Abstract
Universal blind quantum computing allows users with minimal quantum resources to delegate a quantum computation to a remote quantum server, while keeping intrinsically hidden input, algorithm, and outcome. State-of-art experimental demonstrations of such a protocol have only involved one client. However, an increasing number of multi-party algorithms, e.g. federated machine learning, require the collaboration of multiple clients to carry out a given joint computation. In this work, we propose and experimentally demonstrate a lightweight multi-client blind quantum computation protocol based on a recently proposed linear quantum network configuration (Qline). Our protocol originality resides in three main strengths: scalability, since we eliminate the need for each client to have its own trusted source or measurement device, low-loss, by optimizing the orchestration of classical communication between each client and server through fast classical electronic control, and compatibility with distributed architectures while remaining intact even against correlated attacks of server nodes and malicious clients.
Similar content being viewed by others
Introduction
Despite the increasing technological progress in the manipulation of many-qubit systems1,2,3, providing quantum computing as a service for end-users poses several challenges, including scalability, privacy, and integrity. Indeed, in order to achieve true quantum advantage from emerging devices, they must scale up beyond the current monolithically designed noisy intermediate-scale quantum regime. As of today, the only viable solution being pursued by all qubit platforms is modularity and interconnected architecture, where photonic links are considered the best option. Moreover, it is also clear that quantum machines need to be integrated into cloud services or data centers, allowing multiple clients to connect locally or globally to access these devices. In such a context, the issue of keeping the computation and data protected from malicious parties will be a key challenge for such large-scale adaptation. Notably, photonic links to quantum servers enable the capability of achieving informational security for delegated computing, known as blind quantum computing (BQC), which is not achievable using only classical communication between client and server4. Such a protocol builds on the measurement-based model for quantum computation5,6 that exploits mid-circuit measurements for teleportation-based quantum computing on encrypted quantum states sent to a remote server via a quantum link7,8. Over the last decade, many BQC protocols have been proposed9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25, together with proof-of-concept experimental demonstrations in different settings26,27,28,29,30,31,32,33,34,35. However, the challenge of multi-client settings has been explored only theoretically due to the high resource requirements of the proposed protocols36,37,38,39,40.
Yet, a growing number of classical delegated computing tasks require that multiple clients collaborate to carry out a joint function, e.g., federated machine learning tasks41,42. Notably, quantum counterparts of such algorithms have been proposed as well43, including a federated quantum machine learning (QML) protocol based on BQC44.
In this work, we propose a modular lightweight distributed architecture for multi-client BQC based on the recently proposed Qline quantum network link configuration45, that enables scalable client insertion. With such an architecture in mind, we present a tailor-made multi-party BQC protocol such that the clients in the Qline only own trusted single-qubit rotation devices, while the overall protocol still provides privacy for the joint computation performed by several users on the cloud. The model for BQC in which the client only performs single-qubit gates was already proposed in refs. 11,12. However, although our protocol is inspired by the aforementioned works, we emphasize that its security properties cannot be directly derived from those BQC protocols as our multi-client setting is not a mere composition of such previous works. Therefore, in this work, we also provide full security proof, as we do in the section “Security”. In the Qline network architecture, the quantum resource is first generated by a potentially untrusted server, then distributed to the clients, such that each client can apply arbitrary single-qubit operations on the incoming qubits and, at the end of the line, measured by a second again potentially untrusted server. An analogous architecture was introduced in ref. 46 for quantum-assisted secret sharing, and later used for various tasks such as quantum key distribution or secure computation47,48,49. The main advantages of such a structure reside in the possibility to integrate it easily into larger-scale networks, its compatibility with key establishment protocols45, and its low hardware complexity. In order to simplify the resource requirements of the multi-client BQC protocol in refs. 36,40, we show that, within such an architecture, it is enough that each client in the Qline adds a layer of encryption to the flying qubits that will be used as the common key for their later private joint computation on the remote server. Such collaboration may be typical, for instance, of privacy-preserving machine learning algorithms where each client’s input data and parameters related to the algorithm should remain private to all parties. To implement it, we employ a fibered photonic platform equipped with genuine measurement adaptivity to enable deterministic computation5. Within this setup, we are able to show the blindness and the correctness of the protocol, in both cases where the function to be computed has a classical or a quantum output. Our experimental proof-of-concept demonstrates a two-client scenario that can be easily extended to larger and more complex quantum networks featuring any number of clients at arbitrary distances.
