Cryptology ePrint Archive: Report 2018/338

Quantum FHE (Almost) As Secure as Classical

Zvika Brakerski

Abstract: Fully homomorphic encryption schemes (FHE) allow to apply arbitrary efficient computation to encrypted data without decrypting it first. In Quantum FHE (QFHE) we may want to apply an arbitrary quantumly efficient computation to (classical or quantum) encrypted data.

We present a QFHE scheme with classical key generation (and classical encryption and decryption if the encrypted message is itself classical) with comparable properties to classical FHE. Security relies on the hardness of the learning with errors (LWE) problem with polynomial modulus, which translates to the worst case hardness of approximating short vector problems in lattices to within a polynomial factor. Up to polynomial factors, this matches the best known assumption for classical FHE. Similarly to the classical setting, relying on LWE alone only implies leveled QFHE (where the public key length depends linearly on the maximal allowed evaluation depth). An additional circular security assumption is required to support completely unbounded depth. Interestingly, our circular security assumption is the same assumption that is made to achieve unbounded depth multi-key classical FHE.

Technically, we rely on the outline of Mahadev (arXiv 2017) which achieves this functionality by relying on super-polynomial LWE modulus and on a new circular security assumption. We observe a connection between the functionality of evaluating quantum gates and the circuit privacy property of classical homomorphic encryption. While this connection is not sufficient to imply QFHE by itself, it leads us to a path that ultimately allows using classical FHE schemes with polynomial modulus towards constructing QFHE with the same modulus.

Category / Keywords: public-key cryptography / fully homomorphic encryption, learning with errors, quantum computation

Date: received 10 Apr 2018, last revised 11 Apr 2018

Contact author: zvika brakerski at weizmann ac il

Available format(s): PDF | BibTeX Citation

Version: 20180411:203057 (All versions of this report)

Short URL: ia.cr/2018/338

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]