Security Limitations of Classical-Client Delegated Quantum Computing

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 12492)


Secure delegated quantum computing allows a computationally weak client to outsource an arbitrary quantum computation to an untrusted quantum server in a privacy-preserving manner. One of the promising candidates to achieve classical delegation of quantum computation is classical-client remote state preparation (\(\mathsf{RSP}_{\mathsf{CC}}\)), where a client remotely prepares a quantum state using a classical channel. However, the privacy loss incurred by employing \(\mathsf{RSP}_{\mathsf{CC}}\) as a sub-module is unclear. In this work, we investigate this question using the Constructive Cryptography framework by Maurer and Renner [MR11]. We first identify the goal of \(\mathsf{RSP}_{\mathsf{CC}}\) as the construction of ideal \(\mathsf{RSP}\) resources from classical channels and then reveal the security limitations of using \(\mathsf{RSP}_{\mathsf{CC}}\). First, we uncover a fundamental relationship between constructing ideal \(\mathsf{RSP}\) resources (from classical channels) and the task of cloning quantum states. Any classically constructed ideal \(\mathsf{RSP}\) resource must leak to the server the full classical description (possibly in an encoded form) of the generated quantum state, even if we target computational security only. As a consequence, we find that the realization of common \(\mathsf{RSP}\) resources, without weakening their guarantees drastically, is impossible due to the no-cloning theorem. Second, the above result does not rule out that a specific \(\mathsf{RSP}_{\mathsf{CC}}\) protocol can replace the quantum channel at least in some contexts, such as the Universal Blind Quantum Computing (\(\mathsf{UBQC}\)) protocol of Broadbent et al. [BFK09]. However, we show that the resulting UBQC protocol cannot maintain its proven composable security as soon as \(\mathsf{RSP}_{\mathsf{CC}}\) is used as a subroutine. Third, we show that replacing the quantum channel of the above \(\mathsf{UBQC}\) protocol by the \(\mathsf{RSP}_{\mathsf{CC}}\) protocol QFactory of Cojocaru et al. [CCKW19] preserves the weaker, game-based, security of \(\mathsf{UBQC}\).


Remote state preparation Blind quantum computing 



The authors thank Céline Chevalier, Omar Fawzi, Daniel Jost, and Luka Music for very useful discussions and the anonymous reviewers of ASIACRYPT 2020 for their comments and suggestions that greatly improved this work. LC also thanks M.T. This work has been supported in part by grant FA9550-17-1-0055, by the European Union’s H2020 Programme under grant agreement number ERC-669891, and by the French ANR Project ANR-18-CE39-0015 (CryptiQ). EK acknowledges support from the EPSRC Verification of Quantum Technology grant (EP/N003829/1), the EPSRC Hub in Quantum Computing and Simulation (EP/T001062/1), and the UK Quantum Technology Hub: NQIT grant (EP/M013243/1). LC and DL gratefully acknowledge support from the French ANR project ANR-18-CE47-0010 (QUDATA). LC, EK, and DL acknowledge funding from the EU Flagship Quantum Internet Alliance (QIA) project. AM gratefully acknowledges funding from the AFOSR MURI project “Scalable Certification of Quantum Computing Devices and Networks”. This work was partly done while AM was at the University of Edinburgh, UK supported by EPSRC Verification of Quantum Technology grant (EP/N003829/1).


