Experimental quantum homomorphic encryption

Secure delegated computing, where a client (Alice) can utilize a remote server's (Bob's) computational resources without revealing their data or algorithms, is a crucial goal in both classical and quantum computing. Classical fully homomorphic encryption, allowing any computation without interaction, was achieved by Gentry in 2009. Blind quantum computation, offering information-theoretic security, requires interaction between Alice and Bob after each computation step. Quantum homomorphic encryption aims to combine the advantages of both, enabling non-interactive quantum computation while maintaining security. However, a no-go theorem dictates that perfect privacy and non-exponential resource overhead are mutually exclusive for fully homomorphic encryption. Rohde et al. showed that relaxing the requirements for universal quantum computation and perfect privacy allows for implementations using photonic quantum processors, leveraging multiple degrees of freedom for encoding quantum information, specifically enabling homomorphic-encrypted quantum walks. This research builds on that foundation, focusing on practical implementations where perfect privacy is not always necessary, as long as the information leakage is limited.

The paper extensively reviews existing work in secure delegated computing, including Gentry's seminal work on classical fully homomorphic encryption and the development of blind quantum computation protocols (Broadbent et al., Barz et al.). It highlights the limitations imposed by no-go theorems on fully homomorphic quantum encryption (Yu et al., Newman & Shi), and cites the work of Rohde et al. which proposed a practical approach using photonic quantum processors and quantum walks to achieve homomorphic encryption. The applicability of quantum walks in various computational tasks, including machine learning and search algorithms, as well as their relation to boson sampling is discussed, citing relevant literature.

The experiment utilizes single-photon qubits and an integrated-optics server to demonstrate the quantum homomorphic protocol. Alice's input is encoded in the photons' polarization, while Bob performs the computation using the path degree of freedom. The system employs single-photon generation via spontaneous parametric down-conversion (SPDC), employing two BBO crystals pumped by a Ti:Sapphire laser. Photons are prepared in specific polarization states using half-wave plates (HWPs) and quarter-wave plates (QWPs) before being sent to the integrated optics chip (Bob's server). The chip, fabricated by direct laser writing in Corning Eagle-XG glass, is designed to be polarization-independent to ensure the security of the encryption. The integrated optical circuits consists of waveguides which were fabricated using a femtosecond laser writing technique followed by an annealing procedure to reduce birefringence. Quantum walks are performed using multiple photons. The output photons are measured by Alice in a chosen polarization basis using QWPs, HWPs, polarizing beam splitters (PBSs), and single-photon detectors. The unitary transformations are characterized and the output probability distributions are compared to theoretical predictions using the Bhattacharyya distance. The security of Alice's input is analyzed both theoretically (using the Holevo quantity) and experimentally by simulating Bob's attack of measuring the photons in a randomly chosen basis. The probability of Bob correctly guessing Alice's input is determined experimentally and compared to theoretical expectations.

The experiments successfully demonstrated homomorphic-encrypted quantum computations for both single-qubit unitary transformations and quantum walks involving up to three photons (walkers). The high fidelity between experimental results and theoretical predictions (Bhattacharyya distances of 0.995 ± 0.014% and 0.986 ± 0.012% for different unitaries) validates the functionality of the homomorphic encryption scheme. The security analysis shows that Bob's ability to infer Alice's input state is limited, increasing with both the number of available modes (m) and the number of polarization bases (keys, d) used for encoding. The experimental verification of security involved Bob performing measurements in random bases, demonstrating that Bob’s probability of correctly guessing Alice’s input state asymptotically approaches p = 0.27 as the number of keys increases. The methodology for mitigating errors due to probabilistic photon emission (double and triple pair generation) is detailed, emphasizing the use of polarization distinguishability and spectral filtering to reduce noise.

The successful implementation of homomorphic-encrypted quantum walks using integrated photonics is a significant step towards practical secure delegated quantum computing. The results demonstrate the feasibility of this approach, showcasing that while perfect security for universal quantum computation is not possible without exponential resource overhead, the relaxation of these requirements enables meaningful practical applications. The limited security is inherent to the finite number of photons used and can be improved by increasing the number of modes (photons) and the number of bases (keys) for encoding. Future advancements in photon source technology, including the exploration of higher-dimensional encoding using degrees of freedom like orbital angular momentum, are likely to enhance both security and computational power. The demonstrated methodology for mitigating experimental errors related to SPDC photon generation offers valuable insights for future quantum photonic experiments.

This work successfully demonstrated experimentally a homomorphic-encrypted quantum computation using integrated photonics. The high fidelity of the results validates the approach. The achieved level of security, while not perfect, is sufficient for practical applications and can be enhanced by advancements in photon source technology and by utilizing higher-dimensional encoding schemes. The research opens avenues for further investigation into optimal trade-offs between security, performance, and generality of quantum computations.

The current implementation is limited by the number of photons and polarization bases used for encryption. Increasing the number of modes and bases significantly enhances the security, but requires more advanced photon sources and integrated photonic components. The security is not information-theoretically perfect; it depends on the assumptions about Bob's capabilities. Furthermore, this protocol is limited to a single use of the encryption for each computation due to the reduction in security with multiple attempts. Further improvements in quantum error correction are needed to improve robustness against photon loss.