Quantum Protocol Zoo - User contributions [en]

Trap Code for Quantum Authentication

2022-01-16T17:50:12Z

5.146.195.0:

The ''Trap Code'' is a non-interactive scheme for [[Authentication of Quantum Messages|quantum authentication]]. It appends two additional trap registers in a fixed state, on which a Pauli twirl or a permutation is acted on. It furthermore makes use of error correction codes for encoding the quantum message.

'''Tags:''' [[:Category:Two Party Protocols|Two Party Protocol]][[Category:Two Party Protocols]], [[:Category:Quantum Functionality|Quantum Functionality]][[Category:Quantum Functionality]], [[:Category:Specific Task|Specific Task]][[Category:Specific Task]], [[:Category:Building Blocks|Building Block]][[Category:Building Blocks]]

==Outline==
The ''trap code'' requires a shared pair of secret classical keys. It makes use of an error correction code to encode the quantum message. Consequently, two so-called trap registers in the fixed states <math>|0\rangle\langle 0|</math> and <math>|+\rangle\langle +|</math> are appended. The total register is then encrypted by applying a permutation and a Pauli twirl, each according to the classical keys. The receiver then applies the inverse Pauli twirl and permutation and consequently measures the two trap registers in the computational or Hadamard basis respectively to decide whether to accept or abort the process.

==Assumptions==
*The sender and receiver share a secret classical pair of keys
*The sender and receiver have agreed on an <math>[[n,k,d]]</math> error correction code

==Notation==
*<math>\mathcal{S}</math>: suppliant (sender)
*<math>\mathcal{A}</math>: authenticator (prover)
*<math>\rho</math>: 1-qubit input state
*<math>[[n,k,d]]</math>: an error correction code that corrects up <math>t</math> errors errors by encoding <math>k</math> logical qubits in <math>n</math> physical qubits, where <math>d=2t+1</math>
*<math>\{\pi_{i}\}</math>: a set of permutations indexed by <math>i</math>
*<math>\{P_{i}\}</math>: a set of Pauli operations indexed by <math>i</math>

