Quantum Garbled Circuits
share
We present a garbling scheme for quantum circuits, thus achieving a decomposable randomized encoding scheme for quantum computation. Specifically, given a quantum circuit and a quantum input, we show how to compute an encoding from which it is possible to derive the output of the computation and nothing else. In the classical setting, garbled circuits (and randomized encodings in general) are a versatile cryptographic tool with many applications such as secure multiparty computation, delegated computation, depth-reduction of cryptographic primitives, complexity lower-bounds, and more. However, a quantum analogue for garbling general circuits was not known prior to this work. We hope that our quantum randomized encoding scheme can similarly be useful for applications in quantum computing and cryptography. The properties of our scheme are analogous to ones achieved in the classical setting (in particular to the so-called point-and-permute garbling method). Our scheme has perfect correctness, and has perfect information-theoretic security if we allow the encoding size to grow exponentially with the depth of the circuit. This exponential blowup can be avoided via computational assumptions (specifically, the existence of quantum-secure pseudorandom generators). The encoding process is decomposable: each input qubit can be encoded independently, when given access to a string of classical randomness and EPR pairs. The complexity of the encoding is comparable to that of classical garbled circuits in terms of dependence on the size and depth of the encoded circuit (and on the security parameter in the computational setting). Furthermore, the encoding can be computed via a constant-depth quantum circuit with bounded-arity gates as well as quantum fan-out gates (which come "for free" in the classical setting). Formally this is captured by the complexity class 𝐐𝐍𝐂^0_f.
READ FULL TEXT