  1. [ABOE08]
    Aharonov, D., Ben-Or, M., Eban, E.: Interactive proofs for quantum computations. arXiv preprint arXiv:0810.5375 (2008)
  2. [ACGK19]
    Aaronson, S., Cojocaru, A., Gheorghiu, A., Kashefi, E.: Complexity-theoretic limitations on blind delegated quantum computation. In: 46th International Colloquium on Automata, Languages, and Programming (ICALP 2019) (2019)Google Scholar
  3. [AFK87]
    Abadi, M., Feigenbaum, J., Kilian, J.: On hiding information from an oracle. In: Proceedings of the Nineteenth Annual ACM Symposium on Theory of Computing, pp. 195–203. ACM (1987)Google Scholar
  4. [BCC+20]
    Badertscher, C., et al.: Security limitations of classical-client delegated quantum computing. Cryptology ePrint Archive, Report 2020/818 (2020). (full version)
  5. [BFK09]
    Broadbent, A., Fitzsimons, J., Kashefi, E.: Universal blind quantum computation. In: 50th Annual IEEE Symposium on Foundations of Computer Science, FOCS 2009, pp. 517–526. IEEE (2009)Google Scholar
  6. [BJ15]
    Broadbent, A., Jeffery, S.: Quantum homomorphic encryption for circuits of low T-gate complexity. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 609–629. Springer, Heidelberg (2015). Scholar
  7. [BOM04]
    Ben-Or, M., Mayers, D.: General security definition and composability for quantum & classical protocols. arXiv preprint quant-ph/0409062 (2004)Google Scholar
  8. [Bra18]
    Brakerski, Z.: Quantum FHE (almost) as secure as classical. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10993, pp. 67–95. Springer, Cham (2018). Scholar
  9. [Bro15a]
    Broadbent, A.: Delegating private quantum computations. Can. J. Phys. 93(9), 941–946 (2015)CrossRefGoogle Scholar
  10. [Bro15b]
    Broadbent, A.: How to verify a quantum computation. arXiv preprint arXiv:1509.09180 (2015)
  11. [CCKW18]
    Cojocaru, A., Colisson, L., Kashefi, E., Wallden, P.: On the possibility of classical client blind quantum computing. arXiv preprint arXiv:1802.08759 (2018)
  12. [CCKW19]
    Cojocaru, A., Colisson, L., Kashefi, E., Wallden, P.: QFactory: classically-instructed remote secret qubits preparation. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019. LNCS, vol. 11921, pp. 615–645. Springer, Cham (2019). Scholar
  13. [Chi05]
    Childs, A.M.: Secure assisted quantum computation. Quantum Inf. Comput. 5(6), 456–466 (2005)MathSciNetzbMATHGoogle Scholar
  14. [DFPR14]
    Dunjko, V., Fitzsimons, J.F., Portmann, C., Renner, R.: Composable security of delegated quantum computation. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 406–425. Springer, Heidelberg (2014). Scholar
  15. [DK06]
    Danos, V., Kashefi, E.: Determinism in the one-way model. Phys. Rev. A 74(5), 052310 (2006)CrossRefGoogle Scholar
  16. [DK16]
    Dunjko, V., Kashefi, E.: Blind quantum computing with two almost identical states. arXiv preprint arXiv:1604.01586 (2016)
  17. [DKL12]
    Dunjko, V., Kashefi, E., Leverrier, A.: Blind quantum computing with weak coherent pulses. Phys. Rev. Lett. 108(20), 200502 (2012)CrossRefGoogle Scholar
  18. [DL70]
    Davies, E.B., Lewis, J.T.: An operational approach to quantum probability. Commun. Math. Phys. 17(3), 239–260 (1970)MathSciNetCrossRefGoogle Scholar
  19. [DSS16]
    Dulek, Y., Schaffner, C., Speelman, F.: Quantum homomorphic encryption for polynomial-sized circuits. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9816, pp. 3–32. Springer, Heidelberg (2016). Scholar
  20. [FHM18]
    Fitzsimons, J.F., Hajdušek, M., Morimae, T.: Post hoc verification of quantum computation. Phys. Rev. Lett. 120(4), 040501 (2018)MathSciNetCrossRefGoogle Scholar
  21. [Fit17]
    Fitzsimons, J.F.: Private quantum computation: an introduction to blind quantum computing and related protocols. NPJ Quantum Inf. 3(1), 23 (2017)CrossRefGoogle Scholar
  22. [FK17]
    Fitzsimons, J.F., Kashefi, E.: Unconditionally verifiable blind quantum computation. Phys. Rev. A 96(1), 012303 (2017)CrossRefGoogle Scholar
  23. [GKK19]
    Gheorghiu, A., Kapourniotis, T., Kashefi, E.: Verification of quantum computation: an overview of existing approaches. Theory Comput. Syst. 63(4), 715–808 (2019)MathSciNetCrossRefGoogle Scholar
  24. [Gol01]
    Goldreich, O.: Foundations of Cryptography. Cambridge University Press, Cambridge (2001)CrossRefGoogle Scholar
  25. [GRW80]
    Ghirardi, G.C., Rimini, A., Weber, T.: A general argument against superluminal transmission through the quantum mechanical measurement process. Lettere al Nuovo Cimento (1971–1985) 27, 293–298 (1980)Google Scholar
  26. [GV19]
    Gheorghiu, A., Vidick, T.: Computationally-secure and composable remote state preparation. In: 2019 IEEE 60th Annual Symposium on Foundations of Computer Science (FOCS), pp. 1024–1033 (2019)Google Scholar