==Protocol Description==
'''Input:''' <math>\rho</math>, pair of secret classical keys <math>k=(k_1, k_2)</math></br></br>
'''Output:''' Quantum state <math>\rho^\prime</math> if the protocol accepts; fixed quantum state <math>\Omega</math> if the protocol aborts
*'''''Encoding:'''''
#<math>\mathcal{S}</math> applies an <math>[[n,1,d]]</math> error correction code
#<math>\mathcal{S}</math> appends an additional trap register of <math>n</math> qubits in state <math>|0\rangle\langle 0|^{\otimes n}</math>
#<math>\mathcal{S}</math> appends a second additional trap register of <math>n</math> qubits in state <math>|+\rangle\langle +|^{\otimes n}</math>
#<math>\mathcal{S}</math> permutes the total <math>3n</math>-qubit register by <math>\pi_{k_1}</math> according to the key <math>k_1</math>
#<math>\mathcal{S}</math> applies a Pauli encryption <math>P_{k_2}</math> according to key <math>k_2</math>
*'''''Mathematical Encoding Description:''''' </br>Mathematically, the encoding process is given by <math display=block>\mathcal{E}_k: \rho \mapsto P_{k_2}\pi_{k_1}\left( \text{Enc}(\rho) \otimes |0\rangle\langle 0|^{\otimes n} \otimes |+\rangle\langle +|^{\otimes n}\right)\pi_{k_1}^\dagger P_{k_2}.</math> In the above, <math>\text{Enc}(\rho)</math> denotes the quantum message <math>\rho</math> after applying the error correction code for encoding (see step 1).
*'''''Decoding:'''''
#<math>\mathcal{A}</math> applies <math>P_{k_2}</math> according to key <math>k_2</math>
#<math>\mathcal{A}</math> applies inverse permutation <math>\pi_{k_1}^\dagger</math> according to the key <math>k_1</math>
#<math>\mathcal{A}</math> measures the last <math>n</math> qubits in the Hadamard basis <math>\{|+\rangle, |-\rangle\}</math>
#<math>\mathcal{A}</math> measures the second last <math>n</math> qubits in the computational basis <math>\{|0\rangle, |1\rangle\}</math></br></br>a. If the two measurements in step 3 and 4 result in <math>|+\rangle\langle +|</math> and <math>|0\rangle\langle 0|</math>, an additional flag qubit in state <math>|\mathrm{ACC}\rangle\langle\mathrm{ACC}|</math> is appended and the quantum message is decoded according to the error correction code </br>b. Otherwise, an additional flag qubit in state <math>|\mathrm{REJ}\rangle\langle\mathrm{REJ}|</math> is appended and the (disturbed) encoded quantum message is replaced by a fixed state <math>\Omega</math>
*'''''Mathematical Decoding Description:''''' </br>Mathematically, the decoding process is given by <math display=block>\mathcal{D}_k: \rho^\prime \mapsto \text{Dec }\mathrm{tr}_{0,+}\left( \mathcal{P}_\text{acc} \pi_{k_1}^\dagger P_{k_2}(\rho^\prime) P_{k_2} \pi_{k_1} \mathcal{P}_\text{acc}^\dagger \right) \otimes |\mathrm{acc}\rangle \langle \mathrm{acc}| + \mathrm{tr}_{0,+} \left(\mathcal{P}_\text{rej} \pi_{k_1}^\dagger P_{k_2}(\rho^\prime) P_{k_2} \pi_{k_1} \mathcal{P}_\text{acc}^\dagger \right) \Omega \otimes |\text{rej}\rangle\langle \text{rej}|.</math> In the above, <math>\text{Dec}</math> refers to decoding of the error correction code (see step 4a) and <math>\mathrm{tr}_{0,+}</math> denotes the trace over the two trap registers. Moreover, <math>\mathcal{P}_\text{acc}</math> and <math>\mathcal{P}_\text{rej}</math> refer to the measurement projectors that determine whether the protocol accepts or aborts the received quantum message. It is <math display=block>\mathcal{P}_\text{acc} = I^{\otimes n}\otimes |0\rangle\langle 0|^{\otimes n}\otimes |+\rangle\langle +|,</math> and <math display=block>\mathcal{P}_\text{rej} = I^{\otimes 3n} - \mathcal{P}_\text{acc}.</math>

==References==
#[https://arxiv.org/pdf/1211.1080.pdf| Broadbent et al. (2012)]
#[https://arxiv.org/pdf/1607.03075.pdf| Broadbent and Wainewright (2016).]

<div style='text-align: right;'>''Contributed by Isabel Nha Minh Le and Shraddha Singh''</div>
<div style='text-align: right;'>''This page was created within the [https://www.qosf.org/qc_mentorship/| QOSF Mentorship Program Cohort 4]''</div>

Clifford Code for Quantum Authentication

2022-01-16T17:49:48Z

5.146.195.0:

The ''Clifford Authentication Scheme'' is a non-interactive protocol for [[Authentication of Quantum Messages|quantum authentication]] and was introduced in the paper [https://arxiv.org/pdf/0810.5375.pdf| Interactive Proofs For Quantum Computations by Aharanov et al.]. It applies a random Clifford operator to the quantum message and an auxiliary register and then measures the auxiliary register to decide whether or not a eavesdropper has tampered the original quantum message.

'''Tags:''' [[:Category:Two Party Protocols|Two Party Protocol]][[Category:Two Party Protocols]], [[:Category:Quantum Functionality|Quantum Functionality]][[Category:Quantum Functionality]], [[:Category:Specific Task|Specific Task]][[Category:Specific Task]], [[:Category:Building Blocks|Building Block]][[Category:Building Blocks]]

==Outline==
The ''Clifford code'' encodes a quantum message by appending an auxiliary register with each qubit in state <math>|0\rangle</math> and then applying a random Clifford operator on all qubits. The authenticator then measures only the auxiliary register. If all qubits in the auxiliary register are still in state <math>|0\rangle</math>, the authenticator accepts and decodes the quantum message. Otherwise, the original quantum message was tampered by a third party and the authenticator aborts the process.

