Prepare-and-Measure Certified Deletion: Difference between revisions

Revision as of 15:21, 4 February 2022

This example protocol implements the functionality of Quantum Encryption with Certified Deletion using single-qubit state preparation and measurement.

Assumptions

Outline

The scheme consists of 5 circuits-

Key: This circuit generates the key used in later stages
Enc: This circuit encrypts the message using the key
Dec: This circuit decrypts the ciphertext using the key and generates an error flag bit
Del: This circuit deletes the ciphertext state and generates a deletion certificate
Ver: This circuit verifies the validity of the deletion certificate using the key

Notation

For any string $x\in \{0,1\}^{n}$ and set ${\mathcal {I}}\subseteq [n],x|_{\mathcal {I}}$ denotes the string $x$ restricted to the bits indexed by ${\mathcal {I}}$
For $x,\theta \in \{0,1\}^{n},|x^{\theta }\rangle =H^{\theta }|x\rangle =H^{\theta _{1}}|x_{1}\rangle \otimes H^{\theta _{2}}|x_{2}\rangle \otimes ...\otimes H^{\theta _{n}}|x_{n}\rangle$
${\mathcal {Q}}:=\mathbb {C} ^{2}$ denotes the state space of a single qubit, ${\mathcal {Q}}(n):={\mathcal {Q}}^{\otimes n}$
${\mathcal {D(H)}}$ denotes the set of density operators on a Hilbert space ${\mathcal {H}}$
$\lambda$ : Security parameter
$n$ : Length, in bits, of the message
$m=\kappa (\lambda )$ : Total number of qubits sent from encrypting party to decrypting party
$k$ : Length, in bits, of the string used for verification of deletion
$s=m-k$ : Length, in bits, of the string used for extracting randomness
$\tau =\tau (\lambda )$ : Length, in bits, of error correction hash
$\mu =\mu (\lambda )$ : Length, in bits, of error syndrome
$\theta$ : Basis in which the encrypting party prepare her quantum state
$\delta$ : Threshold error rate for the verification test
$\Theta$ : Set of possible bases from which \theta is chosen
${\mathfrak {H}}_{pa}$ : Universal $_{2}$ family of hash functions used in the privacy amplification scheme
${\mathfrak {H}}_{ec}$ : Universal $_{2}$ family of hash functions used in the error correction scheme
$H_{pa}$ : Hash function used in the privacy amplification scheme
$H_{ec}$ : Hash function used in the error correction scheme
$synd$ : Function that computes the error syndrome
$corr$ : Function that computes the corrected string

Properties

Protocol Description

Circuit 1: Key

The key generation circuit

Input : None

Output: A key state $\rho \in {\mathcal {D}}({\mathcal {Q}}(k+m+n+\mu +\tau )\otimes {\mathfrak {H}}_{pa}\otimes {\mathfrak {H}}_{ec}$

Sample Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle \theta \gets \Theta }
Sample Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle r|_{\tilde {\mathcal {I}}}\gets \{0,1\}^{k}} where ${\tilde {\mathcal {I}}}=\{i\in [m]|\theta _{i}=1\}$
Sample Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle u\gets \{0,1\}^{n}}
Sample Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle d\gets \{0,1\}^{\mu }}
Sample Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle e\gets \{0,1\}^{\tau }}
Sample $H_{pa}\gets {\mathfrak {H}}_{pa}$
Sample Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle H_{ec}\gets {\mathfrak {H}}_{ec}}
Output $\rho =|r|_{\tilde {\mathcal {I}}},\theta ,u,d,e,H_{pa},H_{ec}\rangle \langle r|_{\tilde {\mathcal {I}}},\theta ,u,d,e,H_{pa},H_{ec}|$

Circuit 2: Enc

The encryption circuit

Input : A plaintext state Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle |\mathrm {msg} \rangle \langle \mathrm {msg} |} and a key state $|r|_{\tilde {\mathcal {I}}},\theta ,u,d,e,H_{pa},H_{ec}\rangle \langle r|_{\tilde {\mathcal {I}}},\theta ,u,d,e,H_{pa},H_{ec}|\in {\mathcal {D}}({\mathcal {Q}}(k+m+n+\mu +\tau )\otimes {\mathfrak {H}}_{pa}\otimes {\mathfrak {H}}_{ec}$

