Impossibility of perfectly-secure one-round delegated quantum computing for classical client

TL;DR

This paper proves that a one-round perfectly-secure delegated quantum computing protocol cannot exist for a completely classical client unless BQP is in NP, indicating fundamental limitations in quantum cloud computing security.

Contribution

It establishes a fundamental impossibility result for one-round perfectly-secure delegated quantum computing with classical clients, assuming standard complexity class separations.

Findings

No one-round protocol can achieve both correctness and perfect blindness for classical clients.

The result relies on the assumption that BQP is not contained in NP.

This highlights inherent limitations in secure delegated quantum computing protocols.

Abstract

Blind quantum computing protocols enable a client, who can generate or measure single-qubit states, to delegate quantum computing to a remote quantum server protecting the client's privacy (i.e., input, output, and program). With current technologies, generations or measurements of single-qubit states are not too much burden for the client. In other words, secure delegated quantum computing is possible for "almost classical" clients. However, is it possible for a "completely classical" client? Here we consider a one-round perfectly-secure delegated quantum computing, and show that the protocol cannot satisfy both the correctness (i.e., the correct result is obtained when the server is honest) and the perfect blindness (i.e., the client's privacy is completely protected) simultaneously unless BQP is in NP. Since BQP is not believed to be in NP, the result suggests the impossibility of the one-round perfectly-secure delegated quantum computing.