A quantum homomorphic encryption scheme for polynomial-sized circuits

Quantum homomorphic encryption (QHE) is an encryption method that allows quantum computation to be performed on one party's private data with the program provided by another party, without revealing much information about the data nor about the program to the opposite party. It is known that information-theoretically-secure QHE for circuits of unrestricted size would require exponential resources, and efficient computationally-secure QHE schemes for polynomial-sized quantum circuits have been constructed. In this paper we first propose a QHE scheme for a type of circuits of polynomial depth, based on the rebit quantum computation formalism. The scheme keeps the restricted type of data perfectly secure. We then propose a QHE scheme for a larger class of polynomial-depth quantum circuits, which has partial data privacy. Both schemes have good circuit privacy. We also propose an interactive QHE scheme with asymptotic data privacy, however, the circuit privacy is not good, in the sense that the party who provides the data could cheat and learn about the circuit. We show that such cheating would generally affect the correctness of the evaluation or cause deviation from the protocol. Hence the cheating can be caught by the opposite party in an interactive scheme with embedded verifications. Such scheme with verification has a minor drawback in data privacy. Finally, we show some methods which achieve some nontrivial level of data privacy and circuit privacy without resorting to allowing early terminations, in both the QHE problem and in secure evaluation of classical functions. The entanglement and classical communication costs in these schemes are polynomial in the circuit size and the security parameter (if any).