TWI826863B - The design method of public-key system in qap-based homomorphic encryption - Google Patents

Abstract

一個量子編碼(quantum code)使該量子編碼(quantum code)為一個商代數分割QAP(Quotient Algebra Partition)的代數結構，於此結構上建構加密所需編碼算子(encoding)以及產生巨量的隨機(random)可修正之錯誤(correctable error)，在適當的位元置換算子(qubit permutation)的裝飾下，可產生加密資料所需要的公鑰(public key)、解密所需的私鑰(private key)，以及執行HE(Homomorphic Encryption)計算所需要的運算子。而在執行過程中的加密(Encryption)、計算(Computation)以及解密(Decryption)，皆由有限數量的基本閘(elementary gate)所組成的電路(circuit)完成；而該基本閘(basic gate)包括spinor、CNOT、Toffoli gate、SWAP、Controlled SWAP、Multi-Control Gate。由於每一個基本閘都是可於目前傳統電腦或未來量子電腦上實現的可逆閘(invertible gate)，計算結果為精確(Exact)而非近似解；並能自然地達成所謂完全同態加密(fully HE)；可逆閘的特性提供了單向函數(one-way function)的 設計而有效地遮蔽(blind)計算過程，使得執行運算的雲端機器與駭客也無法偷取計算型態；而該基本可逆閘龐大的排列組合方式，還可依問題將計算進一步最佳化者(problem-dependent optimization)。 A method of designing a public key system in QAP-type homomorphic encryption, which mainly uses the algebraic structure of QAP (Quotient Algebra Partition, QAP) divided by quotient algebra, through QAP-based Fault Tolerance Quantum Computation. The general method is to use the QAP (Quotient Algebra Partition) architecture to perform homomorphic encryption HE (Homomorphic Encryption, HE) calculations before performing the encryption process. You need to select

A quantum code makes the quantum code an algebraic structure of QAP (Quotient Algebra Partition). On this structure, the encoding operator (encoding) required for encryption is constructed and a huge amount of randomness is generated. A (random) correctable error, decorated with appropriate bit permutation operators (qubit permutation), can generate the public key required to encrypt data and the private key required to decrypt it. key), and the operators required to perform HE (Homomorphic Encryption) calculations. The encryption, computation and decryption during the execution process are all completed by a circuit composed of a limited number of elementary gates; and the basic gate includes spinor, CNOT, Toffoli gate, SWAP, Controlled SWAP, Multi-Control Gate. Since each basic gate is an invertible gate that can be implemented on current traditional computers or future quantum computers, the calculation result is an exact (Exact) rather than an approximate solution; and can naturally achieve the so-called fully homomorphic encryption (fully homomorphic encryption). HE); the characteristics of the reversible gate provide a one-way function design to effectively blind the calculation process, so that the cloud machines and hackers performing the calculation cannot steal the calculation type; and this basic The huge array and combination of reversible gates can further optimize the calculation according to the problem (problem-dependent optimization).

Description

Method of designing public key system in QAP formal homomorphic encryption

先選擇了一個量子編碼(quantum code)後，明文(plaintext)就會被編碼成長度較長並且具有受可修正錯誤(correctable error)汙染的密文(ciphertext)之特徵；運算(arithmetic operation)則同時被編碼以及利用單向函數(one-way function)概念建構成完全遮蔽(Blind)的運算子，而該運算子具有可修正密文上的錯誤之特徵。而所有操作過程皆由希爾伯特空間(Hilbert space)中經精巧設計的可逆閘(invertible gate)完成，計算結果為精確(Exact)而非近似解，可避免不必要的計算支出，並能透過量子演算法設計的概念，可依問題來進行優化計算 (Problem-Dependent Optimized Computation)，實為一獨特、創新且具經濟效益之發明。 The present invention relates to a method of designing a public key system in QAP type homomorphic encryption, in particular to a method in which a data receiver and a data sender can be completed without communicating with each other. The so-called Homomorphic Encryption (HE) uses the algebraic structure of Quotient Algebra Partition (QAP) to encrypt sensitive data through the general method of QAP-based Fault Tolerance Quantum Computation. Perform encryption, directly process the encrypted data, and then obtain the processing result through decryption to complete the so-called homomorphic encryption process. Before performing the encryption process, the QAP (Quotient Algebra Partition) architecture is first used to perform homomorphic encryption HE (Homomorphic Encryption, HE) calculations.

