DS202101: Dulek, Yfke (2021) Delegated and Distributed Quantum Computation. Doctoral thesis, University of Amsterdam.
Text (Full Text)
DS202101.text.pdf Download (11MB) 

Text (Samenvatting)
DS202101.samenvatting.txt Download (6kB) 
Abstract
This dissertation explores the possibilities and impossibilities of securely delegating and distributing quantum computations. We construct explicit protocols for several quantumcryptographic primitives (quantum message authentication, multiparty quantum computation, and verifiable quantum homomorphic encryption), but show that one other primitive is impossible to achieve in general (quantum virtual blackbox obfuscation).
For the primitives that we do realize, we often need to make assumptions on the computational power of the adversary’s quantum computer. Such computational assumptions are necessary because the variants of the primitives that we wish to achieve are impossible informationtheoretically. Nonetheless, our protocols are informationtheoretic upgrades from their classical variants: the only computational assumptions are those that are already required to achieve the classical primitives. The advantage of this approach is that advances in classical and postquantum cryptography directly influence our protocols as well.
In all of the cryptographic primitives studied in this dissertation, verification plays a crucial role. Whether a client wants to check the outcome of a computation he delegated to an untrustworthy server, or whether a player in a multiparty protocol wants to monitor the honesty of the other players in the protocol, an honest party always needs some kind of mechanism to ensure that the dishonest parties are not deviating from the protocol without being noticed.
In Chapter 3, we consider an important building block for verifiable quantum computation: the quantum authentication code. Although traditionally used to ensure that a message cannot be altered after it is sent, authentication codes can also be used to enforce a specific operation to be applied to the message: this is known as (quantum) computing on authenticated data, or (Q)CAD. We study the relation between a property called (strong) purity testing and the ability of a code to preserve the integrity of a ciphertext rather than just the plaintext, and furthermore characterize in which cases the encryption key can be recycled. We give an overview of existing quantum authentication codes, and construct two new variations on the socalled "trap code", an authentication code that is especially suited for QCAD. One of these new variations is strong purity testing, achieving ciphertext authentication with key recycling. The other variation only achieves inverse polynomial security, but encoding can be done using only a constantsize quantum memory. The constructions in this chapter are informationtheoretically secure.
In Chapter 4, we give a protocol for multiparty quantum computation, where a number of players perform a joint quantum computation, but want to keep their inputs private from the other players. Previously, protocols were only known if strictly less than half of the players was dishonest, or if there were only two players in total. We generalize the twoplayer protocol to devise a secure protocol for multiparty quantum computation for any number of players k, and prove it secure against up to k1 actively colluding adversaries. To achieve efficiency, we develop a novel public verification protocol for the Clifford authentication code, and a testing protocol for magicstate inputs. Our protocol relies on classical multiparty computation and the computational assumptions that come with it.
In Chapter 5, we study quantum homomorphic encryption, which allows a less powerful client to outsource a Clifford circuit to a more powerful server. A simple scheme, based on classical homomorphic encryption, already exists for this task; we show that it has circuit privacy. In theoretical applications of classical (fully) homomorphic encryption, it is often necessary for the client to verify the correctness of the computation at decoding time. We define a new primitive of "verifiable quantum homomorphic encryption", carefully consider what kind of compactness should be expected in this context, and give two equivalent definitions of security: a semantic one, and a gamebased one. We construct a protocol for verifiable quantum homomorphic encryption, enabling Clifford computations to be delegated and verified in a noninteractive manner. Verification is almost entirely classical; for computations that start and end with classical states, it is completely classical.
In Chapter 6, we extend the results from Chapter 5 to quantum fully homomorphic encryption by devising a procedure to evaluate the nonClifford gate T. Using techniques from instantaneous nonlocal quantum computation, we construct “Tgate gadgets”, quantum states that do not reveal the secret encryption key, but at the same time allow the server to correct errors that depend on that secret key during the evaluation. The size of the gadget depends on the space complexity of the decryption function of the underlying classical homomorphicencryption scheme. The resulting scheme provides privacy against quantum chosenplaintext attacks. We show how to extend it to provide verifiability, in the sense defined in the previous chapter, as well. As a first application of the verifiable scheme, we describe how to construct quantum onetime programs from classical onetime programs and verifiable quantum fully homomorphic encryption.
In Chapter 7, we show that, under a variant of the learningwitherrors assumption, it is impossible to obfuscate classical circuits into quantum states. Virtual blackbox obfuscation is a strong cryptographic primitive: it encrypts a circuit while maintaining its full input/output functionality. A remarkable result by Barak et al. [BGI+01] shows that a general obfuscator that obfuscates classical circuits into classical circuits cannot exist. A promising direction that circumvents this impossibility result was to obfuscate classical circuits into quantum states, which would potentially be better capable of hiding information about the obfuscated circuit. We show that this quantum variant of virtual blackbox obfuscation of classical circuits is generally impossible. On the way, we show that under the presence of dependent classical auxiliary input, even the small class of classical point functions cannot be quantum virtual blackbox obfuscated.
Item Type:  Thesis (Doctoral) 

Report Nr:  DS202101 
Series Name:  ILLC Dissertation (DS) Series 
Year:  2021 
Subjects:  Computation 
Depositing User:  Dr Marco Vervoort 
Date Deposited:  14 Jun 2022 15:17 
Last Modified:  14 Jun 2022 15:17 
URI:  https://eprints.illc.uva.nl/id/eprint/2187 
Actions (login required)
View Item 