Jiayu Zhang: Succinct Blind Quantum Computation Using a Random Oracle

Speaker: Jiayu Zhang

Date: Friday, March 19, 2021

Time: 1:00 PM to 2:30 PM Note: all times are in the Eastern Time Zone

Public: Yes

Location: email dlehto@mit.edu for Zoom link

Event Type: Seminar

Room Description:

Host: Vinod Vaikuntanathan and Yael Kalai

Contact: Deborah Goodwin, dlehto@csail.mit.edu

Relevant URL:

Speaker URL: None

Speaker Photo:
None

Reminders to: seminars@csail.mit.edu, cis-seminars@csail.mit.edu, crypto@lists.csail.mit.edu

Reminder Subject: TALK: Jiayu Zhang: Succinct Blind Quantum Computation Using a Random Oracle

Abstract: In the universal blind quantum computation problem, a client wants to make use of a single quantum server to evaluate C|0> where C is an arbitrary quantum circuit while keeping C secret. The client's goal is to use as few resources as possible. This problem, first raised by Broadbent, Fitzsimons and Kashefi [FOCS09, arXiv:0807.4154], has become fundamental to the study of quantum cryptography, not only because of its own importance, but also because it provides a testbed for new techniques that can be later applied to related problems (for example, quantum computation verification). Known protocols on this problem are mainly either information-theoretically (IT) secure or based on trapdoor assumptions (public key encryptions). In this paper we study how the availability of symmetric-key primitives, modeled by a random oracle, changes the complexity of universal blind quantum computation. We give a new universal blind quantum computation protocol. Similar to previous works on IT-secure protocols (for example, BFK [FOCS09, arXiv:0807.4154]), our protocol can be divided into two phases. In the first phase the client prepares some quantum gadgets with relatively simple quantum gates and sends them to the server, and in the second phase the client is entirely classical -- it does not even need quantum storage. Crucially, the protocol's first phase is succinct, that is, its complexity is independent of the circuit size. Given the security parameter kappa, its complexity is only a fixed polynomial of kappa, and can be used to evaluate any circuit (or several circuits) of size up to a subexponential of kappa. In contrast, known schemes either require the client to perform quantum computations that scale with the size of the circuit [FOCS09, arXiv:0807.4154], or require trapdoor assumptions [Mahadev, FOCS18, arXiv:1708.02130].

Research Areas:

Impact Areas:

See other events that are part of the Cryptography and Information Security (CIS) Seminar Series 2021.

Created by Deborah Goodwin Email at Friday, March 12, 2021 at 12:29 PM.