==Notations==
*<math>\mathcal{S}</math>: suppliant (sender)
*<math>\mathcal{A}</math>: authenticator (prover)
*<math>\rho</math>: <math>m</math>-qubit state to be transmitted
*<math>d\in\mathbb{N}</math>: security parameter defining the number of qubits in the auxiliary register
*<math>\{C_k\}</math>: set of Clifford operations on <math>n</math> qubits labelled by a classical key <math>k\in\mathcal{K}</math>

==Properties==
*The Clifford code makes use of <math>n=m+d+1</math> qubits
*The Clifford code is [[Authentication of Quantum Messages|quantum authentication]] scheme with security <math>2^{-d}</math>
*The qubit registers used can be divided into a message register with <math>m</math> qubits, an auxiliary register with <math>d</math> qubits, and a flag register with <math>1</math> qubit.

==Protocol Description==
'''Input:''' <math>\rho</math>, <math>d</math>, <math>k</math></br></br>
'''Output:''' Quantum state <math>\rho^\prime</math> if the protocol accepts; fixed quantum state <math>\Omega</math> if the protocol aborts
*'''''Encoding:'''''
#<math>\mathcal{S}</math> appends an auxiliary register of <math>d</math> qubits in state <math>|0\rangle\langle 0|</math> to the quantum message <math>\rho</math>, which results in <math>\rho\otimes|0\rangle\langle0|^{\otimes d}</math>.
#<math>\mathcal{S}</math> then applies <math>C_k</math> for a uniformly random <math>k\in\mathcal{K}</math> on the total state.
#<math>\mathcal{S}</math> sends the result to <math>\mathcal{A}</math>.
*'''''Mathematical Encoding Description:'''''</br>Mathematically, the encoding process can be described by <math display=block>\mathcal{E}_k: \rho \mapsto C_k\left( \rho \otimes |0\rangle\langle 0|^{\otimes d} \right)C_k^\dagger</math>
*'''''Decoding:'''''
#<math>\mathcal{A}</math> applies the inverse Clifford <math>C_k^\dagger</math> to the received state, which is denoted by <math>\rho^\prime</math>.
#<math>\mathcal{A}</math> measures the auxiliary register in the computational basis.</br>a. If all <math>d</math> auxiliary qubits are 0, the state is accepted and an additional flag qubit in state <math>|\mathrm{ACC}\rangle\langle\mathrm{ACC}|</math> is appended.</br>b. Otherwise, the remaining system is traced out and replaced with a fixed <math>m</math>-qubit state <math>\Omega</math> and an additional flag qubit in state <math>|\mathrm{REJ}\rangle\langle \mathrm{REJ}|</math> is appended.
*'''''Mathematical Decoding Description:''''' </br>Mathematically, the decoding process is described by <math display=block>\mathcal{D}_k: \rho^\prime \mapsto \mathrm{tr}_0\left( \mathcal{P}_\mathrm{acc} C_k^\dagger (\rho^\prime) C_k \mathcal{P}_\mathrm{acc}^\dagger \right) \otimes |\mathrm{ACC}\rangle\langle \mathrm{ACC}| + \mathrm{tr}\left( \mathcal{P}_\mathrm{rej} C_k^\dagger (\rho^\prime) C_k \mathcal{P}_\mathrm{rej}^\dagger \right) \Omega \otimes |\mathrm{REJ}\rangle\langle\mathrm{REJ}|.</math> In the above, <math>\mathrm{tr}_0</math> is the trace over the auxiliary register only, and <math>\mathrm{tr}</math> is the trace over the quantum message system and the auxiliary system. Furthermore, <math>\mathcal{P}_\mathrm{acc}</math> and <math>\mathcal{P}_\mathrm{rej}</math> refer to the measurement projectors that determine whether the protocol accepts or aborts the received quantum message. It is <math display=block>\mathcal{P}_\mathrm{acc}=\mathbb{1}^{\otimes n} \otimes |0\rangle\langle 0|^{\otimes d}</math> and <math display=block>\mathcal{P}_\mathrm{rej}=\mathbb{1}^{\otimes (n+d)} - \mathcal{P}_\mathrm{acc}.</math>

==References==
#[https://arxiv.org/pdf/0810.5375.pdf| Aharanov et al. (2008).]
#[https://arxiv.org/pdf/1607.03075.pdf| Broadbent and Wainewright (2016).]

