Skip to main content
Springer Nature Link
Log in

How to Construct Quantum FHE, Generically

  • Conference paper
  • First Online:
Advances in Cryptology – CRYPTO 2024 (CRYPTO 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14922))

Included in the following conference series:

  • 1001 Accesses

Abstract

We construct a (compact) quantum fully homomorphic encryption (QFHE) scheme starting from any (compact) classical fully homomorphic encryption scheme with decryption in \(\textsf{NC}^{1}\), together with a dual-mode trapdoor function family. Compared to previous constructions (Mahadev, FOCS 2018; Brakerski, CRYPTO 2018) which made non-black-box use of similar underlying primitives, our construction provides a pathway to instantiations from different assumptions. Our construction uses the techniques of Dulek, Schaffner and Speelman (CRYPTO 2016) and shows how to make the client in their QFHE scheme classical using dual-mode trapdoor functions. As an additional contribution, we show a new instantiation of dual-mode trapdoor functions from group actions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    In both cases, we get a leveled QFHE scheme, one that supports quantum circuits of an a-priori bounded depth, from LWE. To construct an unleveled QFHE scheme, both works rely on an appropriate circular security assumption, different from the one used to get an unleveled classical FHE scheme. From this point on, we focus on constructing a leveled QFHE scheme.

  2. 2.

    This is, in effect, a remote state preparation protocol for the DSS gadget states; however, in the QFHE setting (as opposed to the verification setting), the protocol only needs to be secure against a semi-honest/specious server.

  3. 3.

    Our dTFs are a weakening of Mahadev’s extended NTCFs in two ways: we do not require the adaptive hardcore bit property, and we do not need the functions to be injective. Relaxing the definition to allow many-to-one functions allows us to obtain dTFs with good correctness properties from group actions, as well as dTFs from weaker LWE assumption based on [Bra18].

  4. 4.

    We assume that there is an efficient binary encoding that maps elements \(x \in \mathcal {X}\) to binary strings of length t, say. For simplicity, we do not use additional notation to distinguish between a set element \(x\in \mathcal {X}\) and its binary representation. We write \(\bar{\mathcal {X}}\) to denote \(\{0,1\}^t\), and when we write \(d \cdot x\) for \(d \in \bar{\mathcal {X}}\), we think of x as its binary encoding, and the dot product as being over \(\mathbb {F}_2\).

  5. 5.

    We remark that there is a natural way to generalize dTFs and 4-to-2 dTFs so that they are specializations of the same primitive. In short, we can define a k-mode trapdoor function family to be a collection of tuples of injective functions \((f_i)_{i \in \mathcal {I}}\) with finite index set \(\mathcal {I}\). The two modes are defined by two distinct partition functions \(p_0, p_1:\mathcal {I}\rightarrow \{0,1\}\) of \(\mathcal {I}\). In mode \(\mu \in [k]\) for some \(k\in \mathbb {N}\), two functions \(f_i, f_{i'}\) have the same image if \(p_\mu (i) = p_{\mu }(i')\); otherwise \(f_i, f_{i'}\) have disjoint images. We conjecture that this generalized notion could be useful in other applications. However, we present separate definitions of both dTFs and 4-to-2 dTFs for the sake of clarity, at the cost of some redundancy.

  6. 6.

    Although \(\pi \) is public and known to the evaluator, \(\pi ^{sk}\) is still private and known only to the client.

  7. 7.

    The single-qubit gates \(\textsf{Z}^{z_0}, \textsf{Z}^{z_1}\) are applied to the first qubits of the 0, 1 registers.

  8. 8.

    An important caveat is that the isogeny-based group actions have less-than-ideal algorithmic properties; for example, it is not always possible to efficiently compute the group action for any group element. One approach to fix this issue, taken by CSI-FiSh [BKV19], is to perform a preprocessing step and compute the group structure in the form of relation lattice of low-norm generators.

  9. 9.

    We have some flexibility in terms of setting the parameters: even a lower bound of just \(B \ge 4n\) gives us a 1/2-weak dTF, which we can amplify to get negligible correctness error using Lemma 4.

