Paper 2020/1286

Secure Two-Party Quantum Computation Over Classical Channels

Michele Ciampi, Alexandru Cojocaru, Elham Kashefi, and Atul Mantri


Secure two-party computation considers the problem of two parties computing a joint function of their private inputs without revealing anything beyond the output of the computation. In this work, we take the first steps towards understanding the setting where: 1) the two parties (Alice and Bob) can communicate only via a classical channel, 2) the input of Bob is quantum, and 3) the input of Alice is classical. Our first result indicates that in this setting it is in general impossible to realize a two-party quantum functionality with black-box simulation in the case of malicious quantum adversaries. In particular, we show that the existence of a secure quantum computing protocol that relies only on classical channels would contradict the quantum no-cloning argument. We circumvent this impossibility following three different approaches. The first is by considering a weaker security notion called one-sided simulation security. This notion protects the input of one party (the quantum Bob) in the standard simulation-based sense and protects the privacy of the other party's input (the classical Alice). We show how to realize a protocol that satisfies this notion relying on the learning with errors assumption. The second way to circumvent the impossibility result, while at the same time providing standard simulation-based security also against a malicious Bob, is by assuming that the quantum input has an efficient classical representation. Finally, we focus our attention on the class of zero-knowledge functionalities and provide a compiler that takes as input a classical proof of quantum knowledge (PoQK) protocol for a QMA relation R (a classical PoQK is a PoQK that can be verified by a classical verifier) and outputs a zero-knowledge PoQK for R that can be verified by classical parties. The direct implication of our result is that Mahadev’s protocol for classical verification of quantum computations (FOCS’18) can be turned into a zero-knowledge proof of quantum knowledge with classical verifiers. To the best of our knowledge, we are the first to instantiate such a primitive.

Note: Compared to the previous version we have done the following updates: 1) Revised the impossibility proof accordingly to the impossibility of realizing quantum agree-and-prove protocols for quantum money verification. 2) Added the construction that is fully simulation-based secure when the parties are restricted to use inputs with efficient classical descriptions. 3) Added a compiler that turns classical proof of quantum knowledge (PoQK) into a classical zero-knowledge PoQK.

Available format(s)
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Secure Quantum Two-party ComputationProofs of Quantum KnowledgeSimulation-based Security
Contact author(s)
atul mantri91 @ gmail com
micheleciampi1990 @ gmail com
ekashefi @ gmail com
a d cojocaru @ sms ed ac uk
2021-05-28: revised
2020-10-16: received
See all versions
Short URL
Creative Commons Attribution


      author = {Michele Ciampi and Alexandru Cojocaru and Elham Kashefi and Atul Mantri},
      title = {Secure Two-Party Quantum Computation Over Classical Channels},
      howpublished = {Cryptology ePrint Archive, Paper 2020/1286},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.