Verification of Quantum Computing Elham Kashefi Paris Centre for - PowerPoint PPT Presentation

Verification of Quantum Computing Elham Kashefi Paris Centre for Quantum Computing Laboratoire traitement et communication de l'information Adjoint with University of Edinburgh & Oxford Quantum Technology Hub

Google Martinis Lab Motivation Bristol QET Lab Quantum Machines Era TU Delft Quantum Tech Lab Lockheed Martin/NASA/Google Artificial Intelligence lab Oxford NQIT Hub These devices become relevant at the moment they are no longer classically simulatable Existing methods of Testing/Validation/Simulation/Monitoring/Tomography ... all become IRRELEVANT 2

What is Quantum Computer ?

Is it a Quantum Computer ? BOX

Should we pay $10000000 for a quantum computer That kind of tests work only for a specific problem. We don’t know if all the questions that quantum computer can solve are classically testable Simple test: We ask the box to factor a big number

Complexity Picture BQP NP BPP Jone’s Polynomial Quantum Simulation Trace Approximation Graph Isomorphism Boson Sampling Instantaneous QC Factoring/Discrete-log/Pell's Equation Blind Computation Testing outcome correctness ?

Target E ffi cient verification methods for realistic pseudo quantum computers - Correctness of the outcome None-universal: - Architectural constraints - Operation monitoring D-Wave machine - Experimental imperfections - Quantum property testing Quantum Simulator How do we do it? 7

Verification of Classical Computing business buy computing from a service provider outsourcing complex computing to larger servers ➡ Cloud Computing ➡ Small Devices ➡ Large Scale Computation Network-based computation 8

Methodology Formalising the Question Combat the complexity ➡ Interactive Proof System ➡ Cryptographic Toolkit ➡ Classically controlled QC Implementation Platform 9

IP for Quantum Computing X = ( Quantum Classical Verifier Classical Computer Poly (input size) Quantum Computer is not trusted Yes X satisfies some property

IP for Quantum Computing Rahul Jain, Zhengfeng Ji, Sarvagya Upadhyay, and John Watrous IP = PSPACE = QIP IP = PSPACE BQP Quantum Prover NP P Classical Verifier Quantum Verifier

IP for Quantum Computing X = ( Quantum Classical Verifier Computer Yes X satisfies some property Gottesman (04) - Vazirani (07)- Aaronson $25 Challenge (07) Does BQP admit an interactive protocol where the prover is in BQP and the verifier is in BPP? D. Aharonov and U. Vazirani, arXiv:1206.3686 (2012).

Yes we can but with Semi Classical Verifier Classical & Quantum Communication Classical Verifier Quantum Prover + Trusted random single qubit generator Broadbent, Fitzsimons and Kashefi, FOCS 2009 Fitzsimons and Kashefi, arXiv:1203.5217 2012

Yes we can but with Entangled non-communicating Provers Quantum Prover Quantum Prover Classical Communication Classical Communication Classical Communication Classical Verifier Reichardt, Unger and Vazirani, Nature 2012 Gheorghiu, Kashefi, Wallden, NJP , 2015

Methodology Formalising the Question Combat the complexity ➡ Interactive Proof System ➡ Cryptographic Toolkit ➡ Classically controlled QC 15

Encryption Enables Secure Communication Access to data is all or nothing Modern Encryption Enables arbitrary computation on encrypted data without decrypting

Holy Grail of Cryptography since 1987 Rivest, Adleman and Dertouzos Can we process encrypted data without decrypting it m E ( m ) Untrusted Server Limited Client E E E ( m ) f ( E ( m )) E f ( E ( m )) D ( f ( E ( m ))) = f ( m )

Cryptographic Toolkit Quantum World Classical World Broadbent, Fitzsimons and Kashefi FOCS09 Gentry STOC09 Blind Quantum Computing A Lattice-based cryptosystem QKD + Teleportation that is fully homomorphic Enables arbitrary computation on encrypted data without decrypting 18

Fully Homomorphic Encryption (FHE) A Lattice-based cryptosystem that is fully homomorphic 32787648736923843984794783947394872349979387983709470059830958309580948503498504984879ut9875937493 + %^&&£££$% 590094867-3498674-096759067458976459765-9067459685489765498765468978745943580487568760876508457095 Long Key Complicated Server Operations Computational Security

Universal Blind Quantum Computing (UBQC) Quantum Key Distribution + Quantum Teleportation Short Key Simple Quantum Server Operations Information Security Classical Communication Interactive Classical Computer random single qubit generator Unconditional Perfect Privacy Server learns nothing about client’s input/output/computation

Verification • Correctness: in the absence of any interference, client accepts and the output is correct • Soundness: Client rejects an incorrect output, except with probability at most exponentially small in the security parameter p (incorrect AND accept) < ε ����������� ����������� trapification ������������ �������� ������ Blind Computation ����������� trapification ������������ ��� ����������� ����������� Blind Computation

How do we do it Formalising the Question Combat the complexity ➡ Interactive Proof System ➡ Cryptographic Toolkit ➡ Classically controlled QC Implementation Platform 22

Measurement-based quantum Turing machine A quantum tape for acting on quantum data A classical transition function for a formalised classical control The head work according to the measurement postulate of quantum mechanics control computer control computer measurement measurement site sites resource state resource state Raussendorf and Briegel, Physical Review Letter 01 Perdrix and Jorrand, ENTCS, 04 Danos, Kashefi, Panangaden, JACM 07

Blind Quantum Computing Program is encoded in the classical control computer Computation Power is encoded in the entanglement control computer control computer Hide • Angles of measurements Verifier • Results of Measurements measurement measurement site sites resource state resource state Quantum Computer

A simple MBQC program � ⇥ e i α 1 1 J ( α ) := √ − e i α 1 2 1 C @ A A ↵ C ✓ 1 P e i α ◆ ✓ − e i α ◆ 1 1 + 1 e − i α − e − i α 2 1 2 1 0 1 1 1 B C B C 1 @ A − 1

A simple MBQC program � ⇥ e i α 1 1 J ( α ) := √ − e i α 1 2 1 C s ∈ { 0 , 1 } ; @ A A ↵ C ✓ 1 P e i α ◆ ✓ − e i α ◆ 1 1 + 1 e − i α − e − i α 2 1 2 1 0 1 1 ✓ 1 ◆ 1 ; X s J ( ↵ ) B C B C 1 1 @ A − 1

Encrypting 1 1 ✓ C C In order to hide choose a random A ✓ A ↵ C C In order to hide the measurement outcome choose a random r ✓ − 1 s + r C A ✓ + ↵ + r ⇡ C classical one-time padding angles and outcomes 1 ✓ 1 ◆ C A ✓ ; X s + r J ( ↵ ) C quantum one-time padding output 1 ✓ ◆

FHE based on Learning Divisor with Noise N= PQ then it is hard to distinguish between D E X i ∈ R Z N and X i = PR i + θ i θ ∈ R [A Suitably Small Range] i ∈ R Z Q INCREASE CORRUPT E ( m 1 ) = m + PR 1 + θ 1 E ( m 2 ) = m + PR 2 + θ 2 Untrusted Server Limited Client E ⇤ E ⇤ E E E E ( m 1 ) + E ( m 2 ) = E ( m 1 + m 2 ) D ( m ) = m � b m/P e P � θ E ( m 1 ) ∗ E ( m 2 ) = E ( m 1 ∗ m 2 ) van Dijk, Gentry, Halevi, Vaikuntanathan

FHE based on LDN assumption E E E ( m 1 ) + E ( m 2 ) = E ( m 1 + m 2 ) E ( m 1 ) ∗ E ( m 2 ) = E ( m 1 ∗ m 2 ) ⇤ After each operation server blindly reduce � θ bottleneck

UBQC based on no-cloning assumption given random single qubit ⇤ | 0 i + e i θ | 1 i At most one-bit of information � θ about could be leaked θ 2 R { 0 , π / 4 , 2 π / 4 , · · · , 7 π / 4 } E ( m ) = ( m + θ + r π , | 0 i + e i θ | 1 i ) unconditionally secure ⇤ enables perfect removal of at each step � θ

Gates Composition | + θ ⇥ ± δ α � r X ± X δ | + ⌥ α � r X ± X δ | + ⌥ α � r X X | + ⌥ Client-Server interactions

Universal Blind Quantum Computings ✓ X = ( ˜ U, { φ x,y } ) 1 C ✓ 0 A ✓ C random single qubit generator ation and computation √ | 0 � + e i θ | 1 � � � { 1 / 2 ∈ θ = 0 , π / 4 , 2 π / 4 , . . . , 7 π / 4 } ts δ x,y them according to the bric s the re = 0. r x,y ⌅ R { 0 , 1 } es δ x,y = φ � x,y + θ x,y + π r x,y � � � Bob. Bob mea . . � � � � lt s x,y ∈ { 0 , 1 } is { � + δ x,y , � − δ x,y } . s x,y := s x,y + r x,y

Blind Q Computing World CC Other approaches Aharonov, Ben-Or, and Eban, ICS 10 (2010) Childs, Quant. Inf. Compt. (2005) Arrighi and Salvail, Int. J. Quant. Inf. (2006) Another 20 or so papers UBQC Application Broadbent, Gutoski, Stebila. Quantum one-time programs. Crypto 2013 Kashefi, Wallden Quantum Yao, In preparation Mosca and Stebila, Quantum coins, 2010 Robust Protocol Optimisation Morimae, Dunjko, Kashefi, Journal of QIC, 2015 Giovannetti, Maccone, Morimae, Rudolph, PRL 13 Morimae, Fujii, Nature Communications, 2012 Mantri, Perez-Delgado, Fitzsimons, PRL 13 Dunjko, Fitzsimons, Portmann, Renner, AsiaCrypt, 2014 Dunjko, Kashefi, Leverrier, PRL, 2012