Quantum homomorphic encryption, which allows computation by a server directly on encrypted data, is a fundamental primitive out of which more complex quantum cryptography protocols can be built. For such constructions to be possible, quantum homomorphic encryption must satisfy two privacy properties: data privacy which ensures that the input data is private from the server, and circuit privacy which ensures that the ciphertext after the computation does not reveal any additional information about the circuit used to perform it, beyond the output of the computation itself. While circuit privacy is well-studied in classical cryptography and many homomorphic encryption schemes can be equipped with it, its quantum analogue has received little attention. Here we establish a definition of circuit privacy for quantum homomorphic encryption with information-theoretic security. Furthermore, we reduce quantum oblivious transfer to quantum homomorphic encryption. By using this reduction, our work unravels fundamental trade-offs between circuit privacy, data privacy and correctness for a broad family of quantum homomorphic encryption protocols, including schemes that allow only the computation of Clifford circuits.
翻译:量子同态加密可以在保持数据加密的同时,允许服务器对数据进行计算。其已经成为更复杂的量子密码协议的基础。为了使这种构建成为可能,量子同态加密必须具备两个隐私保护措施:数据隐私,确保输入数据对服务器不可见;电路隐私,确保在计算后的密文中不包含关于电路的额外信息。虽然在经典密码学中已经对电路隐私进行了深入研究,并且很多同态加密方案都允许加入电路隐私,但其量子版本却受到了很少的关注。在本文中,我们提出了关于具有信息论安全性的量子同态加密的电路隐私定义。此外,我们将量子同态加密降低为量子无须转移。通过使用这种降维方法,我们揭示了关于广泛的量子同态加密协议家族(包括仅允许计算 Clifford 电路的方案)的电路隐私、数据隐私和正确性之间的基本权衡。