Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Verified delegated quantum computation requires techniques beyond cut-and-choose

Fabian Wiesner, Anna Pappa

TL;DR

This work investigates whether cut-and-choose can yield efficient and secure verifiable quantum computation without additional costly techniques and finds that verifiable delegated quantum computation protocols relying solely on cut-and-choose techniques cannot be secure and efficient at the same time.

Abstract

Delegated quantum computation enables a client with limited quantum capabilities to outsource computations to a more powerful quantum server while preserving correctness and privacy. Verification is crucial in this setting to ensure that the untrusted quantum server performs the computation honestly and returns correct results. A common verification method is the quantum cut-and-choose technique. Inspired by classical verification methods for two-party computation, the client uses the majority of the delegated rounds to test the server's honesty, while keeping the remaining ones for the actual computation. Combining this technique with other methods, such as quantum error correction, could help achieve negligible cheating probabilities for the server; however, such methods can impose significant overheads making implementations unfeasible for the near-term future. In this work, we investigate whether cut-and-choose can yield efficient and secure verifiable quantum computation without additional costly techniques. We find that verifiable delegated quantum computation protocols relying solely on cut-and-choose techniques cannot be secure and efficient at the same time.

Verified delegated quantum computation requires techniques beyond cut-and-choose

TL;DR

This work investigates whether cut-and-choose can yield efficient and secure verifiable quantum computation without additional costly techniques and finds that verifiable delegated quantum computation protocols relying solely on cut-and-choose techniques cannot be secure and efficient at the same time.

Abstract

Delegated quantum computation enables a client with limited quantum capabilities to outsource computations to a more powerful quantum server while preserving correctness and privacy. Verification is crucial in this setting to ensure that the untrusted quantum server performs the computation honestly and returns correct results. A common verification method is the quantum cut-and-choose technique. Inspired by classical verification methods for two-party computation, the client uses the majority of the delegated rounds to test the server's honesty, while keeping the remaining ones for the actual computation. Combining this technique with other methods, such as quantum error correction, could help achieve negligible cheating probabilities for the server; however, such methods can impose significant overheads making implementations unfeasible for the near-term future. In this work, we investigate whether cut-and-choose can yield efficient and secure verifiable quantum computation without additional costly techniques. We find that verifiable delegated quantum computation protocols relying solely on cut-and-choose techniques cannot be secure and efficient at the same time.
Paper Structure (13 sections, 5 theorems, 59 equations, 2 figures, 2 algorithms)

This paper contains 13 sections, 5 theorems, 59 equations, 2 figures, 2 algorithms.

Table of Contents

  1. Introduction
  2. Background
  3. Security
  4. Stand-alone security
  5. Composable security
  6. Discussion and open questions
  7. Ackowledgments
  8. References
  9. General tests
  10. Protocol type
  11. Preliminaries for the proofs of the trade-offs
  12. Fidelity-based security
  13. Composable security

Key Result

Theorem 1

Let $\pi=(\pi_C,\pi_S)$ be a protocol that implements VDQC from quantum communication channels as described in Protocol proto. If $\pi$ is $\varepsilon_H$-correct and $\varepsilon_D$-secure according to Definition def:SASec, it holds that $\varepsilon_H+\varepsilon_D\geq1/7N$, where $N$ is the expec

Figures (2)

  • Figure 1: Ideal functionality for VDQC. The interface of the server (right interface) is obstructed by a filter $\sharp_S$ if the server is honest, which does not forward $l^{\psi}$ and inputs $c=0$. $l^{\psi}$ is the allowed leakage that contains the register size of $\psi$ and an upper bound for the circuit length of $U$.
  • Figure 2: An example for a network of $5$ test unitaries that the client uses to catch the server cheating followed by the measurement.

Theorems & Definitions (6)

  • Definition 1
  • Theorem 1
  • Theorem 2
  • Lemma 1
  • Theorem 3
  • Theorem 4