  27. [HM15]
    Hayashi, M., Morimae, T.: Verifiable measurement-only blind quantum computing with stabilizer testing. Phys. Rev. Lett. 115(22), 220502 (2015)CrossRefGoogle Scholar
  28. [JM17]
    Jost, D., Maurer, U.: Context-restricted indifferentiability: generalizing UCE and implications on the soundness of hash-function constructions. IACR Cryptology ePrint Archive 2017:461 (2017)Google Scholar
  29. [KMW17]
    Kashefi, E., Music, L., Wallden, P.: The quantum cut-and-choose technique and quantum two-party computation. arXiv preprint arXiv:1703.03754 (2017)
  30. [KP17]
    Kashefi, E., Pappa, A.: Multiparty delegated quantum computing. Cryptography 1(2), 12 (2017)CrossRefGoogle Scholar
  31. [KW17]
    Kashefi, E., Wallden, P.: Garbled quantum computation. Cryptography 1(1), 6 (2017)CrossRefGoogle Scholar
  32. [Mah18a]
    Mahadev, U.: Classical homomorphic encryption for quantum circuits. In: Thorup, M. (ed.) 59th IEEE Annual Symposium on Foundations of Computer Science, FOCS 2018, Paris, France, 7–9 October 2018, pp. 332–338. IEEE Computer Society (2018)Google Scholar
  33. [Mah18b]
    Mahadev, U.: Classical verification of quantum computations. In: Thorup, M. (ed.) 59th IEEE Annual Symposium on Foundations of Computer Science, FOCS 2018, Paris, France, 7–9 October 2018, pp. 259–267. IEEE Computer Society (2018)Google Scholar
  34. [Man19]
    Mantri, A.: Secure delegated quantum computing, Ph.d. thesis (2019)Google Scholar
  35. [Mau11]
    Maurer, U.: Constructive cryptography – a new paradigm for security definitions and proofs. In: Mödersheim, S., Palamidessi, C. (eds.) TOSCA 2011. LNCS, vol. 6993, pp. 33–56. Springer, Heidelberg (2012). Scholar
  36. [MDF17]
    Mantri, A., Demarie, T.F., Fitzsimons, J.F.: Universality of quantum computation with cluster states and (X, Y)-plane measurements. Sci. Rep. 7, 42861 (2017)CrossRefGoogle Scholar
  37. [MDMF17]
    Mantri, A., Demarie, T.F., Menicucci, N.C., Fitzsimons, J.F.: Flow ambiguity: a path towards classically driven blind quantum computation. Phys. Rev. X 7(3), 031004 (2017)Google Scholar
  38. [MF13]
    Morimae, T., Fujii, K.: Blind quantum computation protocol in which alice only makes measurements. Phys. Rev. A 87(5), 050301 (2013)CrossRefGoogle Scholar
  39. [MK13]
    Morimae, T., Koshiba, T.: Composable security of measuring-alice blind quantum computation. arXiv preprint arXiv:1306.2113 (2013)
  40. [MK14]
    Morimae, T., Koshiba, T.: Impossibility of perfectly-secure delegated quantum computing for classical client. arXiv preprint arXiv:1407.1636 (2014)
  41. [MR11]
    Maurer, U., Renner, R.: Abstract cryptography. In: Innovations in Computer Science. Citeseer (2011)Google Scholar
  42. [NC00]
    Nielsen, M.A., Chuang, I.: Quantum Computation and Quantum Information. Cambridge University Press, Cambridge (2000)zbMATHGoogle Scholar
  43. [Nie06]
    Nielsen, M.A.: Cluster-state quantum computation. Rep. Math. Phys. 57(1), 147–161 (2006)MathSciNetCrossRefGoogle Scholar
  44. [RB01]
    Raussendorf, R., Briegel, H.J.: A one-way quantum computer. Phys. Rev. Lett. 86(22), 5188 (2001)CrossRefGoogle Scholar
  45. [Reg09]
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. J. ACM (JACM) 56(6), 34 (2009)MathSciNetCrossRefGoogle Scholar
  46. [RUV12]
    Reichardt, B.W., Unger, F., Vazirani, U.: A classical leash for a quantum system: command of quantum systems via rigidity of CHSH games. arXiv preprint arXiv:1209.0448 (2012)
  47. [TMM+18]
    Takeuchi, Y., Mantri, A., Morimae, T., Mizutani, A., Fitzsimons, J.F.: Resource-efficient verification of quantum computing using Serfling’s bound. arXiv preprint arXiv:1806.09138 (2018)
  48. [Unr04]
    Unruh, D.: Simulatable security for quantum protocols. arXiv preprint quant-ph/0409125 (2004)Google Scholar
  49. [Unr10]
    Unruh, D.: Universally composable quantum multi-party computation. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 486–505. Springer, Heidelberg (2010). Scholar
  50. [Vid20]
    Vidick, T.: Verifying quantum computations at scale: a cryptographic leash on quantum devices. Bull. Am. Math. Soc. 57(1), 39–76 (2020)MathSciNetCrossRefGoogle Scholar
  51. [Zha20]
    Zhang, J.: Succinct blind quantum computation using a random oracle. arXiv, abs/2004.12621 (2020)Google Scholar

Copyright information

© International Association for Cryptologic Research 2020

Authors and Affiliations

  1. 1.IOHKZurichSwitzerland
  2. 2.School of InformaticsUniversity of EdinburghEdinburghUK
  3. 3.Laboratoire d’Informatique de Paris 6 (LIP6)Sorbonne UniversitéParis CEDEX 05France
  4. 4.Joint Center for Quantum Information and Computer Science (QuICS)University of MarylandCollege ParkUSA

Personalised recommendations