References

  1. Alamati, N., De Feo, L., Montgomery, H., Patranabis, S.: Cryptographic group actions and applications. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12492, pp. 411–439. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64834-3_14

    Chapter  Google Scholar 

  2. Alamati, N., Malavolta, G., Rahimi, A.: Candidate trapdoor claw-free functions from group actions with applications to quantum protocols. In: Kiltz, E., Vaikuntanathan, V. (eds.) Theory of Cryptography. TCC 2022. LNCS, vol. 13747. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-22318-1_10

  3. Brakerski, Z., Christiano, P., Mahadev, U., Vazirani, U., Vidick, T.: A cryptographic test of Quantumness and certifiable randomness from a single quantum device. J. ACM (JACM) 68(5), 1–47 (2021)

    Article  MathSciNet  Google Scholar 

  4. Brakerski, Z., Döttling, N., Garg, S., Malavolta, G.: Factoring and pairings are not necessary for iO: Circular-secure LWE suffices. Cryptology ePrint Archive (2020)

    Google Scholar 

  5. Bartusek, J., Guan, J., Ma, F., Zhandry, M.: Return of GGH15: provable security against zeroizing attacks. In: Beimel, A., Dziembowski, S. (eds.) TCC 2018. LNCS, vol. 11240, pp. 544–574. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03810-6_20

    Chapter  Google Scholar 

  6. Brakerski, Z., Gentry, C., Vaikuntanathan, V.: (Leveled) fully homomorphic encryption without bootstrapping. ACM Trans. Comput. Theory 6(3), 13:1–13:36 (2014)

    Google Scholar 

  7. Broadbent, A., Jeffery, S.: Quantum homomorphic encryption for circuits of low T-gate complexity. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 609–629. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48000-7_30

    Chapter  Google Scholar 

  8. Beullens, W., Kleinjung, T., Vercauteren, F.: CSI-FiSh: Efficient isogeny based signatures through class group computations. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019. LNCS, vol. 11921, pp. 227–247. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-34578-5_9

    Chapter  Google Scholar 

  9. Brakerski, Z.: Quantum FHE (Almost) as secure as classical. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10993, pp. 67–95. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96878-0_3

    Chapter  Google Scholar 

  10. Brakerski, Z., Vaikuntanathan, V.: Efficient fully homomorphic encryption from (standard) LWE. SIAM J. Comput. 43(2), 831–871 (2014)

    Article  MathSciNet  Google Scholar 

  11. Castryck, W., Decru, T.: An efficient key recovery attack on SIDH. In: Hazay, C., Stam, M. (eds.) Advances in Cryptology – EUROCRYPT 2023. EUROCRYPT 2023. LNCS, vol. 14008. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-30589-4_15

  12. Charles, D.X., Lauter, K.E., Goren, E.Z.: Cryptographic hash functions from expander graphs. J. CRYPTOLOGY 22(1), 93–113 (2009)

    Google Scholar 

  13. Castryck, W., Lange, T., Martindale, C., Panny, L., Renes, J.: CSIDH: an efficient post-quantum commutative group action. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11274, pp. 395–427. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03332-3_15

    Chapter  Google Scholar 

  14. Canetti, R., Lin, H., Tessaro, S., Vaikuntanathan, V.: Obfuscation of probabilistic circuits and applications. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9015, pp. 468–497. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46497-7_19

    Chapter  Google Scholar 

  15. Couveignes, J.-M.: Hard homogeneous spaces. Cryptology ePrint Archive (2006)

    Google Scholar 

  16. De Feo, L., Jao, D., Plût, J.: Towards quantum-resistant cryptosystems from super singular elliptic curve isogenies. J. Math. Cryptology 8(3), 209–247 (2014)

    Article  MathSciNet  Google Scholar 

  17. Dunjko, V., Kashefi, E.: Blind quantum computing with two almost identical states (2016). arXiv preprint arXiv:1604.01586

  18. Dulek, Y., Schaffner, C., Speelman, F.: Quantum homomorphic encryption for polynomial-sized circuits. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9816, pp. 3–32. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53015-3_1

