Verification of Quantum Computing Elham Kashefi Paris Centre for - - PowerPoint PPT Presentation

Elham Kashefi

Verification of Quantum Computing

Paris Centre for Quantum Computing Laboratoire traitement et communication de l'information

Adjoint with University of Edinburgh & Oxford Quantum Technology Hub

Motivation

These devices become relevant at the moment they are no longer classically simulatable Existing methods of Testing/Validation/Simulation/Monitoring/Tomography ... all become IRRELEVANT

2

Quantum Machines Era

Lockheed Martin/NASA/Google Artificial Intelligence lab Bristol QET Lab Google Martinis Lab Oxford NQIT Hub TU Delft Quantum Tech Lab

What is Quantum Computer ?

Is it a Quantum Computer ? BOX

Should we pay $10000000 for a quantum computer

That kind of tests work only for a specific problem. We don’t know if all the questions that quantum computer can solve are classically testable Simple test: We ask the box to factor a big number

Blind Computation

Testing outcome correctness ?

Complexity Picture

NP BQP Factoring/Discrete-log/Pell's Equation Graph Isomorphism Jone’s Polynomial Quantum Simulation Trace Approximation Boson Sampling Instantaneous QC BPP

Target

Efficient verification methods for realistic pseudo quantum computers

• Correctness of the outcome
• Operation monitoring
• Quantum property testing
• Architectural constraints
• Experimental imperfections

None-universal: D-Wave machine Quantum Simulator

7

How do we do it?

Verification of Classical Computing

8

➡ Cloud Computing ➡ Small Devices ➡ Large Scale Computation

business buy computing from a service provider

• utsourcing complex

computing to larger servers Network-based computation

Methodology

9

➡ Interactive Proof System ➡ Cryptographic Toolkit ➡ Classically controlled QC

Formalising the Question Combat the complexity Implementation Platform

Classical Verifier Quantum Computer

X = (

Yes X satisfies some property

IP for Quantum Computing

Quantum Computer is not trusted Classical Poly (input size)

IP = PSPACE BQP P NP IP = PSPACE = QIP

Rahul Jain, Zhengfeng Ji, Sarvagya Upadhyay, and John Watrous

Quantum Verifier Quantum Prover Classical Verifier

IP for Quantum Computing

Classical Verifier Quantum Computer

X = (

Yes X satisfies some property

Gottesman (04) - Vazirani (07)- Aaronson $25 Challenge (07)

Does BQP admit an interactive protocol where the prover is in BQP and the verifier is in BPP?

• D. Aharonov and U. Vazirani, arXiv:1206.3686 (2012).

IP for Quantum Computing

Classical Verifier Quantum Prover

Yes we can but with

Broadbent, Fitzsimons and Kashefi, FOCS 2009 Fitzsimons and Kashefi, arXiv:1203.5217 2012

+

Trusted random single qubit generator

Semi Classical Verifier

Classical & Quantum Communication

Yes we can but with Entangled non-communicating Provers

Quantum Prover Quantum Prover

Reichardt, Unger and Vazirani, Nature 2012 Gheorghiu, Kashefi, Wallden, NJP , 2015

Classical Verifier

Classical Communication Classical Communication Classical Communication

15

➡ Interactive Proof System ➡ Cryptographic Toolkit ➡ Classically controlled QC

Formalising the Question Combat the complexity

Methodology

Encryption

Enables Secure Communication Access to data is all or nothing

Modern Encryption

Enables arbitrary computation on encrypted data without decrypting

Holy Grail of Cryptography since 1987

Limited Client Untrusted Server

m

E(m)

E f(E(m))

E(m)

E D(f(E(m))) = f(m)

E f(E(m))

Rivest, Adleman and Dertouzos Can we process encrypted data without decrypting it

Cryptographic Toolkit

18

Enables arbitrary computation on encrypted data without decrypting Classical World Gentry STOC09 A Lattice-based cryptosystem that is fully homomorphic Quantum World Broadbent, Fitzsimons and Kashefi FOCS09 Blind Quantum Computing QKD + Teleportation

Fully Homomorphic Encryption (FHE)

A Lattice-based cryptosystem that is fully homomorphic

32787648736923843984794783947394872349979387983709470059830958309580948503498504984879ut9875937493 590094867-3498674-096759067458976459765-9067459685489765498765468978745943580487568760876508457095

+ %^&&£££$%

Long Key Complicated Server Operations Computational Security

Universal Blind Quantum Computing (UBQC)

Quantum Key Distribution + Quantum Teleportation

Classical Computer

random single qubit generator

Unconditional Perfect Privacy

Server learns nothing about client’s input/output/computation Classical Communication

Short Key Simple Quantum Server Operations Information Security Interactive

Verification

• Correctness: in the absence of any interference, client accepts

and the output is correct

• Soundness: Client rejects an incorrect output, except with

probability at most exponentially small in the security parameter

• trapification

trapification

Blind Computation Blind Computation

p (incorrect AND accept) < ε

How do we do it

22

➡ Interactive Proof System ➡ Cryptographic Toolkit ➡ Classically controlled QC

Formalising the Question Combat the complexity Implementation Platform

Measurement-based quantum Turing machine

resource state control computer measurement sites

control computer resource state measurement site

Raussendorf and Briegel, Physical Review Letter 01 Perdrix and Jorrand, ENTCS, 04 Danos, Kashefi, Panangaden, JACM 07

A quantum tape for acting on quantum data A classical transition function for a formalised classical control The head work according to the measurement postulate of quantum mechanics

Blind Quantum Computing

Program is encoded in the classical control computer Computation Power is encoded in the entanglement

• Angles of measurements
• Results of Measurements

Hide

resource state control computer measurement sites

control computer resource state measurement site

Quantum Computer Verifier

A simple MBQC program

1 C C A ↵

@ A

1 2

✓ 1 eiα e−iα 1 ◆ + 1

2

✓ 1 −eiα −e−iα 1 ◆ P B B @ 1 1 1 −1 1 C C A

J(α) :=

1 √ 2

• 1

eiα 1 −eiα

⇥

; XsJ(↵) ✓1 1 ◆ s ∈ {0, 1} ;

1 C C A ↵

@ A

1 2

✓ 1 eiα e−iα 1 ◆ + 1

2

✓ 1 −eiα −e−iα 1 ◆ P B B @ 1 1 1 −1 1 C C A

J(α) :=

1 √ 2

• 1

eiα 1 −eiα

⇥

A simple MBQC program

Encrypting

In order to hide choose a random

1 C C A ↵

1 C C A ✓

In order to hide the measurement outcome choose a random

✓ r

1 C C A ✓

1 C C A ✓ + ↵ + r⇡ ✓ − s + r ; Xs+rJ(↵) ✓1 1 ◆ ✓ ◆

classical one-time padding angles and outcomes quantum one-time padding output

FHE based on Learning Divisor with Noise

N= PQ then it is hard to distinguish between and

D E Xi ∈R ZN Xi = PRi + θi

i ∈R ZQ

θ ∈R [A Suitably Small Range]

Limited Client Untrusted Server

E(m1) = m + PR1 + θ1 E(m2) = m + PR2 + θ2 E E(m1) + E(m2) = E(m1 + m2) E E(m1) ∗ E(m2) = E(m1 ∗ m2) E ⇤ E E ⇤ D(m) = m bm/PeP θ

INCREASE CORRUPT

van Dijk, Gentry, Halevi, Vaikuntanathan

FHE based on LDN assumption

E E(m1) + E(m2) = E(m1 + m2) E E(m1) ∗ E(m2) = E(m1 ∗ m2) After each operation server blindly reduce

⇤ θ

bottleneck

UBQC based on no-cloning assumption

given random single qubit

At most one-bit of information about could be leaked

⇤ θ

E(m) = (m + θ + rπ , |0i + eiθ|1i)

unconditionally secure

enables perfect removal of at each step

⇤ θ

|0i + eiθ|1i

θ 2R {0, π/4, 2π/4, · · · , 7π/4}

Gates Composition

α

±

X

|+⌥

r

X

δ

α

±

X

|+⌥

|+θ⇥

r

X

δ

α

±

X

|+⌥

r

X

δ

Client-Server interactions

1 C C A ✓

✓ ✓0

Universal Blind Quantum Computings

X = ( ˜ U, {φx,y})

. .

rx,y ⌅R {0, 1}

= 0. es δx,y = φ

x,y + θx,y + πrx,y

• is {
• +δx,y
• ,
• −δx,y
• }.
• Bob. Bob mea

lt sx,y ∈ {0, 1}

sx,y := sx,y + rx,y

∈ ts δx,y s the re

random single qubit generator

ation and computation {1/ √ 2

• |0 + eiθ |1
• θ = 0, π/4, 2π/4, . . . , 7π/4}

them according to the bric

Blind Q Computing World

Optimisation

CC Dunjko, Kashefi, Leverrier, PRL, 2012 Dunjko, Fitzsimons, Portmann, Renner, AsiaCrypt, 2014

Robust Protocol

Morimae, Dunjko, Kashefi, Journal of QIC, 2015 Morimae, Fujii, Nature Communications, 2012

Other approaches

Aharonov, Ben-Or, and Eban, ICS 10 (2010) Childs, Quant. Inf. Compt. (2005) Arrighi and Salvail, Int. J. Quant. Inf. (2006) Another 20 or so papers

UBQC Application

Broadbent, Gutoski, Stebila. Quantum one-time programs. Crypto 2013 Kashefi, Wallden Quantum Yao, In preparation Mosca and Stebila, Quantum coins, 2010 Giovannetti, Maccone, Morimae, Rudolph, PRL 13 Mantri, Perez-Delgado, Fitzsimons, PRL 13

Reducing Interaction in UBQC

• 1. Reducing Security
• 2. Increasing the power of client
• 3. Using FHE
• 4. Using Tamper-proof hardware
• 5. Better Q error correcting codes

Cheat sensitivity

Giovannetti, Maccone, Morimae, Rudolph (PRL)

Entangling encryption

Mantri, Perez-Delgado, Fitzsimons (PRL)

Low T gates Circuit

Broadbent, Jeffery (arXiv:1422.8766)

Classical One-time Memory

Kashefi, Wallden (In preparation)

Q Applications

Q Secure Cloud Q Remote File Storage Q Secure Multi Party Computation Verification of Q Computation Q Zero Knowledge .... Unconditionally Verifiable Blind Quantum Computation

Fitzsimons, Kashefi, arXiv:1203.5217, 2012

Device-Independent Verifiable Blind Quantum Computation,

Gheorghiu, Kashefi, Wallden, New Journal of Physics

Classical command of quantum systems

Reichardt, Unger, Vazirani, Nature

Adding Traps

⇧ |+θ⌦, |θ⌦

Trap Measurements

Mθ|+θ⌦ ⌃ s = 0 Mθ|θ⌦ ⌃ s = 1

|0⌦, |1⌦

Trap positions and Measurement angles remain hidden

Verification

• Correctness: in the absence of any interference, client accepts

and the output is correct

• Soundness: Client rejects an incorrect output, except with

probability at most exponentially small in the security parameter

Fitzsimons and Kashefi, arXiv:1203.5217, 2012

ε-Verification

For any server’s strategy the probability of client accepting an incorrect outcome density

• perator is bounded by ε:

P ν

incorrect = (I |Ψν ideali hΨν ideal|) ⌦ |rν t i hrν t | Accept Key

Bob Alice

ν

random parameters

. . .

B(⌫)

density operator of classical and quantum output

P

ν p(⌫) Tr (P ν incorrect B(⌫)) ≤ ✏

Verification with single trap

• Theorem. Protocol is (1 − 1/2N)-verifiable in general, and in

the case of purely classical output it is (1 − 1/N)-verifiable, where N is the total number of qubits in the protocol.

Verification

1. Tape 2. Tape 3.

ε-Verification

|0i⊗B

EG U1 Uk Um-n Z(δk) H bm-n

}

Quantum Output

| i |δ1i |δki |δm−ni

b1 Z(δ1) H Z(δk) H bk

Mν {

Bj(ν) = TrB ⇣P

b |b + cri hb| CνC,bΩP((⌦B |0i h0|) ⌦

• Ψν,b↵ ⌦

Ψν,b )P†Ω†C†

νC,b |bi hb + cr|

⌘

...

Blindness

pincorrect  X

k,νT

X

i∈Ei

αikα∗

ikp(νT )Tr

hηνT

t | σi

✓ |ηνT

t i hηνT t | ⌦ |δti hδt| ⌦

I Tr(I) ◆ σi |ηνT

t i

! X X

• X

k,νT

X

i∈Ei

• =

1 16m X

k

X

i∈Ei

|αki|2 X

t,rt,θt

• hηνT

t | σi|t |ηνT t i

2

... ...

X X

∈

 1 1 2m

Verification Proof Technique

= Tr(P⊥ ⌦ |ην

t i hην t | (ΩP((⌦B |0i h0|) ⌦ |Ψνi hΨν|)P†Ω†)) .

P pincorrect = X

ν

p(ν)T

Probability Amplification

To increase the probability of any local error being detected O(N) many traps in random locations To increase the minimum weight of any operator which leads to an incorrect outcome Fault-Tolerance

State of Art

Single Q Device Restricted quantum verifier

[Aharonov, Ben-Or, Eban '10], [Fitzsimons, Kashefi'12] [Morimae '14], [Hayashi, Morimae '15]

Non-communicating Entangled Q Devices Classical verifier

[Reichardt, Unger, Vazirani '12] [McKague '13]

Blowing Up the cost

What can we do with 4-qubits

c d

Quarter/Half-wave Plate Polarization Controller Filter Polarizing Beam Splitter BBO crystal

Bob Alice

b a 2 4 1 3

θ 3 θ 2

Experimental Implementation

• S. Barz, E. Kashefi, A. Broadbent, J. Fitzsimons, A. Zeilinger, P

. Walther, Science 2012

• S. Barz, J. Fitzsimons, E. Kashefi, P

. Walther, Nature Physics 2013

Blind Verification of Entanglement

VUBQC extension

Verification with minimal communication

[Kapourniotis, Dunjko, Kashefi AQIS15]

Alexandru Gheorghiu, Elham Kashefi, Petros Wallden Robustness and device independence of verifiable blind quantum

Robust and Device-independent Verification

[Gheorghiu, Kashefi, Wallden QCRYPT15]

Verification of one-pure-qubit computation

[Kapourniotis, Kashefi, Datta TQC14]

• Q Restricted

Price of Trust

Quantum Output Unbounded Adversarial Setting Experimental Setup Classical Output Limited Faulty Device Theoretical Construction Blowing Up the cost

Price of Trust - qubits vs confidence

VUBQC with one trap Quantum output (1-1/2N)-verifiable Classical output (1-1/N)-verifiable Simple construction

[Barz, Fitzsimons, Kashefi, Walther Nature Physcis13]

VUBQC with many traps Quantum output (1-c/2)-verifiable Classical output (1-c)-verifiable Efficient construction

[Kashefi, Wallden '16]

Fault Tolerant VUBQC with many traps Quantum output (1-c)-verifiable

PRACTICAL ?

d

VUBQC Landscape

One shot VS repeated Deterministic VS Statistic Noise Model Resource Graph

Easy to do list

What is the lower bound Model Dependent Verification

CC

Fault Tolerant Verification Quantum Property Testing Reducing Interaction

Perspective

Efficient verification methods for realistic pseudo quantum computers

• Correctness of the outcome
• Operation monitoring
• Quantum property testing
• Architectural constraints
• Experimental imperfections

53

PRACTICAL verification methods for realistic pseudo quantum computers

• Correctness of the outcome
• Operation monitoring
• Quantum property testing
• Architectural constraints
• Experimental imperfections

None-universal: D-Wave machine Quantum Simulator

54

Classical Verification Quantum Verification Breakable Security Server’s Time Universal Machine Interaction

Perspective

Theory Experiment

Thanks to My Collaborators

Joe Fitzsimons (SUTD) Anne Broadbent (Ottawa) Vedran Dunjko (Innsbruck) Anthony Leverrier (INREA) Simon Perdrix (Loria) Animesh Datta (Warwick) Tomoyuki Morimae (Tokyo) Stefanie Barz (Oxford, Vienna) Philip Walther (Vienna) Ian Walmsley (Oxford) LTCI- Edinburgh Group Damian Markham Petros Wallden Anna Pappa Theodoros Kapourniotis Alexandru Gheorghiu Daniel Milles