what would be the cost of it? This is a
question that very recently has attracted
attention and following the first key research we analyze here, we expect that it
will become very important.
Here, we refer to “blind quantum
computation” as all the protocols where
a client with no quantum-computing de-
vice delegates a computation to a server
with a quantum computer maintaining
the privacy of her input/output. There is
strong evidence from quantum complex-
ity theory ruling out information theo-
retic secure, classical-client, blind quan-
tum computation protocols.
4 To achieve
a fully classical client, one should weak-
en some of the assumptions: either allow
some (well defined) leakage of informa-
tion or aim for post-quantum computa-
tionally secure protocols.g
A protocol was developed in Ma-
hadev31 where a fully classical client
delegates a (generic) quantum com-
putation, without leaking information
on the input and output. This protocol
was post-quantum computationally se-
cure. The key element in the construc-
tion was a mechanism to use a classical
ciphertext to apply a (generic) quantum
gate conditional on the corresponding
plaintext, without ever decrypting and
without leaking any information.
A second approach is to construct
a mechanism that mimics a quantum
channel by having a classical client interact with a quantum server,
15 again
with the consequence that the resulting protocol is post-quantum computational secure. Depending on the
specifics of the simulated quantum
channel, this functionality could enable classical clients to use all the protocols given in this section.
An important consequence is that
classical clients could use verifiable
blind quantum computation protocols. Here the clients can test the correctness of the delegated blind quantum computation, a feature crucial
for commercial use of the quantum
cloud. Finally, providing means that a
classical agent can confirm the validity of a generic quantum computation
g Classical client protocols with multiple non-communicating quantum servers have been
proposed,
23, 34 based on quantum non-locality.
However, the noncommunication of the quantum servers cannot be ensured indefinitely
and the privacy gets compromised when those
servers, eventually, communicate.
quantum computation, quantum
fully homomorphic encryption, secure multiparty quantum computation, functional quantum encryption,
and so on (for example, see the review
of Fitzsimons19). There is a variety of
protocols optimizing with respect to
different figures of merit, for example, minimizing the quantum (or classical) communication, minimizing
the overall quantum resources or the
quantum resources of some specific
parties, offering the highest possible
level of security (information theoretic vs. post-quantum computational).
The majority of these protocols
require quantum communication
between parties and in most cases,
quantum computation must be applied on the communicated quantum
information. This raises two concerns: one theoretical and one practical. To achieve such tasks one needs
quantum computation devices that
are compatible with the quantum
communication devices. On the one
hand, the best platform for quantum
communication is photonic, since it is
simple to send quantum information
encoded in photons in long distances.
On the other hand, one of the most
promising approaches for quantum
computation devices, the one used
by the major industrial players and
that is leading the “bigger quantum
computer” race, is based on supercon-
ducting qubits. The preferred types of
qubits, for communication and com-
putation, do not coincide, and more-
over, currently it is not even known if
they are compatible. It is unknown if
superconducting quantum comput-
ers can be part of a “networked archi-
tecture,” since they are currently built
in a monolithic architecture and is not
clear if it will ever be possible to send
and receive quantum states.
The practical concern is the two
quantum technological developments,
namely the quantum computing devices and the large quantum network,
are independent and we should be able
to use “local” quantum computation
devices before establishing the infrastructure required for a full quantum
Internet network. For example, even
if a single quantum computer is built
in some central university or company
lab, we may wish to use it to delegate
computations before establishing a
quantum network infrastructure. This
is precisely the case for some of the current, small-scale, quantum computers
(IBM, Rigetti); they offer their quantum
computer in a cloud service to the public using a classical interface. Therefore,
we turn to a question of both practical
and theoretical interest: Can we provide
quantum computation protocols that
maintain privacy and security guarantees
using this classical interface, that is, to
clients with no-quantum abilities, and
Figure 3. The future communication and computation networks.