Results
In this section, we describe in detail the protocol proposed and successfully implemented in this work. It is built on the theoretical premises in refs. 36,40, and tailored to a Qline architecture45. Differently from the single client original protocol of ref. 7 depicted in Fig. 1, the results of refs. 36,40 enable multi-client BQC by exploiting secure multi-party computation (SMPC), whose aim is to allow several users to collaboratively compute a joint function on their private data. The classical SMPC functionality enables coordination of the parties in a delegated quantum computing task, such that the full computation details are blind not only to the server but also to potentially dishonest clients that collude with it. However, implementing such functionality would need additional rounds of classical communication among the clients and server, during which it would be unfeasible to coherently store the quantum state. Therefore, to optimize the storage time, in our implementation, we substitute classical SMPC with a trusted third party (TTP) acting as an orchestrator and securing the communication between the clients and the server reducing the number of rounds, while the blindness of the protocol is still proven against any strict subset of colluding malicious adversaries. In this way, the quantum state needs to be stored for significantly shorter times than if using full classical SMPC, thus enabling our proof-of-concept experimental demonstration of a two-client BQC. Our solution represents a trade-off between hardware trust assumptions and time latency between rounds. However, the trust assumption on the TTP can be dropped without modifying our scheme, by simply replacing it with classical SMPC, if we run the computation on a quantum server equipped with quantum memory. To motivate our experimental design, this section is divided into two parts: the first one is devoted to the description of a two-client example, which we implemented experimentally demonstrating the key building blocks that are required for a fully scalable solution. In the second part, we present the extension to the n-client case and universal quantum computing resources.
The two-client protocol
Consider Alice and Bob wish to run a joint computation on a remote server. Alice has two private classical bits of information, x1 and x2, while Bob has private gate parameters ϕ1 and ϕ2, chosen from the set \({{{{{{{\mathcal{A}}}}}}}}=\{0,\,\pi /4,\,2\pi /4,...\,7\pi /4\}\), and the target joint circuit is
as shown in Fig. 2a. This is a typical building block of any large-scale privacy-preserving QML, such as the one proposed in ref. 43. Indeed, the distribution and the size of the input data are flexible, making this protocol suitable even for federated machine-learning tasks. For example, each client Cj could provide one measurement angle \({\phi }_{i}^{{{{{{{{{\rm{C}}}}}}}}}_{j}}\) for each qubit i, and one classical bit \({x}_{i}^{{{{{{{{{\rm{C}}}}}}}}}_{j}}\). In this case, the cumulative private measurement angle applied to the i-th qubit will be ϕi = ∑j \({\phi }_{i}^{{{{{{{{{\rm{C}}}}}}}}}_{j}}\), still in the set \({{{{{{{\mathcal{A}}}}}}}}\), while the initial encoding of classical data will be described by the operator \({{\mathsf{Z}}}^{{\bigoplus }_{j}{x}_{i}^{{{{{{{{{\rm{C}}}}}}}}}_{j}}}\). Also, not all clients are required to provide input data for each qubit. In what follows, we demonstrate the steps to make the above joint computation both distributed and secure as shown in Fig. 2b.
An untrusted source of maximally entangled bipartite states, S1, distributes two-qubit states along two quantum channels, of the form:
Alice receives the two qubits, and applies single-qubit z-rotations of angles \({\theta }_{i}^{{{{{{{{\rm{A}}}}}}}}}\) to them, randomly chosen from the set \({{{{{{{\mathcal{A}}}}}}}}\). This will hide (via quantum one-time padding) her classical input data which would be encoded on these qubits via \({{\mathsf{Z}}}^{{x}_{i}}\) operations. Moreover, she chooses two random bits \({r}_{1}^{{{{{{{{\rm{A}}}}}}}}},\,{r}_{2}^{{{{{{{{\rm{A}}}}}}}}}\) that will later hide the outcome of the computation. She communicates her secret parameters to the TTP. She then sends her two encrypted qubits to the second client, Bob, who applies further random \({\theta }_{1}^{{{{{{{{\rm{B}}}}}}}}},\,{\theta }_{2}^{{{{{{{{\rm{B}}}}}}}}}\,\)z-rotations, again chosen from the set \({{{{{{{\mathcal{A}}}}}}}}\) to one-time pad his private algorithm parameter ϕ1, ϕ2. Bob also chooses two random bits \({r}_{1}^{{{{{{{{\rm{B}}}}}}}}},\,{r}_{2}^{{{{{{{{\rm{B}}}}}}}}}\) for the encryption of the output as well. He then communicates his secret parameters to the TTP. From now on, we will use the following definitions: \({\theta }_{i}={\theta }_{i}^{{{{{{{{\rm{A}}}}}}}}}+{\theta }_{i}^{{{{{{{{\rm{B}}}}}}}}}\) and \({r}_{i}={r}_{i}^{{{{{{{{\rm{A}}}}}}}}}\oplus {r}_{i}^{{{{{{{{\rm{B}}}}}}}}}\). The resulting quantum state at this stage is the following:
This state is then sent to server S2. From now on, the clients and S2 only communicate classically, through the TTP. The protocol requires two rounds, one for each qubit to be measured. The blind measurement angle δi at the i − th round, for i = 1, 2, is computed by the TTP according to the formula:
where \({m}_{0}^{{{{{{{{\rm{true}}}}}}}}}=0\) and \({m}_{1}^{{{{{{{{\rm{true}}}}}}}}}={m}_{1}\oplus {r}_{1}\). Analogously to the first measurement outcome, the outcome of the second measurement is decrypted according to the formula: \({m}_{2}^{{{{{{{{\rm{true}}}}}}}}}={m}_{2}\oplus {r}_{2}\) before giving it back to the clients. A slight change in the protocol is needed in the case where a quantum function is computed, i.e., the output qubit must be prepared by the clients in the state \(\left|+\right\rangle\)7. The correctness of the protocol is straightforward and can be directly obtained from refs. 7,10,40. However, the security proof is more subtle compared to previous works that were based on trusted state preparation for each client. We first present the generalization of our protocol and then provide the full proof of security that is applicable to this special case as well.
