Composable Security of Delegated Quantum Computation

Dunjko, Vedran; Fitzsimons, Joseph F.; Portmann, Christopher; Renner, Renato

doi:10.1007/978-3-662-45608-8_22

Cited by 68 publications

(138 citation statements)

References 48 publications

Supporting

Mentioning

135

Contrasting

Order By: Relevance

“…0-blindness) and ϵ-blind-verifiability discussed in Section II for exponentially small ϵ. 17 The UBQC protocol can also be used as a method to remotely prepare the states used in the ABE protocol, resulting in a hybrid protocol which requires only single qubit state preparations. 38 …”

Section: Bqc With Semi-classical Clientsmentioning

confidence: 99%

“…10 while security under the stronger composable definition proved in ref. 19. It is worth noting that while the resource state requires NM qubits, due to the commutation of operations involving non-neighbouring qubits, not every qubit needs to be present in the initial state.…”

Section: Bqc With Semi-classical Clientsmentioning

confidence: 99%

“…For a more thorough treatment of composable security definitions for blind computation, curious readers are referred to ref. 19.…”

Section: Securitymentioning

confidence: 99%

“…However, if subsequent to the conclusion of the protocol, they were to learn something about the resulting state received by the client, it might be possible for them to infer additional details of the computation. To this end, stronger security definitions for delegated computation have been proposed which seek to fully define the behaviour of BQC protocols 17 using the abstract cryptography framework of Maurer and Renner. 18 This is achieved through the use of the notion of an ideal resource, which fully describes the functionality of blind computation without making reference to any particular protocol.…”

Section: Securitymentioning

confidence: 99%

See 3 more Smart Citations

Private quantum computation: an introduction to blind quantum computing and related protocols

2017

Self Cite

View full text Add to dashboard Cite

Quantum technologies hold the promise of not only faster algorithmic processing of data, via quantum computation, but also of more secure communications, in the form of quantum cryptography. In recent years, a number of protocols have emerged which seek to marry these concepts for the purpose of securing computation rather than communication. These protocols address the task of securely delegating quantum computation to an untrusted device while maintaining the privacy, and in some instances the integrity, of the computation. We present a review of the progress to date in this emerging area.npj Quantum Information (2017) 3:23 ; doi:10.1038/s41534-017-0025-3 INTRODUCTIONFor almost as long as programmable computers have existed, there has been a strong motivation for users to run calculations on hardware that they do not personally control. Initially, this was due to the high cost of such devices coupled with the need for specialised facilities to house them. Universities, government agencies and large corporations housed computers in central locations where they ran jobs for their users in batches. Over time, computers have become ubiquitous, but demand for centralised resources has not abated. Even today, the use of delegated computation is widespread, in the form of cloud computing.While we do not yet know how the field of quantum computing will develop, it seems reasonable to speculate that it will follow a similar path. Indeed this speculation is somewhat born out by recent efforts to provide access to rudimentary quantum processors over the Internet.1 Today we are in a far better position to enable remote access to quantum computers than was possible with early conventional computers, due to the existence of high speed global communications networks, and the ubiquity of classical processors. Furthermore, the discovery of quantum key distribution protocols 2, 3 has provided the impetus to develop quantum communication over existing optical fibre networks

show abstract

Section: Bqc With Semi-classical Clientsmentioning

confidence: 99%

Section: Bqc With Semi-classical Clientsmentioning

confidence: 99%

“…For a more thorough treatment of composable security definitions for blind computation, curious readers are referred to ref. 19.…”

Section: Securitymentioning

confidence: 99%

Section: Securitymentioning

confidence: 99%

See 2 more Smart Citations

Private quantum computation: an introduction to blind quantum computing and related protocols

2017

Self Cite

View full text Add to dashboard Cite

show abstract

“…This enables one to use relatively basic obfuscation techniques in order to prevent an untrusted operator (that implements an MBQC computation) from obtaining access to the true flow of information. This key observation has led to an entirely new approach to quantum verification that exploits cryptographic techniques [4,5,[10][11][12][13][14][15][16][17]. The core idea is to encode simple trap computations within a target computation that is run on a remote device.…”

Section: Introductionmentioning

confidence: 99%

Garbled Quantum Computation

Kashefi

Wallden

2017

Cryptography

View full text Add to dashboard Cite

Abstract:The universal blind quantum computation protocol (UBQC) enables an almost classical client to delegate a quantum computation to an untrusted quantum server (in the form of a garbled quantum circuit) while the security for the client is unconditional. In this contribution, we explore the possibility of extending the verifiable UBQC, to achieve further functionalities following the analogous research for classical circuits (Yao 1986). First, exploring the asymmetric nature of UBQC (the client preparing only single qubits, while the server runs the entire quantum computation), we present a "Yao"-type protocol for secure two-party quantum computation. Similar to the classical setting, our quantum Yao protocol is secure against a specious (quantum honest-but-curious) garbler, but in our case, against a (fully) malicious evaluator. Unlike the previous work on quantum two-party computation of Dupuis et al., 2010, we do not require any online-quantum communication between the garbler and the evaluator and, thus, no extra cryptographic primitive. This feature will allow us to construct a simple universal one-time compiler for any quantum computation using one-time memory, in a similar way to the classical work of Goldwasser et al., 2008, while more efficiently than the previous work of Broadbent et al., 2013.

show abstract

Composable and Finite Computational Security of Quantum Message Transmission

Banfi

Maurer

Portmann

et al. 2019

Theory of Cryptography

Self Cite

View full text Add to dashboard Cite

Recent research in quantum cryptography has led to the development of schemes that encrypt and authenticate quantum messages with computational security. The security definitions used so far in the literature are asymptotic, gamebased, and not known to be composable. We show how to define finite, composable, computational security for secure quantum message transmission. The new definitions do not involve any games or oracles, they are directly operational: a scheme is secure if it transforms an insecure channel and a shared key into an ideal secure channel from Alice to Bob, i.e., one which only allows Eve to block messages and learn their size, but not change them or read them. By modifying the ideal channel to provide Eve with more or less capabilities, one gets an array of different security notions. By design these transformations are composable, resulting in composable security. Crucially, the new definitions are finite. Security does not rely on the asymptotic hardness of a computational problem. Instead, one proves a finite reduction: if an adversary can distinguish the constructed (real) channel from the ideal one (for some fixed security parameters), then she can solve a finite instance of some computational problem. Such a finite statement is needed to make security claims about concrete implementations. We then prove that (slightly modified versions of) protocols proposed in the literature satisfy these composable definitions. And finally, we study the relations between some game-based definitions and our composable ones. In particular, we look at notions of quantum authenticated encryption and QCCA2, and show that they suffer from the same issues as their classical counterparts: they exclude certain protocols which are arguably secure.

show abstract

Composable Security of Delegated Quantum Computation

Cited by 68 publications

References 48 publications

Private quantum computation: an introduction to blind quantum computing and related protocols

Private quantum computation: an introduction to blind quantum computing and related protocols

Garbled Quantum Computation

Composable and Finite Computational Security of Quantum Message Transmission

Contact Info

Product

Resources

About