Output: A ciphertext state Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle \rho \in {\mathcal {D}}({\mathcal {Q}}(m+n+\tau +\mu ))}

Sample Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle r|_{\mathcal {I}}\gets \{0,1\}^{s}} where Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle {\mathcal {I}}=\{i\in [m]|\theta _{i}=0\}}
Compute Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle x=H_{pa}(r|_{\mathcal {I}})} where Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle {\mathcal {I}}=\{i\in [m]|\theta _{i}=0\}}
Compute $p=H_{ec}(r|_{\mathcal {I}})\oplus d$
Compute Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle q=\mathrm {synd} (r|_{\mathcal {I}})\oplus e}
Output Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle \rho =|r^{\theta }\rangle \langle r^{\theta }|\otimes |\mathrm {msg} \oplus x\oplus u,p,q\rangle \langle \mathrm {msg} \oplus x\oplus u,p,q|}

Circuit 3: Dec

The decryption circuit

Input : A key state $|r|_{\tilde {\mathcal {I}}},\theta ,u,d,e,H_{pa},H_{ec}\rangle \langle r|_{\tilde {\mathcal {I}}},\theta ,u,d,e,H_{pa},H_{ec}|\in {\mathcal {D}}({\mathcal {Q}}(k+m+n+\mu +\tau )\otimes {\mathfrak {H}}_{pa}\otimes {\mathfrak {H}}_{ec}$ and a ciphertext $\rho \otimes |c,p,q\rangle \langle c,p,q|\in {\mathcal {D}}({\mathcal {Q}}(m+n+\mu +\tau ))$

Output: A plaintext state Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle \sigma \in {\mathcal {D}}({\mathcal {Q}}(n))} and an error flag Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle \gamma \in {\mathcal {D}}({\mathcal {Q}})}

Compute Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle \rho ^{\prime }=\mathrm {H} ^{\theta }\rho \mathrm {H} ^{\theta }}
Measure $\rho ^{\prime }$ in the computational basis. Call the result $r$
Compute Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle r^{\prime }=\mathrm {corr} (r|_{\mathcal {I}},q\oplus e)} where Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle {\mathcal {I}}=\{i\in [m]|\theta _{i}=0\}}
Compute Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle p^{\prime }=H_{ec}(r^{\prime })\oplus d}
If Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle p\neq p^{\prime }} , then set $\gamma =|0\rangle \langle 0|$ . Else, set Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle \gamma =|1\rangle \langle 1|}
Compute Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle x^{\prime }=H_{pa}(r^{\prime })}
Output $\rho \otimes \gamma =|c\oplus x^{\prime }\oplus u\rangle \langle c\oplus x^{\prime }\oplus u|\otimes \gamma$

Circuit 4: Del

The deletion circuit

Input : A ciphertext $\rho \otimes |c,p,q\rangle \langle c,p,q|\in {\mathcal {D}}({\mathcal {Q}}(m+n+\mu +\tau ))$

Output: A certificate string Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle \sigma \in {\mathcal {D}}({\mathcal {Q}}(m))}

Measure $\rho$ in the Hadamard basis. Call the output y.
Output Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle \sigma =|y\rangle \langle y|}

Circuit 5: Ver

The verification circuit

Input : A key state $|r|_{\tilde {\mathcal {I}}},\theta ,u,d,e,H_{pa},H_{ec}\rangle \langle r|_{\tilde {\mathcal {I}}},\theta ,u,d,e,H_{pa},H_{ec}|\in {\mathcal {D}}({\mathcal {Q}}(k+m+n+\mu +\tau )\otimes {\mathfrak {H}}_{pa}\otimes {\mathfrak {H}}_{ec}$ and a certificate string Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle |y\rangle \langle y|\in {\mathcal {D}}({\mathcal {Q}}(m))}

Output: A bit

Compute ${\hat {y}}^{\prime }={\hat {y}}|_{\mathcal {\tilde {I}}}$ where Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle {\mathcal {\tilde {I}}}=\{i\in [m]|\theta _{i}=1\}}
Compute $q=r|_{\tilde {\mathcal {I}}}$
If Failed to parse (Conversion error. Server ("https://wikimedia.org/api/rest_") reported: "Cannot get mml. Server problem."): {\displaystyle \omega (q\oplus {\hat {y}}^{\prime })<k\delta } , output $1$ . Else, output $0$ .

Further Information

References