and after encryption are almost the same, which means that the proposed solution can effectively protect the privacy of data holders without impacting the usability and accuracy.

physics, multidisciplinary,quantum science & technology

Min Liang,Li Yang

DOI: https://doi.org/10.48550/arXiv.1503.04061

2015-03-13

Quantum Physics

Abstract:Fully homomorphic encryption is a kind of encryption scheme, which enables arbitrary computation on encrypted data without accessing the data. We present the quantum version of fully homomorphic encryption scheme, which is constructed based on quantum fault-tolerant construction. Two schemes are constructed. The first is a symmetric scheme, and the secret key is the quantum CSS code. In the scheme, when Server performs quantum computation on the encrypted plaintext, some ancillary quantum states should be provided by Client. The second is an asymmetric scheme, which contains the periodical interaction between Client and Server.