<div style='text-align: right;'>''Contributed by Isabel Nha Minh Le and Shraddha Singh''</div>
<div style='text-align: right;'>''This page was created within the [https://www.qosf.org/qc_mentorship/| QOSF Mentorship Program Cohort 4]''</div>

Polynomial Code based Quantum Authentication

2022-01-16T17:49:31Z

5.146.195.0:

The paper [https://arxiv.org/pdf/quant-ph/0205128.pdf Authentication of Quantum Messages by Barnum et al.] provides a non-interactive scheme with classical keys for the sender to encrypt as well as [[Authentication of Quantum Messages|authenticate quantum messages]]. It was the first protocol designed to achieve the task of authentication for quantum states, i.e. it gives the guarantee that the message sent by a party (suppliant) over a communication line is received by a party on the other end (authenticator) without having been tampered with or modified by the dishonest party (eavesdropper).

'''Tags:''' [[:Category:Two Party Protocols|Two Party Protocol]][[Category:Two Party Protocols]], [[:Category:Quantum Functionality|Quantum Functionality]][[Category:Quantum Functionality]], [[:Category:Specific Task|Specific Task]][[Category:Specific Task]], [[:Category:Building Blocks|Building Block]][[Category:Building Blocks]]

==Outline==
The polynomial code consists of three steps: preprocessing, encryption and encoding, and decoding and decryption. Within the preprocessing, sender and receiver agree on a [[Stabilizer Purity Testing Code | stabilizer purity testing code]] and three private, random binary keys. Within the encryption and encoding step, the sender uses one of these keys to encrypt the original message. Consequently, a second key is used to choose a specific quantum error correction code out of the [[Stabilizer Purity Testing Code | stabilizer purity testing code]]. The chosen quantum error correction code is then used, together with the last key, to encode the encrypted quantum message. Within the last step, the decoding and decryption step, the respective keys are used by the receiver to decide whether to abort or not, and if not, to decode and decrypt the received quantum message.

==Assumptions==
*The sender and the receiver share a private, classical random key drawn from a probability distribution

==Notations==
*<math>\mathcal{S}</math>: suppliant (sender)
*<math>\mathcal{A}</math>: authenticator (prover)
*<math>\rho</math>: quantum message to be sent
*<math>m</math>: number of qubits in the message <math>\rho</math>
*<math>\{Q_k\}</math>: [[Stabilizer Purity Testing Code | stabilizer purity testing code]], each stabilizer code is identified by index <math>k</math>
*<math>n</math>: number of qubits used to encode the message with <math>\{Q_k\}</math>
*<math>x</math>: random binary <math>2m</math>-bit key
*<math>y</math>: random syndrome for a specific <math>Q_k</math>

==Protocol Description==
'''Input:''' <math>\rho</math> owned by <math>\mathcal{S}</math>; <math>k</math>, <math>x</math>, <math>y</math> shared among <math>\mathcal{S}</math> and <math>\mathcal{A}</math></br></br>
'''Output:''' Receiver accepts or aborts the quantum state <math>\rho^\prime</math>
*'''''Encryption and encoding:'''''
#<math>\mathcal{S}</math> q-encrypts the <math>m</math>-qubit original message <math>\rho</math> as <math>\tau</math> using the classical key <math>x</math> and a [[Quantum One-Time Pad | quantum one-time pad]]. This encryption is given by <math>\tau = \sigma_x^{\vec{t}_1}\sigma_z^{\vec{t}_2}\rho\sigma_z^{\vec{1}_1}\sigma_x^{\vec{t}_1}</math>, where <math>\vec{t}_1</math> and <math>\vec{t}_2</math> are <math>m</math>-bit vectors and given by the random binary key <math>x</math>.
#<math>\mathcal{S}</math> then encodes <math>\tau</math> according to <math>Q_k</math> with syndrome <math>y</math>, which results in the <math>n</math>-qubit state <math>\sigma</math>. This means <math>\mathcal{S}</math> encodes <math>\rho</math> in <math>n</math> qubits using <math>Q_k</math>, and then "applies" errors according to the random syndrome.
#<math>\mathcal{S}</math> sends <math>\sigma</math> to <math>\mathcal{A}</math>.
*'''''Decoding and decryption:'''''
#<math>\mathcal{A}</math> receives the <math>n</math> qubits, whose state is denoted by <math>\sigma^\prime</math>.
#<math>\mathcal{A}</math> measures the syndrome <math>y^\prime</math> of the code <math>Q_k</math> on his <math>n</math> qubits in state <math>\sigma^\prime</math>.
#<math>\mathcal{A}</math> compares the syndromes <math>y</math> and <math>y^\prime</math> and aborts the process if they are different.
#<math>\mathcal{A}</math> decodes his <math>n</math>-qubit word according to <math>Q_k</math> obtaining <math>\tau^\prime</math>.
#<math>\mathcal{A}</math> q-decrypts <math>\tau^\prime</math> using the random binary strings <math>x</math> obtaining <math>\rho^\prime</math>.

