Paper 2020/818

Security Limitations of Classical-Client Delegated Quantum Computing

Christian Badertscher, Alexandru Cojocaru, Léo Colisson, Elham Kashefi, Dominik Leichtle, Atul Mantri, and Petros Wallden

Abstract

Secure delegated quantum computing is a two-party cryptographic primitive, where a computationally weak client wishes to delegate an arbitrary quantum computation to an untrusted quantum server in a privacy-preserving manner. Communication via quantum channels is typically assumed such that the client can establish the necessary correlations with the server to securely perform the given task. This has the downside that all these protocols cannot be put to work for the average user unless a reliable quantum network is deployed. Therefore the question becomes relevant whether it is possible to rely solely on classical channels between client and server and yet benefit from its quantum capabilities while retaining privacy. Classical-client remote state preparation ($\sf{RSP}_{CC}$) is one of the promising candidates to achieve this because it enables a client, using only classical communication resources, to remotely prepare a quantum state. However, the privacy loss incurred by employing $\sf{RSP}_{CC}$ as sub-module to avoid quantum channels is unclear. In this work, we investigate this question using the Constructive Cryptography framework by Maurer and Renner (ICS'11). We first identify the goal of $\sf{RSP}_{CC}$ as the construction of ideal \RSP resources from classical channels and then reveal the security limitations of using $\sf{RSP}_{CC}$ in general and in specific contexts: 1. We uncover a fundamental relationship between constructing ideal $\sf{RSP}$ resources (from classical channels) and the task of cloning quantum states with auxiliary information. Any classically constructed ideal $\sf{RSP}$ resource must leak to the server the full classical description (possibly in an encoded form) of the generated quantum state, even if we target computational security only. As a consequence, we find that the realization of common $\sf{RSP}$ resources, without weakening their guarantees drastically, is impossible due to the no-cloning theorem. 2. The above result does not rule out that a specific $\sf{RSP}_{CC}$ protocol can replace the quantum channel at least in some contexts, such as the Universal Blind Quantum Computing ($\sf{UBQC}$) protocol of Broadbent et al. (FOCS ’09). However, we show that the resulting $\sf{UBQC}$ protocol cannot maintain its proven composable security as soon as $\sf{RSP}_{CC}$ is used as a subroutine. 3. We show that replacing the quantum channel of the above $\sf{UBQC}$ protocol by the $\sf{RSP}_{CC}$ protocol QFactory of Cojocaru et al. (Asiacrypt ’19), preserves the weaker, game-based, security of $\sf{UBQC}$.