Abstract
In a recent breakthrough, Mahadev constructed a classical verification of quantum computation (CVQC) protocol for a classical client to delegate decision problems in \(\mathsf {BQP}\) to an untrusted quantum prover under computational assumptions. In this work, we explore further the feasibility of CVQC with the more general sampling problems in BQP and with the desirable blindness property. We contribute affirmative solutions to both as follows.
-
Motivated by the sampling nature of many quantum applications (e.g., quantum algorithms for machine learning and quantum supremacy tasks), we initiate the study of CVQC for quantum sampling problems (denoted by \(\mathsf {SampBQP}\)). More precisely, in a CVQC protocol for a \(\mathsf {SampBQP}\) problem, the prover and the verifier are given an input \(x\in \{0,1\}^n\) and a quantum circuit C, and the goal of the classical client is to learn a sample from the output \(z \leftarrow C(x)\) up to a small error, from its interaction with an untrusted prover. We demonstrate its feasibility by constructing a four-message CVQC protocol for \(\mathsf {SampBQP}\) based on the quantum Learning With Errors assumption.
-
The blindness of CVQC protocols refers to a property of the protocol where the prover learns nothing, and hence is blind, about the client’s input. It is a highly desirable property that has been intensively studied for the delegation of quantum computation. We provide a simple yet powerful generic compiler that transforms any CVQC protocol to a blind one while preserving its completeness and soundness errors as well as the number of rounds.
Applying our compiler to (a parallel repetition of) Mahadev’s CVQC protocol for \(\mathsf {BQP}\) and our CVQC protocol for \(\mathsf {SampBQP}\) yields the first constant-round blind CVQC protocol for \(\mathsf {BQP}\) and \(\mathsf {SampBQP}\) respectively, with negligible and inverse polynomial soundness errors respectively, and negligible completeness errors.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
This simulation-based formulation is analogous to the standard composable security definition for QKD.
- 2.
They did not prove our notion of soundness for their construction, but it is not hard to prove its soundness based on their analysis.
- 3.
In more detail, the prover of their protocol is required to send multiple copies of the graph states to the verifier (qubit by qubit). The verifier tests the received supposedly graph states using cut-and-choose and perform the computation using MBQC.
- 4.
It is also reasonable to consider sequential repetition, but we consider parallel repetition for its advantage of preserving the round complexity.
- 5.
The analysis of [7] is more tailored to the decision problems setting, and it is unclear how to extend it to sampling problems where there are multiple bits of output.
- 6.
Actually they are not projectors, but for the simplicity of this discussion let’s assume they are.
- 7.
In literature, the definition of blindness may also require to additionally hide the computation. We note the two notions are equivalent from a feasibility point of view by a standard transformation (see our full version [17]).
- 8.
By using Brakerski’s QFHE, we only need to rely on the QLWE assumption with polynomial modulus in this theorem.
- 9.
The security definitions are not comparable, but it seems plausible that the techniques can be used to achieve negligible soundness error for sampling problems.
- 10.
See our full version [17] for a formal definition of \(\mathsf {QPIP}_\tau \).
- 11.
The original construction is for the purpose of certifying problems in QMA. We consider its simple restriction to problems inside BQP.
- 12.
The soundness and completeness of a \(\mathsf {SampBQP}\) protocol is defined in Definition 3.
- 13.
Compared to Claim 7.1 of [30], we don’t have a \(p_{h,H}\) term here. This is because on rejecting a Hadamard round, the verifier can output a uniformly random string, and that is same as the result of measuring h on the totally mixed state.
- 14.
Actually they are not projectors, but for the simplicity of this discussion let’s assume they are.
- 15.
\(G_{0}\) and \(G_{1}\) of this version are created from doing G of [15] and post-selecting on the ph, th, in register being \(0^t01\) or \(0^t11\) then discard ph, th, in. Property 1 corresponds to Property 1. Property 2 corresponds to Property 4, with \(2^{m-1}\) changes to \(m-1\) because we only have m possible choices of \(\mathbf {c}\). Property 3 corresponds to Property 5. Property 4 comes from the fact that \(G_0\) and \(G_1\) are post-selections of orthogonal results of the same G.
- 16.
A m-fold parallel repetition of \(\varPi _\mathsf {Measure}\) is running step 3 4 5 6 of Protocol 3 with verifier input \(\mathbf {h}\) and prover input \(\rho ^{\otimes n}\), followed by an output step where the verifier rejects if any of the \(m-1\) testing round copies is rejected, otherwise outputs the result of the Hadamard round copy.