==Further Information==
#[https://ieeexplore.ieee.org/abstract/document/4031361?casa_token=j0BWLVeqOZkAAAAA:T19kamFiwuoLaEbL_bESvUendLVhWzsXWZpegOxPADA_PjSobjg4Wyo8ZmV92qvfVF3Pc7_v| Ben-Or et al. (2006).]
#[https://arxiv.org/pdf/0810.5375.pdf%7C| Aharonov et al. (2008).]

==References==
#[https://arxiv.org/pdf/quant-ph/0205128.pdf| Barnum et al. (2002).]

<div style='text-align: right;'>''Contributed by Isabel Nha Minh Le and Shraddha Singh''</div>
<div style='text-align: right;'>''This page was created within the [https://www.qosf.org/qc_mentorship/| QOSF Mentorship Program Cohort 4]''</div>

Authentication of Quantum Messages

2022-01-16T17:49:05Z

5.146.195.0:

==Functionality==
Quantum authentication allows the exchange of quantum messages between two parties over a insecure quantum channel with the guarantee that the received quantum information is the same as the initially sent quantum message. Imagine a person sends some quantum information to another person over an insecure channel, where a dishonest party has access to the channel. How can it be guaranteed that in the end the receiver has the same quantum information and not something modified or replaced by the dishonest party? Schemes for authentication of quantum channels/quantum states/quantum messages are families of keyed encoding and decoding maps that provide this guarantee to the users of a quantum communication line/ channel. The sender is called the suppliant (prover) and the receiver is called the authenticator. The quantum message is encoded using a quantum error correction code. Since using only one particular quantum error correction code would enable a third party to introduce an error, which is not detectable by this particular code, it is necessary to choose a random quantum error correction code from a set of codes. <br/> <br/>Note that, it is different from the functionality of [[Quantum Digital Signature|digital signatures]], a multi-party (more than two) protocol, which comes with additional properties (non-repudiation, unforgeability and transferability). Authenticating quantum states is possible, but signing quantum states is impossible, as concluded in [[Authentication of Quantum Messages#References|(1)]].
Also, unlike [[Authentication of Classical Messages|classical message authentication]], quantum message authentication requires encryption. However, classical messages can be publicly readable (not encrypted) and yet authenticated.

<br/>'''Tags:''' [[:Category:Two Party Protocols|Two Party Protocol]][[Category:Two Party Protocols]], [[Quantum Digital Signature]], [[:Category:Quantum Functionality|Quantum Functionality]][[Category:Quantum Functionality]], [[:Category:Specific Task|Specific Task]][[Category:Specific Task]], [[:Category:Building Blocks|Building Block]][[Category:Building Blocks]]

==Use Case==
*No classical analogue
==Protocols==
'''Non-interactive Protocols:'''
*[[Purity Testing based Quantum Authentication]]
*[[Polynomial Code based Quantum Authentication]]
*[[Clifford Code for Quantum Authentication]]
*[[Trap Code for Quantum Authentication]]
*[[Auth-QFT-Auth Scheme]]
*[[Unitary Design Scheme]]
'''Interactive Protocols:'''
*[[Naive approach using Quantum Teleportation]]

==Properties==
*Any scheme, which authenticates quantum messages must also encrypt them [[Authentication of Quantum Messages#References|(1)]]. This is inherently different to the classical scenario, where encryption and authentication are two independent procedures.

