Multiparty Delegated Quantum Computing
Abstract
:1. Introduction
2. Materials and Methods
2.1. MeasurementBased Quantum Computing
2.2. Multiparty Delegated Quantum Computing
 Each client’s strategy ${\pi}_{k},\phantom{\rule{3.33333pt}{0ex}}k\in [n]$ consists of a set of local quantum operators $({L}_{1}^{k},\cdots ,{L}_{t}^{k})$ such that ${L}_{i}^{k}:\mathcal{L}({\mathcal{C}}_{k})\to \mathcal{L}({\mathcal{C}}_{k})$ for $1\le i\le t$.
 The server’s strategy ${\pi}_{S}$ consists of a set of local quantum operators $({L}_{1}^{S},\cdots ,{L}_{t}^{S})$ such that ${L}_{i}^{S}:\mathcal{L}(\mathcal{S})\to \mathcal{L}(\mathcal{S})$ for $1\le i\le t$.
 The oracle $\mathcal{O}$ is a set of global quantum operators $\mathcal{O}=({\mathcal{O}}_{1},\cdots ,{\mathcal{O}}_{t})$ such that ${\mathcal{O}}_{i}:\mathcal{L}({\mathcal{C}}_{1}\otimes \cdots \otimes {\mathcal{C}}_{n}\otimes \mathcal{S})\to \mathcal{L}({\mathcal{C}}_{1}\otimes \cdots \otimes {\mathcal{C}}_{n}\otimes \mathcal{S})$ for $1\le i\le t$.
2.2.1. Properties
3. The Protocol
Algorithm 1 State preparation for $j\in I$. 
server stores states received from clients ${C}_{k}$ to distinct registers ${\mathcal{S}}_{k}\subset \mathcal{S}$ ($k=1,\cdots ,n$); for $k=1,\cdots ,n1$ if $k=j$ then break; if $k=n1$ and $j=n$ then break; if $k=j1$, then CNOT on ${\mathcal{S}}_{k}\otimes {\mathcal{S}}_{k+2}$; else CNOT on ${\mathcal{S}}_{k}\otimes {\mathcal{S}}_{k+1}$; end; measure state in ${\mathcal{S}}_{k}$ and get outcome ${t}_{j}^{k}$; end; if $j=n$ then CNOT on ${\mathcal{S}}_{n1}\otimes {\mathcal{S}}_{n}$; measure state in ${\mathcal{S}}_{n1}$ and get outcome ${t}_{n}^{n1}$; else CNOT on $({\mathcal{S}}_{n}\otimes {\mathcal{S}}_{j})$; measure state in ${\mathcal{S}}_{n}$ and get outcome ${t}_{j}^{n}$; end; 
Algorithm 2 (State preparation for $j\in {O}^{c}\backslash I$). 
server stores states received from clients ${C}_{k}$ to distinct registers ${\mathcal{S}}_{k}\subset \mathcal{S}$ ($k=1,\cdots ,n$); for $k=1,\cdots ,n1$ CNOT on ${\mathcal{S}}_{k}\otimes {\mathcal{S}}_{k+1}$; measure state in ${\mathcal{S}}_{k}$ and get outcome ${t}_{j}^{k}$; end; 
Algorithm 3 (Enforcing honest behaviour for client ${C}_{k}$). 

4. Analysis of the Protocol
4.1. Correctness
Algorithm 4 Multiparty quantum computing protocol. 
Preparation phase quantum input: For $j\in I$
$${\theta}_{j}={\theta}_{j}^{j}+\sum _{k=1,k\ne j}^{n}{(1)}^{{\u2a01}_{i=k}^{n}{t}_{j}^{i}+{a}_{j}}{\theta}_{j}^{k}$$
nonoutput/noninput qubits: For $j\in {O}^{c}\backslash I$
graph state: The server entangles the $n+q$ qubits to a brickwork state by applying ctrlZ gates. Computation phase nonoutput qubits: For $j\in {O}^{c}$
output qubits: For $j\in O$, the server sends the “encrypted” quantum state to client ${C}_{jq}$. All participants jointly compute ${s}_{j}^{X}$ and ${s}_{j}^{Z}$ and send it to client ${C}_{jq}$, who applies operation ${Z}^{{s}_{j}^{Z}}{X}^{{s}_{j}^{X}}$ to retrieve the actual quantum output. 
