Obfuscation of Quantum Computation

James Bartusek

UC Berkeley

Indistinguishability Obfuscation of Null Quantum Circuits and Applications

​

with Giulio Malavolta (Bocconi University)

Obfuscation of Pseudo-Deterministic Quantum Circuits

​

with Fuyuki Kitagawa, Ryo Nishimaki, and Takashi Yamakawa (NTT)

Traditional encryption:

Enc

Obfuscation:

Obf

“One-way compiler”

The Story of (Classical) Obfuscation

• First proposed by [Diffie, Hellman 77]

​

• Formalizing security [Barak, Goldreich, Impagliazzo, Rudich, Sahai, Vadhan, Yang 01], [Goldwasser, Rothblum 07]

​

• First general-purpose candidate [Garg, Gentry, Halevi, Raykova, Sahai, Waters 13]

​

• A “central hub” of crypto [Sahai, Waters 13],...

​

• Firm mathematical foundations …,[Jain, Lin, Sahai 21],...

Quantum Obfuscation

QObf

Describes a quantum computation

Quantum Obfuscation

QObf

Describes a quantum computation

Quantum Obfuscation

QObf

Describes a quantum computation

Do there exist one-way compilers for quantum computations?

The Story of Quantum Obfuscation (so far)

Initial interest

​

• [Aaronson 05]

​

• [Alagic, Fefferman 16]

​

Initial results

​

• Quantum information cannot be used to circumvent classical impossibilities [Ananth, La Placa 21], [Alagic, Brakerski, Dulek, Schaffner 21]

​

• Perfect obfuscation for a limited set of circuit equivalences [Alagic, Jeffery, Jordan 14]

​

• Obfuscation for circuits with logarithmic non-Clifford gates [Broadbent, Kazmi 21]

​

Goal: General-Purpose Feasibility Results

Which quantum programs can be obfuscated given access to an ideal classical cryptographic object:

​

Oracle that computes an (efficient) classical computation of our choice

Focus: quantum programs with (pseudo)-deterministic classical outputs

Can be heuristically instantiated with indistinguishability obfuscation

Results in the classical oracle model

QObf

[B, Malavolta 22]

Description of a null quantum computation

Cryptographic applications:

e.g. the only currently known NIZK and SNARG for QMA

(QObf should satisfy correctness for non-null computations)

Results in the classical oracle model

QObf

Description of a pseudo-deterministic quantum computation

[B, Kitagawa, Nishimaki, Yamakawa 23]

E.g. obfuscate a circuit that computes Shor’s algorithm

Results in the classical oracle model

QObf

Quantum description of a pseudo-deterministic computation

[B, Brakerski, Vaikuntanathan] (in submission)

Implies “best-possible” copy-protection [Coladangelo, Gunn 23]

Bird’s Eye View

Blind quantum computation

Should only allow to decrypt honestly generated encodings

Verifiable +

Blind Delegation

(Classically) Verifiable Delegation

[Mahadev 18a]

[Mahadev 18b]

Attempted fix: verify the blind evaluation algorithm

​

Still a problem: verification algorithm is learnable

​

Goal: achieve classically verifiable delegation with

reusable soundness [B, Kitagawa, Nishimaki, Yamakawa 23]

Attack on reusability:

Reusable soundness of classically verifiable delegation

Attack on reusability:

Main idea: Commit to history state first

Impossible due to binding of the commitment

Main idea: Commit to history state first

Publicly-decodable Pauli Functional Commitment

Committed state can be opened to either a Z or X measurement

Binding to Z measurements

Binding holds even given oracle access to receiver

Main idea: Commit to history state first

Publicly-decodable Pauli Functional Commitment

Construction: Generalize template from [Brakerski, Christiano, Mahadev, Vazirani, Vidick 18] to support high-dimensional coset states

Main idea: Commit to history state first

Summary

• We want to understand if quantum computation can be obfuscated

​

• First step: what is possible in the classical oracle model?

​

• Progress so far: quantum programs with classical inputs and (pseudo)-deterministic classical outputs (e.g. Shor’s algorithm)

​

• Fundamental connections with the notions of blind and (classically) verifiable quantum computation

​

​

Future Directions

• Proving security under (quantum-secure) indistinguishability obfuscation

​

• Obfuscating quantum states (ongoing work)

​

• Obfuscating programs with non-deterministic (classical) output

​

• Obfuscating programs with quantum inputs / outputs

​

• Complexity theoretic implications?

Thanks for listening!