After a quantum code is first selected, the plaintext will be encoded into a ciphertext that is longer and has the characteristics of a ciphertext contaminated by correctable errors; the arithmetic operation is At the same time, it is encoded and constructed using the concept of one-way function to form a completely blind operator, and this operator has the characteristics of being able to correct errors in the ciphertext. All operation processes are completed by the exquisitely designed invertible gate in Hilbert space. The calculation result is an exact (Exact) rather than an approximate solution, which can avoid unnecessary calculation expenditure and can be solved through The concept of quantum algorithm design can perform Problem-Dependent Optimized Computation (Problem-Dependent Optimized Computation), which is actually a unique, innovative and cost-effective invention.

According to the advancement of science and technology, the development of industry, and the advent of the digital age, any plain text on the Internet is expected to be absolutely confidential during the transmission process. It is also hoped that it can be decrypted during the process. To achieve full confidentiality, the current homomorphic encryption HE (Homomorphic Encryption, referred to as HE) is based on lattice-based post-quantum cryptography to implement homomorphic encryption HE (Homomorphic Encryption) calculations. During the execution of the operation, the encrypted data will generate a certain proportion of noise. Noise must be reduced after each calculation to avoid excessive errors in calculation results. In other words, this process is equivalent to obtaining approximate solutions (approximated solutions) by approximation, and an extremely expensive computational cost (overhead) is required to reduce noise. This means that the current implementation of homomorphic encryption HE (Homomorphic Encryption) is quite It has limitations, and the algorithms and operators used in performing homomorphic encryption HE (Homomorphic Encryption) calculations will be leaked during the calculation process. Therefore, how can the decryption result be accurate rather than approximate, and the whole process of decryption can be kept confidential? This can avoid unnecessary calculation expenses, and carry out optimized calculation (Problem-Dependent Optimized Computation) design according to different problems. , in order to obtain the lowest resource consumption, is the direction that R&D personnel or the industry are eager to move towards.

In view of this, the inventor of this case conducted in-depth discussions on the above-mentioned needs based on his many years of research and development experience in related fields, and actively sought solutions based on the above-mentioned needs. After a long period of hard research and multiple tests, he finally completed this project. send It is clear that it solves the shortcomings of conventional use and enhances its unprecedented progress and practicality.

Therefore, the main purpose of the present invention is to provide a "public key system design method in QAP type homomorphic encryption", which mainly uses the QAP (Quotient Algebra Partition) architecture. When homomorphic encryption HE (Homomorphic) is to be performed Encryption) calculation, after selecting a quantum code (quantum code), that is, the plaintext (plaintext) will be encoded into a longer length and has a ciphertext (ciphertext) contaminated by correctable errors. Characteristics; the arithmetic operation will be encoded into a completely blind operator state, and this operator has the characteristics of being able to correct errors in the ciphertext, thereby enabling encryption and calculation in the calculation process. (Computation) and decryption (Decryption) can both mask the calculation process, and can also achieve confidentiality of the entire data processing process, and the result is an exact (Exact) rather than an approximate solution, which can avoid unnecessary calculation expenses.

The secondary purpose of the present invention is to provide a "method for designing a public key system in QAP-type homomorphic encryption" so that the calculation result of this case is an exact (Exact) rather than an approximate solution. This method uses Hilbert Calculation is performed using a well-designed invertible gate in Hilbert space, which includes spinor, SWAP, CNOT, Toffoli gate, Controlled SWAP, and Multi-Control Gate.

Another important object of the present invention is to provide a "method for designing a public key system in QAP-type homomorphic encryption", in which the arithmetic operation is simultaneously encoded and uses a one-way function. The concept is constructed as a completely blind operator, and this operator has the characteristics of being able to correct errors in the ciphertext.

