On the Round Complexity of Secure Quantum Computation

Abstract: Can a sender non-interactively transmit one of two strings to a receiver without knowing which string was received? Does there exist minimally-interactive secure multiparty computation that only makes (black-box) use of symmetric-key primitives? We provide affirmative answers to these questions in a model where parties have access to shared EPR pairs, thus demonstrating the cryptographic power of this resource.• First, we construct a one-shot (i.e., single message) string oblivious transfer (OT) protocol with … Show more

“…We note that while prior work [BCKM21a] has implicitly constructed a two-message zeroknowledge state synthesis protocol in the CRS model, our work is the first to obtain this primitive with one message in the shared EPR pair model. Corollary 4.25.…”

“…We now use a result from [BCKM21a] showing that any unidirectional quantum functionality can be securely computed in one message given access to a secure one-message protocol for arbitrary unidirectional classical functionalities. Since this theorem is not explicitly stated in [BCKM21a], we add some explanation for how it follows from their work.…”

“…It makes use of a type of quantum garbled circuit first described in [BY22] and formalized by [BCKM21a]. This quantum garbled circuit is based on the Clifford + measurement representation of quantum circuits, and supports a quantum input encoding procedure and classical garbling procedure.…”

“…Now, given a circuit Q describing a unidirectional quantum functionality, the sender samples k and sends |ψ ← Encode k (|ψ ) to the receiver. In addition, it inputs k to a unidirectional randomized classical functionality that will sample Q and along with a description of some measurement M that the receiver can apply to |ψ to check that it is well-formed (these are the zero and T checks described in [BCKM21a]). Thus, the receiver obtains |ψ from the sender, and M and Q from the classical functionality, checks that |ψ is well-formed using M , and finally evaluates Q( |ψ ) to obtain their output.…”

One-Way Functions Imply Secure Computation in a Quantum World

“…We note that while prior work [BCKM21a] has implicitly constructed a two-message zeroknowledge state synthesis protocol in the CRS model, our work is the first to obtain this primitive with one message in the shared EPR pair model. Corollary 4.25.…”

“…We now use a result from [BCKM21a] showing that any unidirectional quantum functionality can be securely computed in one message given access to a secure one-message protocol for arbitrary unidirectional classical functionalities. Since this theorem is not explicitly stated in [BCKM21a], we add some explanation for how it follows from their work.…”

“…It makes use of a type of quantum garbled circuit first described in [BY22] and formalized by [BCKM21a]. This quantum garbled circuit is based on the Clifford + measurement representation of quantum circuits, and supports a quantum input encoding procedure and classical garbling procedure.…”

“…Now, given a circuit Q describing a unidirectional quantum functionality, the sender samples k and sends |ψ ← Encode k (|ψ ) to the receiver. In addition, it inputs k to a unidirectional randomized classical functionality that will sample Q and along with a description of some measurement M that the receiver can apply to |ψ to check that it is well-formed (these are the zero and T checks described in [BCKM21a]). Thus, the receiver obtains |ψ from the sender, and M and Q from the classical functionality, checks that |ψ is well-formed using M , and finally evaluates Q( |ψ ) to obtain their output.…”

One-Way Functions Imply Secure Computation in a Quantum World

“…Since MPQC is closely related to QPFE, we give a brief review of MPQC here. A more comprehensive review of the field of MPQC can be found in [9]. In the first work of MPQC [8], Crepeau et al present an information-theoretically secure MPQC protocol when the proportion of malicious parties is less than 1/6.…”

Quantum private function evaluation

Multi-theorem Designated-Verifier NIZK for QMA