Private Delegated Quantum Computing for User-Level and Industry-Level Settings

TL;DR

This paper introduces a modular hierarchy of private delegated quantum computation protocols tailored for various user and industry settings, detailing privacy guarantees and resource requirements.

Contribution

It provides a comprehensive framework classifying quantum privacy levels, protocols, and conditions for secure delegated quantum computing with explicit leakage and privacy analyses.

Findings

Defines a hierarchy of privacy in delegated quantum protocols.

Specifies conditions for privacy, leakage, and adversarial models.

Introduces angle-sharing primitives for transcript ambiguity.

Abstract

We present a modular hierarchy of private delegated quantum computation protocols tailored to user-level and industry-level settings and parameterized by the quantum resources available to the client. For each protocol, we specify the client capabilities, delegated gate set, adversarial model, transcript leakage and resulting privacy claims. The hierarchy separates QOTP state privacy under declared leakage from leakage-dependent transcript-level angle ambiguity, compiler- and leakage-function-dependent structural privacy, and output privacy, clarifies when public Clifford operations can be evaluated on quantum-one-time-pad encrypted data by classical key updates, and identifies where non-Clifford privacy, non-collusion or additional primitives are required. The classical-client branch uses a persistent common-node, matching-hidden split-QOTP together with shuffled finite-grid $r$-share sign-randomized angle sharing to obtain leakage-relative state hiding under an explicit $\epsilon_{\mathrm{key}}$ key-hiding condition and transcript-level unlinkability under hidden-matching assumptions under an explicit non-total-collusion and leakage model. The angle-sharing primitives provide transcript ambiguity under explicit leakage assumptions, not universal blindness. The trap-based layer provides detection under stated assumptions, but it is not a stand-alone malicious-security proof.