Another important object of the present invention is to provide a "QAP type and "A method for designing a public key system in static encryption", so that when using the method of the present invention, it also has the characteristics of performing an optimized calculation (Problem-Dependent Optimized Computation) design according to different problems, and obtaining the lowest resource consumption.

1:| x 〉plaintext

) 2:( VQ _en ,

)

3:

4: U _en | ψ _en 〉

5:

6: Data recipient (Alice)

7:Information provider (Bob)

8:Key _pub

9:Key _private

10:cloud

11: Spinor

12:CNOT

13:Toffoli gate

14:SWAP

15:CSWAP(Controlled SWAP)

16:Multi-Control gate

Figure 1: is a schematic diagram of the operation flow of the present invention.

Figure 2 is a flow chart of the actual operation of encryption, calculation and decryption of the present invention.

Figure 3: is a schematic diagram of the basic gate used by the algorithm of the present invention.

In order to have a more detailed and clear understanding of the purpose, effect and structural features of the present invention, the following preferred embodiments are enumerated and described below with reference to the drawings.

中的一個元素，也可視為維度(dimension)等於2 ^k 的向量(vector)；例如，k=3位元明文 | x 〉=|100〉為加法群

中的一個元素，視為維度等於2³的一個向量。 First of all, please refer to Figure 1. The present invention is a method of designing a public key system in QAP type homomorphic encryption. It mainly uses quotient algebra to divide the algebraic structure of QAP (Quotient Algebra Partition), and calculates QAP quantum fault tolerance through QAP type quantum fault tolerance. The general method of (QAP-based Fault Tolerance Quantum Computation), before performing encryption (Encryption), calculation (Computation) and decryption (Decryption), first use the QAP (Quotient Algebra Partition) architecture to perform homomorphic encryption HE (Homomorphic Encryption, (referred to as HE), when calculating, you can first select a k -qubit state ( k -qubit state) in quantum computing, that is, | Represented by a binary string and represented as plaintext, this plaintext is represented by an additive group.

An element in can also be regarded as a vector with a dimension equal to 2 ^k ; for example, k =3-bit plaintext | x 〉=|100〉 is an additive group

An element in is regarded as a vector with dimensions equal to 2 ³ .

式子，即k量子位元態(k-qubit state)，即| x 〉(1)為明文(plaintext)，經由加密資料所需要的公鑰(public key)式子計算，即可得到密文(ciphertext)即符號|ψ _en 〉，而密碼系統中的公鑰(public key)式子(

)，其中Q _en 代表編碼算子(encoding)、V為位元置換算子(qubit permutation)，皆可表示為2 ⁿ ×2 ⁿ 的矩陣(matrix)或以基本閘(basic gates)組成(請配合參閱第3圖所示)；

為錯誤算子的隨機產生器(random error generator)，可從指數級(exponential)數量的選擇中任意產生一個錯誤算子

，此錯誤算子為一個自旋算子(spinor)，亦可表示成2 ⁿ ×2 ⁿ 的矩陣或以基本閘組成。 When the encryption process is to be carried out and a longer encoded ciphertext, that is, the symbol | ψ _en 〉 is to be obtained, the encryption procedure is further divided into key generation and encoding steps. , and the key generation step will generate the public key (public key) Key _pub required for encrypting the data and the private key (private key) Key _priv required for decryption. The public key (public key) in this cryptosystem can written as

The formula is the k -qubit state, that is, | (ciphertext) is the symbol | ψ _en 〉, and the public key (public key) formula in the cryptosystem (

), where Q _en represents the encoding operator (encoding) and V represents the qubit permutation operator (qubit permutation), both of which can be expressed as a 2 ⁿ × 2 ⁿ matrix (matrix) or composed of basic gates (please Please refer to Figure 3 for details);

It is a random error generator that can generate an error operator arbitrarily from an exponential number of choices.

, this error operator is a spin operator, which can also be expressed as a 2 ⁿ × 2 ⁿ matrix or composed of basic gates.