- 17.
A quantum circuit with post selection is composed of unitary gates followed by a post selection on some measurement outcome on ancilla qubits, so it produces a subnormalized state, where the amplitude square of the output state is the probability of post selection.
- 18.
The soundness and completeness of a \(\mathsf {SampBQP}\) protocol is defined in Definition 3.
- 19.
An alternative strategy is to assume circuit privacy of \(\mathsf {QHE}\). This seems to require many additional properties such as malicious circuit privacy with efficient simulation and extraction when \(\mathsf {QHE.Keygen}\) is honest and secret key is available, multi-hop evaluation, and classical \(\mathsf {QHE.Eval}\) on classical ciphertexts and circuits. While existing constructions such as [14] achieves some of these properties, we are unsure if any construction satisfies all of these requirements.
- 20.
For the sake of simplicity, we omit accuracy parameter \(\epsilon \) where it exists.
References
Aaronson, S.: The aaronson \$25.00 prize. http://www.scottaaronson.com/blog/?p=284
Aaronson, S.: The equivalence of sampling and searching. Theory Comput. Syst. 55(2), 281–298 (2013)
Aaronson, S., Arkhipov, A.: The computational complexity of linear optics. In: Proceedings of the Forty-Third Annual ACM Symposium on Theory of Computing, STOC 2011, New York, NY, USA, pp. 333–342. Association for Computing Machinery (2011)
Aharonov, D., Ben-Or, M., Eban, E., Mahadev, U.: Interactive proofs for quantum computations. arXiv:1704.04487 (2017)
Aharonov, D., Van Dam, W., Kempe, J., Landau, Z., Lloyd, S., Regev, O.: Adiabatic quantum computation is equivalent to standard quantum computation. SIAM Rev. 50(4), 755–787 (2008)
Alagic, G., Dulek, Y., Schaffner, C., Speelman, F.: Quantum fully homomorphic encryption with verification (2017)
Alagic, G., Childs, A.M., Grilo, A.B., Hung, S.-H.: Non-interactive classical verification of quantum computation. In: Pass, R., Pietrzak, K. (eds.) TCC 2020. LNCS, vol. 12552, pp. 153–180. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64381-2_6
Arute, F., Arya, K., Babbush, R., et al.: Quantum supremacy using a programmable superconducting processor. Nature 574(7779), 505–510 (2019)
Bartusek, J.: Secure quantum computation with classical communication (2021)
Bellare, M., Impagliazzo, R., Naor, M.: Does parallel repetition lower the error in computationally sound protocols? In: 38th Annual Symposium on Foundations of Computer Science, FOCS 1997, Miami Beach, Florida, USA, 19–22 October 1997, pp. 374–383 (1997)
Biamonte, J.D., Love, P.J.: Realizable Hamiltonians for universal adiabatic quantum computers. Phys. Rev. A 78, 012352 (2008)
Brakerski, Z.: Quantum FHE (almost) as secure as classical. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10993, pp. 67–95. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96878-0_3
Broadbent, A., Fitzsimons, J., Kashefi, E.: Universal blind quantum computation. In: 2009 50th Annual IEEE Symposium on Foundations of Computer Science, pp. 517–526 (2009)
Chardouvelis, O., Döttling, N., Malavolta, G.: Rate-1 quantum fully homomorphic encryption. In: Nissim, K., Waters, B. (eds.) TCC 2021. LNCS, vol. 13042, pp. 149–176. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-90459-3_6
Chia, N.-H., Chung, K.-M., Yamakawa, T.: Classical verification of quantum computations with efficient verifier. In: Pass, R., Pietrzak, K. (eds.) TCC 2020. LNCS, vol. 12552, pp. 181–206. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64381-2_7
Chung, K.-M.: Efficient parallel repetition theorems with applications to security amplification. PhD thesis, Harvard University (2011)
Chung, K.-M., Lee, Y., Lin, H.-H., Wu, X.: Constant-round blind classical verification of quantum sampling (2021)
Coladangelo, A., Grilo, A.B., Jeffery, S., Vidick, T.: Verifier-on-a-leash: new schemes for verifiable delegated quantum computation, with quasilinear resources. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11478, pp. 247–277. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17659-4_9
Crépeau, C., Gottesman, D., Smith, A.: Secure multi-party quantum computation. In: Proceedings of the Thirty-Fourth Annual ACM Symposium on Theory of Computing - STOC 2002. ACM Press (2002)