*'''Definition: Quantum Authentication Scheme (QAS)''' <br/>A quantum authentication scheme (QAS) consists of a suppliant <math>\mathcal{S}</math>, an authenticator <math>\mathcal{A}</math> and a set of classical private keys <math>K</math>. <math>\mathcal{S}</math> and <math>\mathcal{A}</math> are each polynomial time quantum algorithms. The following is fullfilled:
# <math>\mathcal{S}</math> takes as input a <math>m</math>-qubit message system <math>M</math> and a key <math>k\in K</math> and outputs a transmitted system <math>T</math> of <math>m + t</math> qubits.
# <math>\mathcal{A}</math> takes as input the (possibly altered) transmitted system <math>T^\prime</math> and a classical key <math>k\in K</math> and outputs two systems: a <math>m</math>-qubit message state <math>M</math>, and a single qubit <math>V</math> which indicates acceptance or rejection. The classical basis states of <math>V</math> are called <math>|\mathrm{ACC}\rangle, |\mathrm{REJ}\rangle</math> by convention. </br>For any fixed key <math>k</math>, we denote the corresponding super-operators by <math>S_k</math> and <math>A_k</math>.

*'''Definition: Security of a QAS''' <br/>For non-interactive protocols, a QAS is secure with error <math>\epsilon</math> if it is complete for all states <math>|\psi\rangle</math> and has a soundness error <math>\epsilon</math> for all states <math>|\psi\rangle</math>. These two conditions are met if:
#''Completeness:'' A QAS is complete for a specific quantum state <math>|\psi\rangle</math> if <math>\forall k\in K: A_k(S_k(|\psi\rangle \langle\psi|)=|\psi\rangle \langle\psi| \otimes |\mathrm{ACC}\rangle \langle \mathrm{ACC}|.</math> <br/>This means if no adversary has acted on the encoded quantum message <math>|\psi\rangle</math>, the quantum information received by <math>\mathcal{A}</math> is the same initially sent by <math>\mathcal{S}</math> and the single qubit <math>V</math> is in state <math>|\mathrm{ACC}\rangle \langle \mathrm{ACC}|</math>. To this end, we assume that the channel between <math>\mathcal{S}</math> and <math>\mathcal{A}</math> is noiseless if no adversary intervention appeared.
#''Soundness:'' For all super-operators <math>\mathcal{O}</math>, let <math>\rho_\text{auth}</math> be the state output by <math>\mathcal{A}</math> when the adversary’s intervention is characterized by <math>\mathcal{O}</math>, that is: <math display=block>\rho_\text{auth}=\mathbf{E}_k\left[ \mathcal{A}_k\left( \mathcal{O}(\mathcal{S}(|\psi\rangle \langle\psi |)) \right) \right] = \frac{1}{|K|}\sum_k \mathcal{A}_k\left( \mathcal{O}(\mathcal{S}_k(|\psi\rangle \langle\psi |)) \right),</math> <br/> where again we consider a specific input state <math>|\psi\rangle</math>. Here, <math>\mathbf{E}_k</math> means the expectation when <math>k</math> is chosen uniformly at random from <math>K.</math> The QAS then has a soundness error <math>\epsilon</math> for <math>|\psi\rangle</math> if <math display=block>\mathrm{Tr}\left( P_1^{|\psi\rangle}\rho_\text{auth} \right)\geq 1-\epsilon,</math> </br>where <math>P_1^{|\psi\rangle}</math> is the projector <math display=block>P_1^{|\psi\rangle} = |\psi\rangle \langle\psi | \otimes I_V + I_M \otimes |\mathrm{REJ}\rangle \langle \mathrm{REJ}| - |\psi\rangle \langle \psi| \otimes |\mathrm{REJ}\rangle \langle \mathrm{REJ}|.</math>