(3)時，則該向量|ψ _en 〉符號，即是代表經過加密後的密文(ciphertext)，而

為三個算子的相乘，n位元字串|0〉

| x 〉等於n-k位元的全零字串(zero string)|0〉以及k位元字串| x 〉的直積(tensor product)；例如，n=5,k=3,| x 〉=111,

。 So when the encryption process is performed, the symbolic formula is obtained

(3), then the vector | ψ _en 〉 symbol represents the encrypted ciphertext, and

is the multiplication of three operators, n -bit string | 0 〉

| x 〉 is equal to the tensor product of n - k -bit zero string | 0 〉 and k -bit string | =111,

.

When proceeding with the calculation process, the operator U _en that performs homomorphic encryption HE (Homomorphic Encryption) calculation is used, and acts on the encrypted ciphertext (ciphertext) | ψ _en 〉 symbol, and then gives a Calculation operator M, since U _en is an operator that performs homomorphic encryption HE (Homomorphic Encryption) calculations and is the encoding operator of k -bit operator M (expressed as a 2 ^k × 2 ^k matrix or composed of basic gates), It _{can be expressed} as ^a 2 ⁿ _ _{_} _ _ _en | ψ _en 〉(4) symbolic formula.

，|λ〉為n-k位元的徵狀態(syndrome state)，其它部份為最後結果M| x 〉，此時A^† P ^†代表此密碼系統的私鑰(private key)，由算子A^†與P ^†相乘所得(此二算子各別可表示成2 ⁿ ×2 ⁿ 的矩陣或以基本閘組成)，|λ〉為n-k位元字串，M| x 〉為k位元字串(代表未加密的原始計算)。 Finally, when the decryption process is to be continued, that is, the symbolic formula of U _en | ψ _en 〉(4) is used to decrypt (Decryption), and when decrypting (Decryption), the key from the beginning of the encryption process is used. The private key required for decryption generated by the Key Generation step is Key _priv =A ^ P ^ for decoding, as shown in the following formula:

, | λ 〉 is the syndrome state ^of n - k bits, and the other ^parts are the final result M | A ^ is obtained by multiplying P ^ (these two operators can each be expressed as a 2 ⁿ × 2 ⁿ matrix or composed of basic gates), | λ 〉 is an n - k bit string, M | x 〉 is k Bit string (representing the unencrypted raw computation).

，可寫成式子為

並傳送至資料提供者(Bob)(7)(如第2圖中之②流程)，Q _en 為n位元編碼算子(encoding)，V為n位元置換算子(permutation)，

為錯誤算子生成器(error generator)，而私鑰(private key)Key _priv (9)可寫成式子為Key _priv =A^† P ^†，它為兩個n位元算子A^†與P ^†的相乘，用於解密程序；此時加密資料所需要的公鑰(public key)Key _pub (8)可發佈於公開空間供任何人索取以進行明文(plaintext)加密，解密所需的私鑰(private key)Key _priv (9)則由資料接收者(Alice)(6)保留用於計算後的密文(ciphertext)的解密。而在編碼(encoding)的程序中，資料提供者(Bob)(7)提供明文(plaintext)| x 〉，進行同態加密HE(Homomorphic Encryption)的計算，先利用空白態|0〉與| x 〉組合成n位元量子態|0〉

| x 〉，再根據公鑰Key _pub 中錯誤算子生成器

所隨機產生的錯誤算子

，資料提供者(Bob)(7)將|0〉

| x 〉編碼成n位元密文

，亦即當資料提供者(Bob)(7)欲加密長度為k量子位元(k-qubit)敏感資料(明文(plaintext))| x 〉，先利用長度為n-k量子位元的空白態(blank state)|0〉，將明文| x 〉寫成長度為n的表示式|0〉

| x 〉(依然是明文)。接著由公鑰提供修飾編碼算子(modified encoding)VQ _en 以及隨機產生的修飾錯誤算子(modified error)