Dupuis, F., Nielsen, J.B., Salvail, L.: Actively secure two-party evaluation of any quantum operation. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 794–811. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32009-5_46
Fitzsimons, J.F., Hajdušek, M., Morimae, T.: Post hoc verification of quantum computation. Phys. Rev. Lett. 120, 040501 (2018)
Fitzsimons, J.F., Kashefi, E.: Unconditionally verifiable blind quantum computation. Phys. Rev. A 96, 012303 (2017)
Gheorghiu, A., Kashefi, E., Wallden, P.: Robustness and device independence of verifiable blind quantum computing. New J. Phys. 17(8), 083040 (2015)
Gheorghiu, A., Vidick, T.: Computationally-secure and composable remote state preparation. In: FOCS, pp. 1024–1033 (2019)
Hajdušek, M., Pérez-Delgado, C.A., Fitzsimons, J.F.: Device-independent verifiable blind quantum computation. arXiv e-prints, arXiv:1502.02563, February 2015
Hayashi, M., Morimae, T.: Verifiable measurement-only blind quantum computing with stabilizer testing. Phys. Rev. Lett. 115(22), 220502 (2015)
Kempe, J., Kitaev, A., Regev, O.: The complexity of the local Hamiltonian problem. SIAM J. Comput. 35(5), 1070–1097 (2006)
Kitaev, A.Y., Shen, A., Vyalyi, M.N.: Classical and Quantum Computation. Graduate Studies in Mathematics. American Mathematical Society (2002)
Mahadev, U.: Classical homomorphic encryption for quantum circuits. In: 2018 IEEE 59th Annual Symposium on Foundations of Computer Science (FOCS) (2018)
Mahadev, U.: Classical verification of quantum computations. In: 2018 IEEE 59th Annual Symposium on Foundations of Computer Science (FOCS) (2018)
Marriott, C., Watrous, J.: Quantum Arthur-Merlin games. Comput. Complex. 14(2), 122–152 (2005). https://doi.org/10.1007/s00037-005-0194-x
Morimae, T., Nagaj, D., Schuch, N.: Quantum proofs can be verified using only single-qubit measurements. Phys. Rev. A 93, 022326 (2016)
Pietrzak, K., Wikström, D.: Parallel repetition of computationally sound protocols revisited. J. Cryptol. 25(1), 116–135 (2012)
Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. J. ACM 56(6), 34:1–34:40 (2009)
Reichardt, B.W., Unger, F., Vazirani, U.: Classical command of quantum systems. Nature 496(7746), 456 (2013)
Shepherd, D., Bremner, M.J.: Temporally unstructured quantum computation. Proc. R. Soc. A. 465, 1413–1439 (2009)
Shor, P.W.: Algorithms for quantum computation: discrete logarithms and factoring. In: Proceedings 35th Annual Symposium on Foundations of Computer Science, pp. 124–134 (1994)
Takeuchi, Y., Morimae, T.: Verification of many-qubit states. Phys. Rev. X 8(2), 021060 (2018)
Acknowledgments
The authors would like to thank Tomoyuki Morimae for his valuable feedback that helped improve the paper and for pointing out the related works [26, 38]. We are also thankful to anonymous reviewers for various useful comments.
Kai-Min Chung is partially supported by the 2019 Academia Sinica Career Development Award under Grant no. 23-17, and MOST QC project under Grant no. MOST 108-2627-E-002-001. This work was done while Yi Lee was affiliated to Academia Sinica and to National Taiwan University. Part of this work was done while Han-Hsuan Lin was supported by Scott Aaronson’s Vannevar Bush Faculty Fellowship from the US Department of Defense. Partially funded by MOST Grant no. 110-2222-E-007-002-MY3. Xiaodi Wu is partially supported by the U.S. National Science Foundation grant CCF-1755800, CCF-1816695, and CCF-1942837 (CAREER).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 International Association for Cryptologic Research
About this paper
Cite this paper
Chung, KM., Lee, Y., Lin, HH., Wu, X. (2022). Constant-Round Blind Classical Verification of Quantum Sampling. In: Dunkelman, O., Dziembowski, S. (eds) Advances in Cryptology – EUROCRYPT 2022. EUROCRYPT 2022. Lecture Notes in Computer Science, vol 13277. Springer, Cham. https://doi.org/10.1007/978-3-031-07082-2_25
Download citation
DOI: https://doi.org/10.1007/978-3-031-07082-2_25
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-07081-5
Online ISBN: 978-3-031-07082-2
eBook Packages: Computer ScienceComputer Science (R0)