==Further Information==
#[https://arxiv.org/pdf/quant-ph/0205128.pdf| Barnum et al. (2002).] First protocol on authentication of quantum messages. It is also used later for verification of quantum computation in [[Interactive Proofs for Quantum Computation]]. Protocol file for this article is given as the [[Polynomial Code based Quantum Authentication]].
#[https://arxiv.org/pdf/1607.03075.pdf%7C| Broadbent et al. (2016).] Paper on efficient simulation of authentication of quantum messages.
#[https://link.springer.com/chapter/10.1007/978-3-319-56617-7_12| Portmann (2017).] Paper on quantum authentication with full key recycling in the case of acceptance and partial key recycling in the case of tampering detection.
#[https://link.springer.com/article/10.1007%2Fs11047-014-9454-5| Damgård et al. (2014).] Quantum authentication with fully re-usable keys in the case of acceptance using a quantum computer.
#[https://link.springer.com/chapter/10.1007/978-3-319-56617-7_11| Fehr et al. (2017).] More efficient quantum authentication with fully re-usable keys in the case of acceptance without the need of quantum computers.
#[https://link.springer.com/chapter/10.1007/978-3-319-63715-0_12| Garg (2017).] New class of security definitions for quantum authentication and protocols fullfilling these definitions: [[Auth-QFT-Auth Scheme]], [[Unitary Design Scheme]].

<div style='text-align: right;'>''Contributed by Isabel Nha Minh Le and Shraddha Singh''</div>
<div style='text-align: right;'>''This page was created within the [https://www.qosf.org/qc_mentorship/| QOSF Mentorship Program Cohort 4]''</div>

Protocol Library

2026-04-16T10:54:13Z

5.146.195.0:

{| class="wikitable"
!width="40%"|Functionality
!width="60%"|Protocols
|-
|rowspan="2"|[[Anonymous Transmission]]||[[GHZ-based Quantum Anonymous Transmission]]
|-
|[[Verifiable Quantum Anonymous Transmission]]
|-
|rowspan="1"|[[Authentication of Classical Messages]]||[[Uncloneable Encryption]]
|-
|rowspan="7"|[[Authentication of Quantum Messages]]||[[Purity Testing based Quantum Authentication]]
|-
|[[Polynomial Code based Quantum Authentication]]
|-
|[[Clifford Code for Quantum Authentication]]
|-
|[[Trap Code for Quantum Authentication]]
|-
|[[Auth-QFT-Auth Scheme for Quantum Authentication]]
|-
|[[Unitary Design Scheme for Quantum Authentication]]
|-
|[[Naive approach using Quantum Teleportation]]
|-
||[[Byzantine Agreement]]||[[Fast Quantum Byzantine Agreement]]
|-
||[[Bit Commitment]]||[[Quantum Bit Commitment]]
|-
|rowspan="2"|[[Coin Flipping]]||[[Quantum Strong Coin Flipping]]
|-
|[[Quantum Weak Coin Flipping]]
|-
|[[Copy Protection]]||[[Copy Protection of Compute and Compare Programs]]
|-
|rowspan="8"|[[Quantum Digital Signature|(Quantum) Digital Signature]] |||[[Gottesman and Chuang Quantum Digital Signature]]
|-
|[[Prepare and Measure Quantum Digital Signature]]
|-
|[[Measurement Device Independent Quantum Digital Signature (MDI-QDS)]]
|-
|[[Arbitrated Quantum Digital Signature]]
|-
|[[Blind Delegation of Quantum Digital Signature]]
|-
|[[Designated Verifiable Quantum Signature]]
|-
|[[Limited Delegation of Quantum Digital Signature]]
|-
|[[Quantum Proxy Signature]]
|-
||[[Entanglement Verification]]||[[Multipartite Entanglement Verification]]
|-
||[[Fingerprinting]]||[[Quantum Fingerprinting]]
|-
|[[Quantum Identity Authentication]]||[[-]]
|-
|rowspan="4"|[[Quantum Key Distribution|(Quantum) Key Distribution]]||[[BB84 Quantum Key Distribution]]
|-
|[[Measurement Device Independent Quantum Key Distribution (MDI-QKD)]]
|-
|[[Device-Independent Quantum Key Distribution]]
|-
|[[Continuous-Variable Quantum Key Distribution (CV-QKD)]]
|-
||[[Leader Election]]||[[Quantum Leader Election]]
|-
|rowspan="4"|[[Quantum Money|(Quantum) Money]]||[[Quantum Cheque]]
|-
|[[Quantum Coin]]
|-
|[[Quantum Token]]
|-
|[[Wiesner Quantum Money]]
|-
||[[Oblivious Transfer]]||[[Quantum Oblivious Transfer]]
|-
|rowspan="10"| [[(Symmetric) Private Information Retrieval]] ||[[Multi-Database Classical Symmetric Private Information Retrieval with Quantum Key Distribution]]
|-
|[[Multi-Database Quantum Symmetric Private Information Retrieval for Coded Servers]]
|-
|[[Multi-Database Quantum Symmetric Private Information Retrieval for Communicating and Colluding Servers]]
|-
|[[Multi-Database Quantum Symmetric Private Information Retrieval in the Visible Setting for a Quantum Database]]
|-
|[[Multi-Database Quantum Symmetric Private Information Retrieval without Shared Randomness]]
|-
|[[Single-Database Quantum Private Information Retrieval in the Honest Server Model]]
|-
|[[Single-Database Quantum Private Information Retrieval in the Honest Server Model and in the Blind Setting for a Quantum Database]]
|-
|[[Single-Database Quantum Private Information Retrieval with Prior Shared Entanglement in the Honest Server Model]]
|-
|[[Quantum Private Queries Protocol Based on Quantum Oblivious Key Distribution]]
|-
|[[Quantum Private Queries Protocol Based on Quantum Random Access Memory]]
|-
|rowspan="2"| [[Quantum Secret Sharing|Secret Sharing]] ||[[Quantum Secret Sharing using GHZ States]]
|-
|[[Verifiable Quantum Secret Sharing]]
|-
|rowspan="5"| [[Secure Client- Server Delegated Quantum Computation]] ||[[Classical Fully Homomorphic Encryption for Quantum Circuits]]
|-
|[[Measurement-Only Universal Blind Quantum Computation]]
|-
| [[Prepare-and-Send Quantum Fully Homomorphic Encryption]]
|-
|[[Prepare-and-Send Universal Blind Quantum Computation]]
|-
|[[Pseudo-Secret Random Qubit Generator (PSQRG)]]
|-
|rowspan="3"|[[Secure Verifiable Client-Server Delegated Quantum Computation]]||[[Prepare-and-Send Verifiable Universal Blind Quantum Computation]]
|-
|[[Measurement-Only Verifiable Universal Blind Quantum Computation]]
|-
|[[Prepare-and-Send Verifiable Quantum Fully Homomorphic Encryption]]
|-
|rowspan="2"|[[Secure Delegated Classical Computation]]||[[Secure Client-Server Classical Delegated Computation]]
|-
|[[Secure Multiparty Delegated Classical Computation]]
|-
|rowspan="2"|[[Secure Multi-Party Delegated Computation]]||[[Secure Multiparty Delegated Quantum Computation]]
|-
|[[Secure Multiparty Delegated Classical Computation]]
|-
|rowspan="2"|[[Teleportation|(Quantum) Teleportation]]||[[Quantum Teleportation|State Teleporation]]
|-
|[[Gate Teleporation]]
|-
|rowspan="4"|[[Verification of Quantum Computation]]||[[Interactive Proofs for Quantum Computation|Quantum Prover Interactive Proofs]]
|-
|[[Verification of NP-complete problems]]
|-
|[[Verification of Sub-Universal Quantum Computation]]
|-
|[[Classical Verification of Universal Quantum Computation]]
|-
|rowspan="5"|[[Quantum Electronic Voting]]||[[Dual Basis Measurement Based Protocol]]
|-
|[[Travelling Ballot Based Protocol]]
|-
|[[Distributed Ballot Based Protocol]]
|-
|[[Quantum voting based on conjugate coding]]
|-
|[[Practical Quantum Electronic Voting]]
|-
||-||[[Weak String Erasure]]
|-
|rowspan="3"|[[Entanglement Routing]]||[[Routing Entanglement in the Quantum Internet]]
|-
|[[Distributed Routing in a Quantum Internet]]
|-
|[[Distributing Graph States Over Arbitrary Quantum Networks]]
|-
|rowspan="1"|[[Quantum Conference Key Agreement]]||[[Anonymous Conference Key Agreement using GHZ states]]
|-