Verifiable blind observable estimation: A composably secure protocol for near-term quantum advantage tasks

TL;DR

This work tackles secure verification of observable-value computations on near-term quantum devices delegated to untrusted servers. It introduces the Secure Delegated Observable Estimation (SDOE) resource and the Verifiable Blind Observable Estimation (VBOE) protocol, which together enable composable, blind verification of estimating $\mathrm{tr}(\rho O)$ with bounded error $\epsilon$ and failure probability $\delta$. Unlike prior approaches that rely on majority voting, VBOE directly averages computation-round outputs, reducing circuit overhead while preserving security within the Abstract Cryptography framework. The main result proves that VBOE (with suitable parameters) constructs the SDOE resource with negligible error, providing a practical path to verifiable quantum advantage for tasks centered on expectation-value estimation. This advances the deployment of verifiable delegated quantum computations on near-term hardware by enabling efficient, composable security for observable-estimation tasks.

Abstract

The rapid advance of quantum hardware is spotlighting pre-fault-tolerant tasks that may no longer be efficiently validated by classical means and are likely to run on potentially untrusted remote quantum servers. This motivates problem-independent verification protocols with rigorous guarantees. The Verifiable Blind Quantum Computation (VBQC) protocol provides delegated computation where the composable security spans the confidentiality and integrity of the computation. However, the success of these cryptographic protocols, especially their low space overhead, is unfortunately confined to problems that admit an algorithm whose output can be amplified through majority voting toward the correct solution. This leaves various notable near-term applications relying on observable estimation without efficient verification protocols. To address these needs, we introduce a protocol implementing Secure Delegated Observable Estimation (SDOE), which efficiently verifies observable estimation performed on an untrusted quantum machine. More precisely, it guarantees that the computed estimate is within some $ε>0$ of the true expectation value or else it aborts. The required overhead is limited to adding test rounds that are not more complex than the unprotected computation that needs to be performed to implement the desired measurement on a given fiducial state; and in addition, the security error is negligible in the total number of rounds of the protocol.

Figures (5)

• Figure 1: A summary of our contribution. The upper part depicts the mutually beneficial relationship between verification protocols, observable estimation tasks, and error mitigation methods towards secure verifiable quantum advantage. The lower part sketches the exponential security of VBOE within the AC framework characterised by the distinguishability of the protocol and our new ideal resource (SDOE) capturing the desired verification of observable estimation tasks.
• Figure 2: Schematic illustration of the SDOE resource (Resource \ref{['res:sdoe']}). The bottom edge of the outer rectangle serves as an interface to the Server. The left edge of the outer rectangle takes inputs from the Client, and the right edge returns outputs to the Client. The variables and equations coloured in blue represent the values generated in the SDOE resource, while those coloured in light red represent the values received at the Server's interface.
• Figure 3: The schematic illustration of the VBOE protocol. The test rounds have only trap qubits and dummy qubits, shown in red and grey circles, respectively. The computation rounds have only the computation qubits shown in blue circles.
• Figure 4: The schematic illustrations of correctness and security are depicted in (a) and (b), respectively. On the basis of a secure resource $\mathcal{R}$ as an established channel between the Client and the Server, the protocol $\pi=(\pi_{\mathrm{Client}}, \pi_{\mathrm{Server}})$ constructs a new resource $\pi\mathcal{R}=\pi_{\mathrm{Client}}\mathcal{R}\pi_{\mathrm{Server}}$. The transcripts are written as arrows, and the yellow object is the distinguisher that manages the input and output transcripts between the resource and the protocol of interest.
• Figure 5: Schematic illustration of the VBQC protocol. The Client prepares and sends single qubits to the Server, where the qubits for computation, trap, and dummy are coloured in blue, red, and grey.

Theorems & Definitions (12)

• Definition 1: $\left(\epsilon, \delta\right)$-Observable Estimation
• Theorem 1: Composable Security of VBOE
• proof : Correctness
• proof : Security
• Definition 2: Statistical Indistinguishability of Resources
• Definition 3: Construction of Resources
• Theorem 2: General Composition of Resources Maurer2011abstract
• Definition 4: Measurement Pattern
• Theorem 3: Security of UBQC dunjko2014composable
• Lemma 1: Hoeffding's inequality for the binomial distribution