，並經由算式

得到編碼量子態(encoded state)|ψ _en 〉(密文)。此時資料提供者(Bob)(7)會將密文|ψ _en 〉傳送cloud(計算資源提供者)(如第2圖中之③流程)。 Please refer to Figure 2, which is a flow chart of the present invention actually applied in operating encryption, computation and decryption. The steps are as follows: Step 1: Encryption, first by data The receiver (Alice) (6) selects a quantum code [ n , k , C] (structurally a QAP; n > k ), which is further divided into key generation in the encryption program. and encoding (encoding) two procedures. In the key generation program, the public key Key _pub (8) required to encrypt the data (such as the ① process in Figure 2) and the private key required for decryption will be generated. key)Key _priv (9), where the public key (8) provides a modified encoding operator (modified encoding) VQ _en and a randomly generated modified error operator (modified error)

, which can be written as

And sent to the data provider (Bob) (7) (as shown in the ② process in Figure 2), Q _en is the n -bit encoding operator (encoding), V is the n- bit permutation operator (permutation),

is the error generator (error generator), and the private key Key _priv (9) can be written as Key _priv =A ^ P ^ , which is two n -bit operators A ^ and P ^ The multiplication is used for the decryption program; at this time, the public key Key _pub (8) required to encrypt the data can be published in the public space for anyone to request for plaintext encryption, and the private key required for decryption The (private key)Key _priv (9) is retained by the data recipient (Alice) (6) for decryption of the calculated ciphertext. In the encoding program , the data provider (Bob) (7) provides plaintext ( plaintext ) | 〉Combined into n- bit quantum state | 0 〉

| x 〉, and then based on the error operator generator in the public key Key _pub

Randomly generated error operator

, the data provider (Bob) (7) will | 0 〉

| x 〉encoded into n- bit ciphertext

, that is , when the data provider (Bob) (7) wants to encrypt sensitive data ( plaintext ) | State (blank state) | 0 〉, write the plaintext | x 〉 as an expression of length n | 0 〉

| x 〉 (still plain text). Then the public key provides the modified encoding operator (modified encoding) VQ _en and the randomly generated modified error operator (modified error)

, and through the formula

Obtain the encoded quantum state (encoded state) | ψ _en 〉 (ciphertext). At this time, the data provider (Bob) (7) will send the ciphertext | ψ _en 〉 to the cloud (computing resource provider) (as shown in the ③ process in Figure 2).

，此表示為n-k位元單位算子與k位元算子M的直積 (tensor product)。此時資料接收者(Alice)(6)產生同態加密HE(Homomorphic Encryption)計算算子U _en 的指示，其形式如下： Step 2: Computation. Given any k -bit calculation operator M , the output can be performed on the encrypted state | ψ _en 〉. First, express the k -bit operator M as an n- bit operator

, which is expressed as the direct product (tensor product) of the n - k -bit unit operator and the k -bit operator M. At this time, the data receiver (Alice) (6) generates instructions for the homomorphic encryption HE (Homomorphic Encryption) calculation operator U _en , which has the following form:

其中

改寫成位元置換算子W ₁與由基本閘(Spinors、CNOTs、Toffolis、SWAPs、Controlled SWAPs、Multi-Control Gate)所組成算子W ₂的相乘，P _j=0,1及P皆為位元置換算子且滿足

，修正錯誤算子B=B₁B₂改寫成各別由基本閘(Spinors、CNOT、Toffolis、SWAPs、Controlled SWAPs、Multi-Control Gate)所組成兩算子B₁與B₂的乘積。

in

Rewritten as the multiplication of the bit replacement operator W ₁ and the operator W ₂ composed of basic gates (Spinors, CNOTs, Toffolis, SWAPs, Controlled SWAPs, Multi-Control Gate), P _{j =0,1} and P are all bit replacement operator and satisfies

, the error correction operator B=B ₁ B ₂ is rewritten as the product of two operators B ₁ and B ₂ respectively composed of basic gates (Spinors, CNOT, Toffolis, SWAPs, Controlled SWAPs, Multi-Control Gate).