Generalization to the multi-client scenario
In this section, we generalize our protocol to a scenario where n clients want to perform a joint computation on a possibly larger resource state. Note that, here, we treat a more general case with respect to the previous one, hence the security proof we provide, which assumes a fully quantum server and independent and arbitrarily distant qubit sources, also holds for the implemented protocol. Blindness should be guaranteed for any single honest client. We consider the target computation to be defined as a measurement pattern5 by the measurement angles \({({\phi }_{v})}_{v\in V}\), where v ∈ V ranges over all qubits in the resource graph state. These angles can be fixed and publicly known, or jointly input by any subset of clients. In the latter case, blindness holds for the measurement angles as well. The input qubits I ⊂ V are partitioned into sets \({({I}_{j})}_{j\in \{1,\ldots,n\}}\), where Ij belongs to the j-th client who has the bit string \({x}_{j}\in {\{0,1\}}^{| {I}_{j}| }\) as input. To keep each client’s input blind, it is required that each qubit in the resource state travels once along the Qline and accumulates random rotations by all clients, as depicted in Fig. 2c. In this way, a resource state on m = ∣V∣ qubits would require m Qlines. However, this process may be (partially) parallelized, in the sense that multiple qubits can be sent along the Qline at once—as long as the clients can perform the necessary rotations in parallel as well. After the server receives the qubits that have passed through the Qline, it follows a standard execution of the BQC protocol (Supplementary Protocol 1). As all communication from this point forward is entirely classical, the TTP orchestrates the remainder of the protocol by governing the instructions to the server. A detailed description of the full multi-client protocol on scalable resource states is given in the protocol in Box 1.
We also point out that the orchestration of the protocol in Box 1 must be performed by an entirely classical trusted third party that secures the secret parameters input by the clients as well as the measurement outcomes, which should not be leaked. To remove all trust assumptions on this party, it can be replaced with any composably secure classical SMPC protocol that is performed by the clients and the server. Moreover, much of the calculations that the TTP needs to perform, including the sampling of random coins and the evaluation of the formulae for the corrected measurement angles, can be done in a classical pre-processing step. The computation during the quantum phase then boils down to the choice of one of two possible measurement angles based on the previously reported measurement outcomes. Finally, it is worth mentioning that the requirement that every client has access to each Qline can be weakened when accepting stronger trust assumptions. Blindness holds as long as there exists at least one honest client along each Qline. Therefore, even if not every client participates at each Qline, blindness is still guaranteed if we restrict the adversarial patterns to not corrupt all clients along any Qline at once. In the concrete case of our experiment, the graph G is a two-qubit cluster state, that is, V = {1, 2}. Both qubits are Alice’s input qubits, so I1 = I = V, while Bob has no input qubits (\({I}_{2}={{\emptyset}}\)) but chooses the measurement angles (ϕ1, ϕ2). We consider two different computations: in the first case, we interpret both measurement outcomes as the classical output of the computation, while in the second case, we consider the second qubit to be the quantum output of the computation, hence O = {2}.
