No Arabic abstract
In this note, we characterize the form of an invertible quantum operation, i.e., a completely positive trace preserving linear transformation (a CPTP map) whose inverse is also a CPTP map. The precise form of such maps becomes important in contexts such as self-testing and encryption. We show that these maps correspond to applying a unitary transformation to the state along with an ancilla initialized to a fixed state, which may be mixed. The characterization of invertible quantum operations implies that one-way schemes for encrypting quantum states using a classical key may be slightly more general than the ``private quantum channels studied by Ambainis, Mosca, Tapp and de Wolf (FOCS 2000). Nonetheless, we show that their results, most notably a lower bound of 2n bits of key to encrypt n quantum bits, extend in a straightforward manner to the general case.
We study the problem of encrypting and authenticating quantum data in the presence of adversaries making adaptive chosen plaintext and chosen ciphertext queries. Classically, security games use string copying and comparison to detect adversarial cheating in such scenarios. Quantumly, this approach would violate no-cloning. We develop new techniques to overcome this problem: we use entanglement to detect cheating, and rely on recent results for characterizing quantum encryption schemes. We give definitions for (i.) ciphertext unforgeability , (ii.) indistinguishability under adaptive chosen-ciphertext attack, and (iii.) authenticated encryption. The restriction of each definition to the classical setting is at least as strong as the corresponding classical notion: (i) implies INT-CTXT, (ii) implies IND-CCA2, and (iii) implies AE. All of our new notions also imply QIND-CPA privacy. Combining one-time authentication and classical pseudorandomness, we construct schemes for each of these new quantum security notions, and provide several separation examples. Along the way, we also give a new definition of one-time quantum authentication which, unlike all previous approaches, authenticates ciphertexts rather than plaintexts.
Non-malleability is an important security property for public-key encryption (PKE). Its significance is due to the fundamental unachievability of integrity and authenticity guarantees in this setting, rendering it the strongest integrity-like property achievable using only PKE, without digital signatures. In this work, we generalize this notion to the setting of quantum public-key encryption. Overcoming the notorious recording barrier known from generalizing other integrity-like security notions to quantum encryption, we generalize one of the equivalent classical definitions, comparison-based non-malleability, and show how it can be fulfilled. In addition, we explore one-time non-malleability notions for symmetric-key encryption from the literature by defining plaintext and ciphertext variants and by characterizing their relation.
Future quantum computers are likely to be expensive and affordable outright by few, motivating client/server models for outsourced computation. However, the applications for quantum computing will often involve sensitive data, and the client would like to keep her data secret, both from eavesdroppers and the server itself. Homomorphic encryption is an approach for encrypted, outsourced quantum computation, where the clients data remains secret, even during execution of the computation. We present a scheme for the homomorphic encryption of arbitrary quantum states of light with no more than a fixed number of photons, under the evolution of both passive and adaptive linear optics, the latter of which is universal for quantum computation. The scheme uses random coherent displacements in phase-space to obfuscate client data. In the limit of large coherent displacements, the protocol exhibits asymptotically perfect information-theoretic secrecy. The experimental requirements are modest, and easily implementable using present-day technology.
Quantum homomorphic encryption (QHE) is an encryption method that allows quantum computation to be performed on one partys private data with the program provided by another party, without revealing much information about the data nor the program to the opposite party. We propose a framework for (interactive) QHE based on the universal circuit approach. It contains a subprocedure of calculating a classical linear polynomial, which can be implemented with quantum or classical methods; apart from the subprocedure, the framework has low requirement on the quantum capabilities of the party who provides the circuit. We illustrate the subprocedure using a quite simple classical protocol with some privacy tradeoff. For a special case of such protocol, we obtain a scheme similar to blind quantum computation but with the output on a different party. Another way of implementing the subprocedure is to use a recently studied quantum check-based protocol, which has low requirement on the quantum capabilities of both parties. The subprocedure could also be implemented with a classical additive homomorphic encryption scheme. We demonstrate some key steps of the outer part of the framework in a quantum optics experiment.
Recently in 2018, Niu et al. proposed a measurement-device-independent quantum secure direct communication protocol using Einstein-Podolsky-Rosen pairs and generalized it to a quantum dialogue protocol (Niu et al., Science bulletin 63.20, 2018). By analyzing these protocols we find some security issues in both these protocols. In this work, we show that both the protocols are not secure against information leakage, and a third party can get half of the secret information without any active attack. We also propose suitable modifications of these protocols to improve the security.