Then the data receiver (Alice) (6) provides the encoded calculation instruction (instruction) U _en to the cloud (10) (as shown in the ④ process in Figure 2), and then the cloud (10) receives the calculation instruction. And perform the calculation U _en | ψ _en 〉.

；|λ〉為n-k位元的徵狀態(syndrome state)。接著將此加密的計算結果傳送至資料接收者(Alice)(6)，接著由資料接收者(Alice)(6)以私鑰Key _priv 進行解密Key _priv U _en |ψ _en 〉而得到最後答案(M| x 〉)。 Step 3: Decryption, first the cloud (10) performs homomorphic encryption HE (Homomorphic Encryption) calculation U _en | ψ _en 〉, and transmits the encrypted calculation result to the data recipient (Alice) (6) (Such as the ⑤ process in Figure 2), then the data receiver (Alice) (6) uses the private key Key _priv =A ^† P ^† to decode, as shown in the following formula,

; | λ 〉 is the syndrome state of n - k bits. Then the encrypted calculation result is sent to the data receiver (Alice) (6), and then the data receiver (Alice) (6) uses the private key Key _priv to decrypt Key _priv U _en | ψ _en 〉 to obtain the final answer ( M | x 〉).

由n個單位元自旋算子的張量積(tensor product)所組成，ζ,α

且ε _j ,a _j

Z ₂，每個單位元自旋算子

,1

j

n，可表示成2×2的矩陣；單位元自旋算子

可將單位元字串(single-bit string)b _j 轉成b _j ♁a _j ，其中♁代表邏輯XOR運算(也就是，0♁0=0=1♁1,0♁1=1=1♁0)。 Please refer to Figure 3, which is a schematic diagram of the basic gate used in the algorithm of the present invention, in which the Spinor (11): n -bit spin operator (spinor)

It is composed of the tensor product of n unit spin operators, ζ,α

And ε _j , a _j

Z ₂ , each unit element spin operator

,1

j

n , can be expressed as a 2×2 matrix; unit element spin operator

The single-bit string b _j can be converted into b _j ♁ a _j , where ♁ represents the logical XOR operation (that is, 0♁0=0=1♁1,0♁1=1=1♁ 0).

CNOT(12): It is a two-bit logic gate operation; given a two-bit string a _i a _j , where a _i is the control bit (control bit) and a _j is the target bit (target bit), CNOT The calculation on a _i a _j is that a _i remains unchanged, and a _j is transformed into a _j ♁ a _i .

Toffoli gate(13): It is a three-digit logic gate operation; given a three-digit string a _i a _j a _l , where a _i and a _j are the control bits and a _l is the target bit, Toffoli gate is The calculation on a _i a _j a _l is that a _i and a _j remain unchanged, and a _l is transformed into a _l ♁( a _i ∧ a _j ), where ∧ represents the logical AND operation.

SWAP(14): It is a two-bit logic gate operation; given a two-bit string a _i a _j , the SWAP gate swaps the positions of bits a _i and a _j to generate the string a _j a _i .

)♁(a _j ∧a _i )，a _l 轉變成(a _l ∧

)♁(a _l ∧a _i )，其中

為原位元a _i 的否定(negation；

,

)。 CSWAP (Controlled SWAP)(15): It is a three-digit logic gate operation; given a three-digit string a _i a _j a _l , where a _i is the control bit and a _j and a _l are the target bits, The calculation of CSWAP on a _i a _j a _l is that a _i remains unchanged, and a _j is transformed into ( a _j ∧

)♁( a _j ∧ a _i ), a _l transforms into ( a _l ∧

)♁( a _l ∧ a _i ), where

is the negation of the original element a _i ;

,

).

的作用之下，若前p個位元a ₁=a ₂=…=a _p =1，則後面n-p個位元則受自旋算子

作用；反之，則此n位元字串保持不變。 Multi-Control gate(16): It is an n -bit logic gate operation; given an n- bit string a ₁ a ₂ … a _p a _{p +1} … a _n , in a multi-control p -gate

_Under the action of _{_} _ _{_} _ _

function; otherwise, the n- bit string remains unchanged.