Security
In our protocol, the clients’ quantum abilities are restricted to receiving single-qubit states, applying a random z-rotation to it, and forwarding it to the next client or server. From the perspective of an honest client, this behavior is exactly captured by the Remote State Rotation (RSR) functionality introduced in ref. 11. The latter showed that RSR can indeed be used in the context of the BQC protocol to delegate a universal quantum computation with perfect blindness for input, output, and algorithm. This immediately implies the security of the proposed protocol with a single honest client and an untrusted server, as the instructions of the protocols exactly coincide. By a similar argument, security can be shown for the two-client and multi-client generalizations. In the spirit of the security proof in ref. 36, the sequential rotations of a single-qubit by all clients along the Qline can be seen as a collaborative version of RSR where the role of the RSR client is now taken by an entirely classical trusted virtual party, the TTP. The entire execution of the protocol then becomes one run of the BQC protocol between the TTP and the server. Finally, in real-world implementations, the TTP can be replaced by a classical SMPC protocol. Security follows by the composition of the above-mentioned building blocks which have all been proven to be composably secure in the Abstract Cryptography framework50. Further details about the security analysis of the full protocol, including a formal security proof, are provided in Supplementary Note 1. We stress that the source of quantum states is not required to be trusted. Indeed, we demonstrated that none of the parties involved can gain any information about the input, output, and computation details.
Experimental apparatus
In Fig. 3, we describe the experimental apparatus we employ to implement the two-client protocol. A detailed time scheme of the protocol is reported in Supplementary Note 2 and in Supplementary Fig. 1, while a detailed description of the state preparation and measurement stages is discussed in Supplementary Note 3. A Sagnac-based source of polarization-entangled photons, i.e., server S1, generates pairs of photons in the state defined in Eq. (1), where we encode the computational basis vector \(\left|0\right\rangle\) in the photons’ horizontal polarization (\(\left|H\right\rangle\)), and \(\left|1\right\rangle\) in the vertical one (\(\left|V\right\rangle\)). The photon pairs are sent to the clients who apply their random rotations. The resulting state after these transformations is defined in Eq. (2). At each run of the protocol, we set all random parameters through an ID Quantique quantum random number generator (QRNG). Both clients use liquid crystals (LCs) to apply their rotations, which are set in this preparation stage. The TTP is made up of a computer linked to a fast electronic circuit and stores all clients’ parameters. With such information, the TTP pre-computes the measurement angle δ1, and the first measurement station is set accordingly. Moreover, the TTP also pre-computes the two possible values for δ2, considering that the first outcome is still unknown, namely \({\delta }_{2}^{\pm }={\theta }_{2}+{x}_{2}\pi+{r}_{2}\pi \pm {\phi }_{2}\), to speed up the measurement step of the protocol. The two photons are sent to server S2 of Fig. 3 where measurements of the form \(M(\delta )=\cos (\delta ){\sigma }_{x}+\sin (\delta ){\sigma }_{y}\) are performed. The first one is made up of a quarter-wave plate (QWP), a half-wave plate (HWP), and a polarizing beam splitter (PBS). The two single-photon avalanche photodiodes (APD) of the first measurement station are connected to a fast electronic circuit that selects \({\delta }_{2}^{+}\) or \({\delta }_{2}^{-}\), according to the corrected outcome of the first measurement, \({m}_{1}^{{{{{{{{\rm{true}}}}}}}}}={m}_{1}\oplus {r}_{1}\). In the second measurement station, we substitute the QWP with a Pockels cell (PC), i.e., a fast electro-optical modulator that performs the identity when no voltage is applied, while applying a phase shift between orthogonal polarizations when a voltage is applied. The second photon is delayed with respect to the first one by using a ≈ 65 m single-mode fiber to enable feed-forward in the second measurement station. Finally, the second outcome is corrected according to \({m}_{2}^{{{{{{{{\rm{true}}}}}}}}}={m}_{2}\oplus {r}_{2}\). Further details about the feed-forward system can be found in Supplementary Note 4 and in Supplementary Fig. 2. All events are collected through a coincidence box that records as two-fold coincidences all detector clicks occurring in a given time window.
Experimental results
To show that the server cannot gain any information about the outcome of the computation, we suppose that the clients want to compute a given quantum function whose outcome is represented by the second qubit. We repeated the experiment for both qubits of the cluster state, but we show in the main text only the resulting density matrix for the second qubit. Details about the blindness of the first qubit can be found in Supplementary Note 5 and in Supplementary Fig. 3. We demonstrate blindness of the second qubit by keeping the measurement angle δ1 = π fixed and by averaging over all density matrices resulting in the output qubit for different initial rotation angles \({\theta }_{1}^{j}\), where j = A, B, namely 64 combinations. The density matrix in Fig. 4a shows the resulting quantum state, which has a fidelity with a single-qubit completely mixed state amounting to F2 = 0.99870 ± 0.00003, while the measured Von Neumann entropy is S2 = 0.9963 ± 0.0001, to be compared with the expected value of 1 for a completely mixed single-qubit state. Furthermore, we demonstrate the blindness of the whole initial two-qubit cluster state, by averaging over all density matrices corresponding to 64 combinations of the initial z-rotations, for parameters \({\theta }_{1}^{{{{{{{{\rm{A}}}}}}}}}\) and \({\theta }_{2}^{{{{{{{{\rm{B}}}}}}}}}\), while keeping \({\theta }_{1}^{{{{{{{{\rm{B}}}}}}}}},\,{\theta }_{2}^{{{{{{{{\rm{A}}}}}}}}}=0\). We stress that these combinations are enough to demonstrate blindness, as the random rotations on each qubit still take all possible values in the set \({{{{{{{\mathcal{A}}}}}}}}\). For the two-qubit state, whose density matrix is shown in Fig. 4b, we estimated a fidelity F = 0.99433 ± 0.00003 with the completely mixed state and with a Von Neumann entropy of S = 1.9836 ± 0.0001, to be compared with the expected value of 2 for a completely mixed two-qubit state. All density matrices are retrieved from raw experimental data through quantum state tomography51. Further details about the blindness of the second qubit and the full initial state are reported in Supplementary Notes 6 and 7 and in Supplementary Figs. 4 and 5.
Let us now consider the scenario where the clients want to compute a quantum function. In this case, we take the second qubit as the outcome of the computation, by preparing it in the state \(\left|+\right\rangle\). We perform the computation ϕ1 = π/4, with input bits x1, x2 set to 0. We set the clients’ secret parameters as \({\theta }_{1}^{{{{{{{{\rm{A}}}}}}}}}=\pi /2\), \({\theta }_{1}^{{{{{{{{\rm{B}}}}}}}}}=\pi /4\) and \({r}_{1}^{{{{{{{{\rm{A}}}}}}}}}={r}_{1}^{{{{{{{{\rm{B}}}}}}}}}=0\). We show our results in Fig. 5. The estimated fidelity with the ideal state amounts to Fπ/4 = 0.972 ± 0.003. In Supplementary Notes 5 and 6, we show instances of single-qubit quantum state tomographies of the two qubits and their fidelity with respect to the theoretical expectations. We then demonstrate the correctness of the computation for classical functions. The algorithm performed over input data x1, x2 is characterized by the two true measurement angles ϕ1, ϕ2. Choosing x1 or x2 equal to 1 has simply the effect of inverting the minima and the maxima of the distributions. In Fig. 6, we show ten different probability distributions obtained by trying ten different combinations of the algorithm parameters \(\left({\phi }_{1},\,{\phi }_{2},\,{x}_{1},\,{x}_{2}\right)\), and the comparison with the ideal and the noisy model case. All the obtained results are in good agreement with our noisy model and follow qualitatively the ideal expectations. Small deviations from the expected values are mainly due to the visibility of the quantum state at the end of the Qline and to imperfections coming from the non-ideal electro-optical modulators employed, i.e., the LCs and the PC (further details about our noisy model and the protocol correctness validation are shown in Supplementary Notes 8 and 9 and in Supplementary Figs. 6 and 7).
Discussion
In this work, we proposed a multi-client version of the BQC protocol7 and experimentally demonstrated it in a two-client setting. We first simplified the protocol described in refs. 36,40 to tailor it to the photonic Qline network introduced in ref. 45. To this end, we studied a photonic platform equipped with a source of polarization-entangled photon pairs, an active feed-forward system, and a fiber-based structure to connect the involved parties. In our scheme, the clients only need to apply single-qubit rotations. Within this setup, we computed the outcomes of ten different classical functions, by changing the input data and the algorithm, and compared the results with a noisy model compatible with our experimental conditions. Also, we demonstrated the correctness of the protocol when the function to be computed has a quantum output. Finally, we showed that the server cannot gain any information about the inputs of the clients or the outcome of the computation.
Our proof-of-concept demonstration can represent a step forward toward the realization of a scalable and secure quantum cloud access infrastructure with multiple clients. Indeed, in a real-world protocol, the necessary classical communication as part of the SMPC in between the measurements would considerably increase the time latency, in particular, if run over a slow network, such as the internet. Therefore, to make the experimental realization of the proposed protocol feasible, we replaced the SMPC with a fast electronic data elaboration circuit to both reduce the communication rounds and compensate for the absence of quantum memory. This allowed us to reduce the delay between measurements to a manageable level. Scaling up the size of the computation would require more qubits and their communication from the photon source past all clients to the server. In principle, this could be realized in two ways that can eventually be combined. First, the qubits could be sent all at once, which would require the clients to be able to apply rotations to multiple states at once. Alternatively, the qubits could be sent sequentially, one at a time. However, this second option would require the ability to store or delay them until the clients were able to adjust their rotation gates since every qubit is rotated by a different angle. In our demonstration, we opted for the first option as it represented the optimal way to minimize time latency and, consequently, photon loss. On the other hand, from the protocol point of view, adding clients only requires adding rotation stations along each Qline, and our general proof technique covers the security aspects of such extensions. On the experimental side, instead, in our scheme, this would only imply handling more optical losses, which can be overcome with a brighter quantum source, and an accurate characterization of the optical elements that perform the single-qubit rotations. This would not imply any substantial change even in the design of the fast data elaboration circuit, as we show in Supplementary Note 4. Moreover, the choice of adopting an optimized feed-forward system for measurement adaptivity in our setup is not only crucial to ensure blind and deterministic computation, but also to scale up the protocol. Indeed, post-selection schemes would require an exponentially growing number of measurements depending on the dimension of the quantum system, which would affect significantly the possibility of applications to larger quantum systems. While our implementation guarantees the privacy of the inputs provided by the clients, the outcome of the computation is not verified. We leave the addition of verification to the proposed protocol as future work. One possible path towards verification with Qline architecture might be the employment of the recently introduced dummyless testing technique from ref. 36. However, as of now, the question of whether states prepared by rotation-only clients are sufficient for verification remains open, as ref. 11 only showed that these kinds of states are enough to achieve blindness.
We believe that this work has insightful implications both from a theoretical and an experimental point of view. From a theoretical perspective, it constitutes a strong encouragement toward the development of collaborative computational algorithms over distributed quantum networks, as well as investigations about their verification. From an experimental point of view, instead, it represents a step forward toward the applications of photonic linear quantum networks as building blocks for more complex networks, toward the realization of a large and densely connected quantum cloud.
Methods
Photon pairs are generated in a parametric down-conversion source, composed of a 25-mm-thick periodically poled Potassium Titanyl Phosphate (ppKTP) crystal inside a Sagnac interferometer. The source uses a Toptica continuous-wave diode laser with a wavelength equal to 405nm. Both photons are generated at a wavelength equal to 810nm. To test the quality of the bipartite state generated by S1, we perform a CHSH Bell test52 and obtain a Bell parameter equal to 2.752 ± 0.006. The generated photons are filtered in wavelength and spatial mode by using, respectively, narrow-band filters and single-mode fibers. The PC is a LiNbO3 crystal made by the Shangai Institute of Ceramics having a rise-time equal to 90 ns. A fast electronic circuit transforms signals coming from the detectors of the first measurement station into high-voltage calibrated pulses, needed to activate the PC. The amount of delay on the second photon was evaluated considering the response time of the detectors, the speed of the signal transmission through a single-mode fiber, whose refraction index is ≈ 1.45, and the activation time of the PC. Therefore, we used a ≈ 65 m long single-mode fiber that allows a delay of ≈ 320 ns of the second photon with respect to the first. The voltages applied to the PC to insert a phase shift equal to π/4, π/2, 3π/4 were, respectively, Vπ/4 = 650V,Vπ/2 = 850V,V3π/4 = 1100 V. Further details about the feed-forward system are given in Supplementary Note 4. Our experiment is performed shot-by-shot, namely, each event of our data takings is characterized by a different randomly chosen set of initial parameters \({\theta }_{i}^{j},{r}_{i}^{j}\), for i = 1, 2 and j = A, B, while the algorithm (ϕi, xi, for i = 1, 2) is kept fixed for each data taking.
Data availability
The authors declare that the data supporting the findings of this study are available upon request.
References
Bao, J. et al. Very-large-scale integrated quantum graph photonics. Nat. Photon. 17, 573–581 (2023).
Chow, J., Dial, O. & Gambetta, J. IBM quantum breaks the 100-qubit processor barrier. IBM Research Blog (IBM, 2021).
Arute, F. et al. Quantum supremacy using a programmable superconducting processor. Nature 574, 505–510 (2019).
Aaronson, S., Cojocaru, A., Gheorghiu, A. & Kashefi, E. Complexity-theoretic limitations on blind delegated quantum computation, in 46th International Colloquium on Automata, Languages, and Programming. Patras, Greece. https://icalp2019.upatras.gr/calendar.php (2019).
Raussendorf and H. J. Briegel, R. A one-way quantum computer. Phys. Rev. Lett. 86, 5188 (2001).
Raussendorf, R. Measurement-based quantum computation with cluster states. Int. J. Quant. Inf. 7, 1053–1203 (2009).
Broadbent, A., Fitzsimons, J. & Kashefi, E. Universal blind quantum computation, in 2009 50th Annual IEEE Symposium on Foundations of Computer Science. 517–526. (IEEE, 2009).
Leichtle, D., Music, L., Kashefi, E. & Ollivier, H. Verifying BQP computations on noisy devices with minimal overhead. PRX Quant. 2, 040302 (2021).
Liu, W.-J., Li, Z.-X., Li, W.-B. & Yang, Q. Public verifiable measurement-only blind quantum computation based on entanglement witnesses. Quant. Inf. Process. 22, 137 (2023).
Kapourniotis, T., Kashefi, E., Leichtle, D., Music, L. & Ollivier, H. A framework for verifiable blind quantum computation. https://arxiv.org/abs/1203.5217 (2022).
Ma, Y., Kashefi, E., Arapinis, M., Chakraborty, K. & Kaplan, M. QEnclave—a practical solution for secure quantum cloud computing. npj Quant. Inf. 8, 1–10 (2022).
Li, Q., Liu, C., Peng, Y., Yu, F. & Zhang, C. Blind quantum computation where a user only performs single-qubit gates. Optics Laser Technol. 142, 107190 (2021).
Gheorghiu, A., Wallden, P. & Kashefi, E. Rigidity of quantum steering and one-sided device-independent verifiable quantum computation. N. J. Phys. 19, 023043 (2017).
Aharonov, D., Ben-Or, M., Eban, E. & Mahadev, U. Interactive proofs for quantum computations. https://arxiv.org/abs/0810.5375 (2017).
Gheorghiu, A., Kashefi, E. & Wallden, P. Robustness and device independence of verifiable blind quantum computing. N. J. Phys.17, 083040 (2015).
Pérez-Delgado, C. A. & Fitzsimons, J. F. Iterated gate teleportation and blind quantum computation. Phys. Rev. Lett. 114, 220502 (2015).
Hajdušek, M., Pérez-Delgado, C. A. & Fitzsimons, J. F. Device-independent verifiable blind quantum computation. https://arxiv.org/abs/1502.02563 (2015).
Hayashi, M. & Morimae, T. Verifiable measurement-only blind quantum computing with stabilizer testing. Phys. Rev. Lett. 115, 220502 (2015).
Morimae, T. Verification for measurement-only blind quantum computing. Phys. Rev. A 89, 060302 (2014).
Morimae, T. & Fujii, K. Blind quantum computation protocol in which Alice only makes measurements. Phys. Rev. A 87, 050301 (2013).
Sueki, T., Koshiba, T. & Morimae, T. Ancilla-driven universal blind quantum computation. Phys. Rev. A 87, 060301 (2013).
Mantri, A., Pérez-Delgado, C. A. & Fitzsimons, J. F. Optimal blind quantum computation. Phys. Rev. Lett. 111, 230502 (2013).
Reichardt, B. W., Unger, F. & Vazirani, U. A classical leash for a quantum system: Command of quantum systems via rigidity of CHSH games. https://arxiv.org/abs/1209.0448 (2012).
Morimae, T. & Fujii, K. Blind topological measurement-based quantum computation. Nat. Commun. 3, 1036 (2012).
Dunjko, V., Kashefi, E. & Leverrier, A. Blind quantum computing with weak coherent pulses. Phys. Rev. Lett. 108, 200502 (2012).
Drmota, P. et al. Verifiable blind quantum computing with trapped ions and single photons. https://arxiv.org/abs/2305.02936 (2023).
Jiang, Y.-F. et al. Remote blind state preparation with weak coherent pulses in the field. Phys. Rev. Lett. 123, 100503 (2019).
Sheng, Y.-B. & Zhou, L. Blind quantum computation with a noise channel. Phys. Rev. A 98, 052343 (2018).
Huang, H.-L. et al. Experimental blind quantum computing for a classical client. Phys. Rev. Lett. 119, 050503 (2017).
Greganti, C., Roehsner, M.-C., Barz, S., Morimae, T. & Walther, P. Demonstration of measurement-only blind quantum computing. N. J. Phys. 18, 013020 (2016).
Takeuchi, Y., Fujii, K., Ikuta, R., Yamamoto, T. & Imoto, N. Blind quantum computation over a collective-noise channel. Phys. Rev. A 93, 052307 (2016).
Marshall, K. et al. Continuous-variable quantum computing on encrypted data. Nat. Commun. 7, 13795 (2016).
Fisher, K. A. et al. Quantum computing on encrypted data. Nat. Commun. 5, 1–7 (2014).
Barz, S., Fitzsimons, J. F., Kashefi, E. & Walther, P. Experimental verification of quantum computation. Nat. Phys. 9, 727–731 (2013).
Barz, S. et al. Demonstration of blind quantum computing. Science 335, 303–308 (2012).
Kapourniotis, T., Kashefi, E., Leichtle, D., Music, L. & Ollivier, H. Asymmetric quantum secure multi-party computation with weak clients against dishonest majority. https://eprint.iacr.org/2023/379 (2023).
Shan, R.-T., Chen, X. & Yuan, K.-G. Multi-party blind quantum computation protocol with mutual authentication in network. Sci. China Inf. Sci. 64, 1–14 (2021).
Qu, G.-J. & Wang, M.-M. Secure multi-party quantum computation based on blind quantum computation. Int. J. Theor. Phys. 60, 3003–3012 (2021).
Ciampi, M., Cojocaru, A., Kashefi, E. & Mantri, A. Secure two-party quantum computation over classical channels. https://arxiv.org/abs/2010.07925 (2020).
Kashefi, E. & Pappa, A. Multiparty delegated quantum computing. Cryptography 1, 12 (2017).
Konečny`, J. et al. Federated learning: strategies for improving communication efficiency. https://arxiv.org/abs/1610.05492 (2016).
Yang, Q., Liu, Y., Chen, T. & Tong, Y. Federated machine learning: Concept and applications. ACM Trans. Intell. Syst. Technol. (TIST) 10, 1–19 (2019).
Y.-C. Chen, S. & Yoo, S. Federated quantum machine learning. Entropy 23, 460 (2021).
Li, W., Lu, S. & Deng, D.-L. Quantum federated learning through blind quantum computing. Sci. China Phys. Mech. Astron. 64, 1–8 (2021).
Doosti, M., Hanouz, L., Marin, A., Kashefi, E. & Kaplan, M. Establishing shared secret keys on quantum line networks: protocol and security. https://arxiv.org/abs/2304.01881 (2023).
Hillery, M., Bužek, V. & Berthiaume, A. Quantum secret sharing. Phys. Rev. A 59, 1829 (1999).
Clementi, M. et al. Classical multiparty computation using quantum resources. Phys. Rev. A 96, 062317 (2017).
Grice, W. P. et al. Two-party secret key distribution via a modified quantum secret sharing protocol. Opt. Exp. 23, 7300–7311 (2015).
Schmid, C. et al. Experimental single qubit quantum secret sharing. Phys. Rev. Lett. 95, 230505 (2005).
Maurer, U. & Renner, R. Abstract cryptography. in Innovations in Computer Science. 1–21 (Tsinghua University Press, 2011).
Nielsen, M. A. & Chuang, I. Quantum Computation and Quantum Information, (Cambridge University Press, 2002).
Clauser, J. F., Horne, M. A., Shimony, A. & Holt, R. A. Proposed experiment to test local hidden-variable theories. Phys. Rev. Lett. 23, 880 (1969).
Fitzsimons, J. F. Private quantum computation: an introduction to blind quantum computing and related protocols. npj Quant. Inf. 3, 23 (2017).
Acknowledgements
All authors acknowledge the support of the European Union’s Horizon 2020 research and innovation program through the FET project PHOQUSING (“PHOtonic Quantum SamplING machine”—Grant Agreement No. 899544). D.L. and E.K. acknowledge the support of the ANR research grant ANR-21-CE47-0014 (SecNISQ).
Author information
Authors and Affiliations
Contributions
B.P., D.L., L.L., G.C., N.S., M.K., F.S., and E.K. contributed to developing the ideas and discussions explored in the paper. B.P., D.L., M.K., and E.K. contributed to the design of the protocols. B.P., L.L., G.C., G.M., N.S., and F.S. contributed to the experimental implementation. All authors contributed equally to the writing, editing, and final revision of the paper.
Corresponding authors
Ethics declarations
Competing interests
E.K. and M.K. are founding members of VeriQloud SAS. The remaining authors declare no other competing interests.
Peer review
Peer review information
Nature Communications thanks Feihu Xu, Michele Amoretti, and the other, anonymous, reviewer(s) for their contribution to the peer review of this work. A peer review file is available.
Additional information
Publisher’s note Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Supplementary information
Rights and permissions
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.
About this article
Cite this article
Polacchi, B., Leichtle, D., Limongi, L. et al. Multi-client distributed blind quantum computation with the Qline architecture. Nat Commun 14, 7743 (2023). https://doi.org/10.1038/s41467-023-43617-0
Received:
Accepted:
Published:
DOI: https://doi.org/10.1038/s41467-023-43617-0
Comments
By submitting a comment you agree to abide by our Terms and Community Guidelines. If you find something abusive or that does not comply with our terms or guidelines please flag it as inappropriate.