Advances in Cryptology – ASIACRYPT 2014

Volume 8874 of the series Lecture Notes in Computer Science pp 406-425

Composable Security of Delegated Quantum Computation

  • Vedran DunjkoAffiliated withSchool of Informatics, University of EdinburghDivision of Molecular Biology, Ruder Bošković Institute
  • , Joseph F. FitzsimonsAffiliated withSingapore University of Technology and DesignCentre for Quantum Technologies, National University of Singapore
  • , Christopher PortmannAffiliated withInstitute for Theoretical Physics, ETH ZurichGroup of Applied Physics, University of Geneva
  • , Renato RennerAffiliated withInstitute for Theoretical Physics, ETH Zurich

* Final gross prices may vary according to local VAT.

Get Access


Delegating difficult computations to remote large computation facilities, with appropriate security guarantees, is a possible solution for the ever/growing needs of personal computing power. For delegated computation protocols to be usable in a larger context – or simply to securely run two protocols in parallel – the security definitions need to be composable. Here, we define composable security for delegated quantum computation. We distinguish between protocols which provide only blindness – the computation is hidden from the server – and those that are also verifiable – the client can check that it has received the correct result. We show that the composable security definition capturing both these notions can be reduced to a combination of several distinct “trace/distance/type” criteria – which are, individually, non/composable security definitions.

Additionally, we study the security of some known delegated quantum computation protocols, including Broadbent, Fitzsimons and Kashefi’s Universal Blind Quantum Computation protocol. Even though these protocols were originally proposed with insufficient security criteria, they turn out to still be secure given the stronger composable definitions.