International Association for Cryptologic Research

International Association
for Cryptologic Research


Security Limitations of Classical-Client Delegated Quantum Computing

Christian Badertscher
Alexandru Cojocaru
Léo Colisson
Elham Kashefi
Dominik Leichtle
Atul Mantri
Petros Wallden
DOI: 10.1007/978-3-030-64834-3_23
Search ePrint
Search Google
Abstract: Secure delegated quantum computing allows a computationally weak client to outsource an arbitrary quantum computation to an untrusted quantum server in a privacy-preserving manner. One of the promising candidates to achieve classical delegation of quantum computation is classical-client remote state preparation ($\sf{RSP}_{CC}$), where a client remotely prepares a quantum state using a classical channel. However, the privacy loss incurred by employing $\sf{RSP}_{CC}$ as a sub-module is unclear. In this work, we investigate this question using the Constructive Cryptography framework by Maurer and Renner (ICS'11). We first identify the goal of $\sf{RSP}_{CC}$ as the construction of ideal \RSP resources from classical channels and then reveal the security limitations of using $\sf{RSP}_{CC}$. First, we uncover a fundamental relationship between constructing ideal \RSP resources (from classical channels) and the task of cloning quantum states. Any classically constructed ideal \RSP resource must leak to the server the full classical description (possibly in an encoded form) of the generated quantum state, even if we target computational security only. As a consequence, we find that the realization of common \RSP resources, without weakening their guarantees drastically, is impossible due to the no-cloning theorem. Second, the above result does not rule out that a specific $\sf{RSP}_{CC}$ protocol can replace the quantum channel at least in some contexts, such as the Universal Blind Quantum Computing ($\sf{UBQC}$) protocol of Broadbent et al. (FOCS '09). However, we show that the resulting UBQC protocol cannot maintain its proven composable security as soon as $\sf{RSP}_{CC}$ is used as a subroutine. Third, we show that replacing the quantum channel of the above $\sf{UBQC}$ protocol by the $\sf{RSP}_{CC}$ protocol QFactory of Cojocaru et al. (Asiacrypt '19) preserves the weaker, game-based, security of $\sf{UBQC}$.
Video from ASIACRYPT 2020
  title={Security Limitations of Classical-Client Delegated Quantum Computing},
  booktitle={Advances in Cryptology - ASIACRYPT 2020},
  author={Christian Badertscher and Alexandru Cojocaru and Léo Colisson and Elham Kashefi and Dominik Leichtle and Atul Mantri and Petros Wallden},