4.2. Malicious Server
Algorithm 5 Simulator for the server. 
nonoutput qubits: For $j\in {O}^{c}$
output qubits: For $j\in O$

Algorithm 6 MPQC resource. 

4.3. Malicious Clients
Algorithm 7 Simulator for clients. 

5. Conclusions
Acknowledgments
Author Contributions
Conflicts of Interest
Appendix A
 For $j\ne n$: ${\tilde{\theta}}_{j}={\theta}_{j}^{n}+{\sum}_{k=1,k\ne j}^{n1}{(1)}^{{\u2a01}_{i=k}^{n1}{t}_{j}^{i}}{\theta}_{j}^{k}$.
 For $j=n$: ${\tilde{\theta}}_{j}={\theta}_{n}^{n1}+{\sum}_{k=1}^{n2}{(1)}^{{\u2a01}_{i=k}^{n2}{t}_{n}^{i}}{\theta}_{n}^{k}$.
 For $j\ne n$:$${\theta}_{j}={\theta}_{j}^{j}+{(1)}^{{t}_{j}^{n}+{a}_{j}}({\theta}_{j}^{n}+\sum _{k=1,k\ne j}^{n1}{(1)}^{{\u2a01}_{i=k}^{n1}{t}_{j}^{i}}{\theta}_{j}^{k})={\theta}_{j}^{j}+\sum _{k=1,k\ne j}^{n}{(1)}^{{\u2a01}_{i=k}^{n}{t}_{j}^{i}+{a}_{j}}{\theta}_{j}^{k}$$
 For $j=n$:$${\theta}_{n}={\theta}_{n}^{n}+{(1)}^{{t}_{n}^{n1}+{a}_{n}}({\theta}_{n}^{n1}+\sum _{k=1}^{n2}{(1)}^{{\u2a01}_{i=k}^{n2}{t}_{n}^{i}}{\theta}_{n}^{k})={\theta}_{n}^{n}+\sum _{k=1}^{n1}{(1)}^{{\u2a01}_{i=k}^{n1}{t}_{n}^{i}+{a}_{n}}{\theta}_{n}^{k}$$
Algorithm A1 Multiparty quantum computing. 
quantum input: For $j\in I$
$${\theta}_{j}={\theta}_{j}^{j}+\sum _{k=1,k\ne j}^{n}{(1)}^{{\u2a01}_{i=k}^{n}{t}_{j}^{i}+{a}_{j}}{\theta}_{j}^{k}$$
nonoutput/noninput qubits: For $j\in {O}^{c}\backslash I$
graph state: The server entangles the $n+q$ qubits to a brickwork state by applying ctrlZ gates. Computation phase nonoutput qubits: For $j\in {O}^{c}$
All participants jointly compute ${s}_{j}^{X}$ and ${s}_{j}^{Z}$ and send it to client ${C}_{jq}$, who applies operation ${Z}^{{s}_{j}^{Z}}{X}^{{s}_{j}^{X}}$ to retrieve the actual quantum output. 
Algorithm A2 Multiparty quantum computing (using EPR pairs). 
quantum input: For $j\in I$
$${\theta}_{j}=\pi \underset{k=1}{\overset{n}{\u2a01}}{r}_{j}^{k}+{\widehat{\theta}}_{j}^{j}+\sum _{k=1,k\ne j}^{n}{(1)}^{{\u2a01}_{i=k}^{n}{t}_{j}^{i}+{a}_{j}}{\widehat{\theta}}_{j}^{k}$$
nonoutput/noninput qubits: For $j\in {O}^{c}\backslash I$
output qubits: For $j\in O$, the server prepares $\left+\right.\u232a$ states. graph state: The server entangles the $n+q$ qubits to a brickwork state by applying ctrlZ gates. Computation phase nonoutput qubits: For $j\in {O}^{c}$
All participants jointly compute ${s}_{j}^{X}$ and ${s}_{j}^{Z}$ and send it to client ${C}_{jq}$, who applies operation ${Z}^{{s}_{j}^{Z}}{X}^{{s}_{j}^{X}}$ to retrieve the actual quantum output. 
