Communications of the ACM

what would be the cost of it? This is a question that very recently has attracted attention and following the first key research we analyze here, we expect that it will become very important.

Here, we refer to “blind quantum
computation” as all the protocols where
a client with no quantum-computing de-
vice delegates a computation to a server
with a quantum computer maintaining
the privacy of her input/output. There is
strong evidence from quantum complex-
ity theory ruling out information theo-
retic secure, classical-client, blind quan-
tum computation protocols. 4 To achieve
a fully classical client, one should weak-
en some of the assumptions: either allow
some (well defined) leakage of informa-
tion or aim for post-quantum computa-
tionally secure protocols.g
A protocol was developed in Ma-
hadev31 where a fully classical client
delegates a (generic) quantum com-
putation, without leaking information
on the input and output. This protocol
was post-quantum computationally se-
cure. The key element in the construc-
tion was a mechanism to use a classical
ciphertext to apply a (generic) quantum
gate conditional on the corresponding
plaintext, without ever decrypting and
without leaking any information.

A second approach is to construct a mechanism that mimics a quantum channel by having a classical client interact with a quantum server, 15 again with the consequence that the resulting protocol is post-quantum computational secure. Depending on the specifics of the simulated quantum channel, this functionality could enable classical clients to use all the protocols given in this section.

An important consequence is that classical clients could use verifiable blind quantum computation protocols. Here the clients can test the correctness of the delegated blind quantum computation, a feature crucial for commercial use of the quantum cloud. Finally, providing means that a classical agent can confirm the validity of a generic quantum computation g Classical client protocols with multiple non-communicating quantum servers have been proposed, 23, 34 based on quantum non-locality. However, the noncommunication of the quantum servers cannot be ensured indefinitely and the privacy gets compromised when those servers, eventually, communicate.

quantum computation, quantum fully homomorphic encryption, secure multiparty quantum computation, functional quantum encryption, and so on (for example, see the review of Fitzsimons19). There is a variety of protocols optimizing with respect to different figures of merit, for example, minimizing the quantum (or classical) communication, minimizing the overall quantum resources or the quantum resources of some specific parties, offering the highest possible level of security (information theoretic vs. post-quantum computational).

The majority of these protocols require quantum communication between parties and in most cases, quantum computation must be applied on the communicated quantum information. This raises two concerns: one theoretical and one practical. To achieve such tasks one needs quantum computation devices that are compatible with the quantum communication devices. On the one hand, the best platform for quantum communication is photonic, since it is simple to send quantum information encoded in photons in long distances.

On the other hand, one of the most
promising approaches for quantum
computation devices, the one used
by the major industrial players and
that is leading the “bigger quantum
computer” race, is based on supercon-
ducting qubits. The preferred types of
qubits, for communication and com-
putation, do not coincide, and more-
over, currently it is not even known if
they are compatible. It is unknown if
superconducting quantum comput-
ers can be part of a “networked archi-
tecture,” since they are currently built
in a monolithic architecture and is not
clear if it will ever be possible to send
and receive quantum states.

The practical concern is the two quantum technological developments, namely the quantum computing devices and the large quantum network, are independent and we should be able to use “local” quantum computation devices before establishing the infrastructure required for a full quantum Internet network. For example, even if a single quantum computer is built in some central university or company lab, we may wish to use it to delegate computations before establishing a quantum network infrastructure. This is precisely the case for some of the current, small-scale, quantum computers (IBM, Rigetti); they offer their quantum computer in a cloud service to the public using a classical interface. Therefore, we turn to a question of both practical and theoretical interest: Can we provide quantum computation protocols that maintain privacy and security guarantees using this classical interface, that is, to clients with no-quantum abilities, and