    Chapter  Google Scholar 

  19. Gentry, C., Gorbunov, S., Halevi, S.: Graph-induced multilinear maps from lattices. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9015, pp. 498–527. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46497-7_20

    Chapter  Google Scholar 

  20. Gheorghiu, A., Metger, T., Poremba, A.: Quantum cryptography with classical communication: parallel remote state preparation for copy-protection, verification, and more (2022). arXiv preprint arXiv:2201.13445

  21. Gentry, C., Sahai, A., Waters, B.: Homomorphic encryption from learning with errors: conceptually-simpler, asymptotically-faster, attribute-based. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 75–92. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40041-4_5

    Chapter  Google Scholar 

  22. Gheorghiu, A., Vidick, T.: Computationally-secure and composable remote state preparation. In: 2019 IEEE 60th Annual Symposium on Foundations of Computer Science (FOCS), pp. 1024–1033. IEEE (2019)

    Google Scholar 

  23. Jao, D., De Feo, L.: Towards Quantum-Resistant Cryptosystems from Supersingular Elliptic Curve Isogenies. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 19–34. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25405-5_2

    Chapter  Google Scholar 

  24. Mahadev, U.: Classical verification of quantum computations. In: 2018 IEEE 59th Annual Symposium on Foundations of Computer Science (FOCS), pp. 259–267. IEEE (2018)

    Google Scholar 

  25. Mahadev, U.: Classical homomorphic encryption for quantum circuits. SIAM J. Comput. (0), FOCS18–189 (2020)

    Google Scholar 

  26. Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. J. ACM (JACM) 56(6), 1–40 (2009)

    Article  MathSciNet  Google Scholar 

  27. Rostovtsev, A., Stolbunov, A.: Public-key cryptosystem based on isogenies. Cryptology ePrint Archive (2006)

    Google Scholar 

  28. Stolbunov, A.: Reductionist security arguments for public-key cryptographic schemes based on group action. Norsk informasjonssikkerhetskonferanse (NISK), pp. 97–109 (2009)

    Google Scholar 

  29. Stolbunov, A.: Constructing public-key cryptographic schemes based on class group action on a set of isogenous elliptic curves. Adv. Math. Commun. 4(2), 215–235 (2010)

    Article  MathSciNet  Google Scholar 

  30. Sahai, A., Vadhan, S.: A complete problem for statistical zero knowledge. J. ACM (JACM) 50(2), 196–249 (2003)

    Article  MathSciNet  Google Scholar 

  31. Teske, E.: An elliptic curve trapdoor system. J. Cryptol. 19, 115–133 (2006)

    Article  MathSciNet  Google Scholar 

  32. Wichs, D.: Rerandomizable encryption from group actions. Personal Communication (2024)

    Google Scholar 

  33. Wee, H., Wichs, D.: Candidate obfuscation via oblivious LWE sampling. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021. LNCS, vol. 12698, pp. 127–156. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-77883-5_5

    Chapter  Google Scholar 

Download references

Acknowledgements

This research was supported in part by DARPA under Agreement Number HR00112020023, NSF CNS-2154149, a Simons Investigator award and a Thornton Family Faculty Research Innovation Fellowship. AG was supported in addition by the Ida M. Green Fellowship from MIT.

Author information

Authors and Affiliations

  1. MIT CSAIL, Cambridge, USA

    Aparna Gupte & Vinod Vaikuntanathan

Authors
  1. Aparna Gupte
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vinod Vaikuntanathan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Aparna Gupte .

Editor information

Editors and Affiliations

  1. Boston University, Boston, MA, USA

    Leonid Reyzin

  2. University of Waterloo, Waterloo, ON, Canada

    Douglas Stebila

Rights and permissions

Reprints and permissions

Copyright information

© 2024 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Gupte, A., Vaikuntanathan, V. (2024). How to Construct Quantum FHE, Generically. In: Reyzin, L., Stebila, D. (eds) Advances in Cryptology – CRYPTO 2024. CRYPTO 2024. Lecture Notes in Computer Science, vol 14922. Springer, Cham. https://doi.org/10.1007/978-3-031-68382-4_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-68382-4_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-68381-7

  • Online ISBN: 978-3-031-68382-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships