Composable security of delegated quantum computation

TL;DR

This paper establishes a formal framework for the composable security of delegated quantum computation, analyzing existing protocols under this rigorous standard and demonstrating their security within this new paradigm.

Contribution

It introduces a composable security definition for delegated quantum computation and applies it to evaluate the security of existing protocols.

Findings

Existing protocols are secure under the new composable security definitions.

The security of protocols can be characterized by a combination of trace-distance criteria.

Composable security ensures protocols remain secure when combined or run in parallel.

Abstract

Delegating difficult computations to remote large computation facilities, with appropriate security guarantees, is a possible solution for the ever-growing needs of personal computing power. For delegated computation protocols to be usable in a larger context---or simply to securely run two protocols in parallel---the security definitions need to be composable. Here, we define composable security for delegated quantum computation. We distinguish between protocols which provide only blindness---the computation is hidden from the server---and those that are also verifiable---the client can check that it has received the correct result. We show that the composable security definition capturing both these notions can be reduced to a combination of several distinct "trace-distance-type" criteria---which are, individually, non-composable security definitions. Additionally, we study the security of some known delegated quantum computation protocols, including Broadbent, Fitzsimons and Kashefi's Universal Blind Quantum Computation protocol. Even though these protocols were originally proposed with insufficient security criteria, they turn out to still be secure given the stronger composable definitions.