Algorithm A3 Multiparty quantum computing (using EPR pairs and delaying teleportation). 
Preparation phase quantum input: For $j\in I$
nonoutput/noninput qubits: For $j\in {O}^{c}\backslash I$
graph state: The server entangles the $n+q$ qubits to a brickwork state by applying ctrlZ gates. Computation phase nonoutput qubits: For $j\in {O}^{c}$
All participants jointly compute ${s}_{j}^{X}$ and ${s}_{j}^{Z}$ and send it to client ${C}_{jq}$, who applies operation ${Z}^{{s}_{j}^{Z}}{X}^{{s}_{j}^{X}}$ to retrieve the actual quantum output. 
Algorithm A4 Simulator for server. 
nonoutput qubits: For $j\in {O}^{c}$
output qubits: For $j\in O$

Algorithm A5 MPQC resource. 

References
 Lo, H.K.; Chau, H.F. Is quantum bit commitment really possible? Phys. Rev. Lett. 1997, 78, 3410–3413. [Google Scholar] [CrossRef] [Green Version]
 Mayers, D. Unconditionally secure quantum bit commitment is impossible. Phys. Rev. Lett. 1997, 78, 3414–3417. [Google Scholar] [CrossRef]
 Lo, H.K. Insecurity of quantum secure computations. Phys. Rev. A 1997, 56, 1154–1162. [Google Scholar] [CrossRef]
 Salvail, L.; Schaffner, C.; Sotakova, M. On the Power of TwoParty Quantum Cryptography. In Proceedings of the ASIACRYPT 2009, Tokyo, Japan, 6–10 December 2009; Volume 5912, pp. 70–87. [Google Scholar]
 Dupuis, F.; Nielsen, J.B.; Salvail, L. Secure twoparty quantum evaluation of unitaries against specious adversaries. In Proceedings of the CRYPTO 2010, Santa Barbara, CA, USA, 15–19 August 2010; Volume 6223, pp. 685–706. [Google Scholar]
 Dupuis, F.; Nielsen, J.B.; Salvail, L. Actively Secure TwoParty Evaluation of any Quantum Operation. In Proceedings of the CRYPTO 2012, Santa Barbara, CA, USA, 19–23 August 2012; pp. 794–811. [Google Scholar]
 BenOr, M.; Crépeau, C.; Gottesman, D.; Hassidim, A.; Smith, A. Secure Multiparty Quantum Computation with (Only) a Strict Honest Majority. In Proceedings of the IEEE FOCS 2006, Berkeley, CA, USA, 21–24 October 2006; pp. 249–260. [Google Scholar]
 Raussendorf, R.; Briegel, H.J. A OneWay Quantum Computer. Phys. Rev. Lett. 2001, 86, 5188. [Google Scholar] [CrossRef] [PubMed]
 Leung, D.W. Quantum computation by measurements. Int. J. Quantum Inf. 2004, 2, 33–43. [Google Scholar] [CrossRef]
 Broadbent, A.; Fitzsimons, J.F.; Kashefi, E. Universal blind quantum computation. In Proceedings of the FOCS 2009, Atlanta, GA, USA, 25–27 October 2009; pp. 517–526. [Google Scholar]
 Fitzsimons, J.F.; Kashefi, E. Unconditionally Verifiable Blind Computation. arXiv 2012, arXiv:1203.5217. [Google Scholar]
 Kashefi, E.; Wallden, P. Garbled Quantum Computation. arXiv 2016, arXiv:1606.06931. [Google Scholar] [CrossRef]
 Danos, V.; Kashefi, E. Determinism in the oneway model. Phys. Rev. A 2006, 74, 052310. [Google Scholar] [CrossRef]
 Canetti, R. Universally composable security: A new paradigm for cryptographic protocols. In Proceedings of the FOCS 2001, Las Vegas, NV, USA, 14–17 October 2001; pp. 136–147. [Google Scholar]
