No Arabic abstract
We present a scheme for implementing homomorphic encryption on coherent states encoded using phase-shift keys. The encryption operations require only rotations in phase space, which commute with computations in the codespace performed via passive linear optics, and with generalized non-linear phase operations that are polynomials of the photon-number operator in the codespace. This encoding scheme can thus be applied to any computation with coherent state inputs, and the computation proceeds via a combination of passive linear optics and generalized non-linear phase operations. An example of such a computation is matrix multiplication, whereby a vector representing coherent state amplitudes is multiplied by a matrix representing a linear optics network, yielding a new vector of coherent state amplitudes. By finding an orthogonal partitioning of the support of our encoded states, we quantify the security of our scheme via the indistinguishability of the encrypted codewords. Whilst we focus on coherent state encodings, we expect that this phase-key encoding technique could apply to any continuous-variable computation scheme where the phase-shift operator commutes with the computation.
Quantum computers promise not only to outperform classical machines for certain important tasks, but also to preserve privacy of computation. For example, the blind quantum computing protocol enables secure delegated quantum computation, where a client can protect the privacy of their data and algorithms from a quantum server assigned to run the computation. However, this security comes at the expense of interaction: the client and server must communicate after each step of the computation. Homomorphic encryption, on the other hand, avoids this limitation. In this scenario, the server specifies the computation to be performed, and the client provides only the input data, thus enabling secure non-interactive computation. Here we demonstrate a homomorphic-encrypted quantum random walk using single-photon states and non-birefringent integrated optics. The client encrypts their input state in the photons polarization degree of freedom, while the server performs the computation using the path degree of freedom. Our random walk computation can be generalized, suggesting a promising route toward more general homomorphic encryption protocols.
Quantum homomorphic encryption (QHE) is an encryption method that allows quantum computation to be performed on one partys private data with the program provided by another party, without revealing much information about the data nor the program to the opposite party. We propose a framework for (interactive) QHE based on the universal circuit approach. It contains a subprocedure of calculating a classical linear polynomial, which can be implemented with quantum or classical methods; apart from the subprocedure, the framework has low requirement on the quantum capabilities of the party who provides the circuit. We illustrate the subprocedure using a quite simple classical protocol with some privacy tradeoff. For a special case of such protocol, we obtain a scheme similar to blind quantum computation but with the output on a different party. Another way of implementing the subprocedure is to use a recently studied quantum check-based protocol, which has low requirement on the quantum capabilities of both parties. The subprocedure could also be implemented with a classical additive homomorphic encryption scheme. We demonstrate some key steps of the outer part of the framework in a quantum optics experiment.
Future quantum computers are likely to be expensive and affordable outright by few, motivating client/server models for outsourced computation. However, the applications for quantum computing will often involve sensitive data, and the client would like to keep her data secret, both from eavesdroppers and the server itself. Homomorphic encryption is an approach for encrypted, outsourced quantum computation, where the clients data remains secret, even during execution of the computation. We present a scheme for the homomorphic encryption of arbitrary quantum states of light with no more than a fixed number of photons, under the evolution of both passive and adaptive linear optics, the latter of which is universal for quantum computation. The scheme uses random coherent displacements in phase-space to obfuscate client data. In the limit of large coherent displacements, the protocol exhibits asymptotically perfect information-theoretic secrecy. The experimental requirements are modest, and easily implementable using present-day technology.
The notions of qubits and coherent states correspond to different physical systems and are described by specific formalisms. Qubits are associated with a two-dimensional Hilbert space and can be illustrated on the Bloch sphere. In contrast, the underlying Hilbert space of coherent states is infinite-dimensional and the states are typically represented in phase space. For the particular case of binary coherent state alphabets these otherwise distinct formalisms can equally be applied. We capitalize this formal connection to analyse the properties of optimally cloned binary coherent states. Several practical and near-optimal cloning schemes are discussed and the associated fidelities are compared to the performance of the optimal cloner.
In this note, we characterize the form of an invertible quantum operation, i.e., a completely positive trace preserving linear transformation (a CPTP map) whose inverse is also a CPTP map. The precise form of such maps becomes important in contexts such as self-testing and encryption. We show that these maps correspond to applying a unitary transformation to the state along with an ancilla initialized to a fixed state, which may be mixed. The characterization of invertible quantum operations implies that one-way schemes for encrypting quantum states using a classical key may be slightly more general than the ``private quantum channels studied by Ambainis, Mosca, Tapp and de Wolf (FOCS 2000). Nonetheless, we show that their results, most notably a lower bound of 2n bits of key to encrypt n quantum bits, extend in a straightforward manner to the general case.