Homomorphic encryption is a cryptographic primitive that enables information processing on encrypted data. Such primitives are useful in a delegated computing setting in which a client delegates processing to a server, but does not trust the server fully with her information. Here, I discuss a way of performing quantum homomorphic encryption. A homomorphic encryption protocol comprises of four algorithms: random key generation, encryption, evaluation, and decryption. Our technique requires that a pair of commuting operators be used to implement the encryption and evaluation. The client randomly selects the former, while the server implements the latter. Then post-evaluation, if the client decrypts using the inverse of the encryption, he retrieves the input state with the desired computation implemented. The code space has to be chosen carefully so that non-trivial evaluations can be performed on the logical qubits. Since the encryption key is not known to the server, the randomness introduced by key generation hides some information about the encoded data despite it being put into the hands of the server.
This framework is powerful because it gives a general description for implementing quantum homomorphic encryption. For example, families of commuting groups of operators are known to exist via the Schur-Weyl duality. However, it is limited by a no-go theorem that states that an exponential overhead is needed if arbitrary computation and perfect security are desired. Nonetheless, our protocols are still interesting as an application for near-term quantum computers, especially when the computational tasks require only low-depth circuits.
|