 Ishai, Y.; Prabhakaran, M.; Sahai, A. Founding cryptography on oblivious transfer–efficiently. In Proceedings of the CRYPTO 2008, Santa Barbara, CA, USA, 17–21 August 2008; Springer: Berlin/Heidelberg, Germany, 2008; pp. 572–591. [Google Scholar]
 Goldwasser, S.; Lindell, Y. Secure Computation without Agreement. In Distributed Computing (DISC 2002); Lecture Notes in Computer Science; Springer: Berlin/Heidelberg, Germany, 2002; Volume 2508. [Google Scholar]
 Unruh, D. Universally Composable Quantum Multiparty Computation. In Proceedings of the EUROCRYPT 2010, French Riviera, 30 May–3 June 2010; Springer: Berlin/Heidelberg, Germany, 2010; Volume 6110, pp. 486–505. [Google Scholar]
 Maurer, U.; Renner, R. Abstract cryptography. In Innovations in Computer Science; Tsinghua University Press: Beijing, China, 2011. [Google Scholar]
 Kumaresan, R.; Patra, A.; Rangan, C.P. The round complexity of verifiable secret sharing: The statistical case. In Proceedings of the ASIACRYPT 2010, Singapore, 5–9 December 2010; Springer: Berlin/Heidelberg, Germany, 2010; Volume 6477, pp. 431–447. [Google Scholar]
 Laud, P.; Pankova, A. Verifiable Computation in Multiparty Protocols with Honest Majority. In Proceedings of the Provable Security (ProvSec 2014), Hong Kong, China, 9–10 October 2014; Lecture Notes in Computer Science. Springer: Cham, Switzerland, 2014; Volume 8782. [Google Scholar]
 Dunjko, V.; Kashefi, E.; Leverrier, A. Universal Blind Quantum Computing with Weak Coherent Pulses. Phys. Rev. Lett. 2012, 108, 200502. [Google Scholar] [CrossRef] [PubMed]
 Dunjko, V.; Fitzsimons, J.F.; Portmann, C.; Renner, R. Composable security of delegated quantum computation. In Proceedings of the ASIACRYPT 2014, Kaoshiung, Taiwan, 7–11 December 2014; pp. 406–425. [Google Scholar]
 Hirt, M.; Nielsen, J.B. Upper Bounds on the Communication Complexity of Optimally Resilient Cryptographic Multiparty Computation. In Proceedings of the ASIACRYPT 2005, Chennai, India, 4–8 December 2005; Lecture Notes in Computer Science. Springer: Berlin/Heidelberg, Germany, 2005; Volume 3788. [Google Scholar]
 Morimae, T.; Fujii, K. Blind quantum computation protocol in which Alice only makes measurements. Phys. Rev. A 2013, 87, 050301. [Google Scholar] [CrossRef]
 Broadbent, A.; Jeffery, S. Quantum homomorphic encryption for circuits of low Tgate complexity. In Proceedings of the CRYPTO 2015, Santa Barbara, CA, USA, 16–20 August 2015; Springer: Berlin/Heidelberg, Germany, 2015; pp. 609–629. [Google Scholar]
 Dulek, Y.; Schaffner, C.; Speelman, F. Quantum homomorphic encryption for polynomialsized circuits. arXiv 2016, arXiv:1603.09717v1. [Google Scholar]
© 2017 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
Share and Cite
Kashefi, E.; Pappa, A. Multiparty Delegated Quantum Computing. Cryptography 2017, 1, 12. https://doi.org/10.3390/cryptography1020012
Kashefi E, Pappa A. Multiparty Delegated Quantum Computing. Cryptography. 2017; 1(2):12. https://doi.org/10.3390/cryptography1020012
Chicago/Turabian StyleKashefi, Elham, and Anna Pappa. 2017. "Multiparty Delegated Quantum Computing" Cryptography 1, no. 2: 12. https://doi.org/10.3390/cryptography1020012