To sum up, the method of designing the public key system in the QAP homomorphic encryption of the present invention is carefully designed by the inventor of this case. It not only enables the data receiver to communicate with the data during the encryption process The sender (data sender) can complete the uniqueness of the so-called homomorphic encryption without communicating with each other, and can achieve full confidentiality. At the same time, it can perform optimized calculations (Problem) according to different problems. -Dependent Optimized Computation) design to obtain the lowest resource consumption, which is indeed in line with the invention patent requirements of the Patent Law. I have submitted the application in accordance with the law. I sincerely hope that the review committee of the Jun Bureau will understand and grant the patent. It is really a prayer.

However, the above description only describes the preferred embodiments of the present invention, and does not limit the patent scope of the present invention. Therefore, all equivalent structural changes made by applying the specification and application scope of the present invention are all included in the same. Within the scope of the present invention, it is clearly stated.

1:| x 〉plaintext

) 2:( VQ _en ,

)

3:

4: U _en | ψ _en 〉

5:

Claims (1)

A method of designing the public key system in QAP type homomorphic encryption mainly uses quotient algebra to divide the algebraic structure of QAP (Quotient Algebra Partition), and uses the operation of performing homomorphic encryption HE (Homomorphic Encryption). The steps are as follows: Step 1: Encryption: First, the data receiver (Alice) selects a quantum code [ n , k , C] (structurally a QAP; n > k ). In the encryption (Encryption) program, it is further divided into key generation (key generation) and encoding (encoding); in the key generation (key generation) program, the public key (public key) Key _pub required for encrypting data and the private key (private key) Key _priv required for decryption will be generated. , where the public key can be written as:

, Q _en is an n -bit encoding operator (encoding), V is an n -bit permutation operator (permutation),

is the error generator, and the private key Key _priv can be written as Key _priv =A ^† P ^† , which is the multiplication of two n -bit operators A ^† and P ^† , used for the decryption program; at this time, the public key (public key) Key _pub can be published in the public space for anyone to request for plaintext encryption, and the private key (private key) Key _priv is retained by the data recipient (Alice) It is used to decrypt the calculated ciphertext (ciphertext); in the encoding program, the data provider (Bob) provides k -bit plaintext (plaintext) | x 〉, first using the blank state | 0 〉 and | x 〉 is combined into an n- bit quantum state | 0 〉

| x 〉, and then based on the error operator generator in the public key Key _pub

Error operator that can generate large amounts of random errors

, the data provider (Bob) will | 0 〉

| x 〉encoded into n- bit ciphertext

, that is , when the data provider ( Bob) wants to encrypt sensitive data (plaintext) | state)| 0 〉, write the plaintext | x 〉 as an expression of length n | 0 〉

| _ _{_}

, and through the formula

Obtain the encoded quantum state (encoded state) | ψ _en 〉 (ciphertext). At this time, the data provider (Bob) will transmit the ciphertext | ψ _en 〉 to the cloud (computing resource provider); Step 2: Computation: Given any k -bit calculation operator M , the output can be performed on the encrypted state | ψ _en 〉. First, the k -bit operator M is expressed as an n -bit operator.

, this is expressed as the tensor product of the n - k bit unit operator and the k bit operator M. At this time, the data receiver (Alice) generates the homomorphic encryption HE (Homomorphic Encryption) calculation operator U _en instructions, which are of the following form:

in

Rewritten as the multiplication of the bit replacement operator W ₁ and the operator W ₂ composed of basic gates (Spinor, CNOTs, Toffolis, SWAPs, Controlled SWAPs, Multi-Control Gate), P _{j =0,1} and P are all bit replacement operator and satisfies

, the error correction operator B=B ₁ B ₂ is rewritten as the product of two operators B ₁ and B ₂ composed of basic gates (Spinor, CNOTs, Toffolis, SWAPs, Controlled SWAPs, Multi-Control Gate), and then the data The receiver (Alice) provides the encoded calculation instruction (instruction) U _en to the cloud cloud, and then the cloud cloud receives the calculation instruction and executes the calculation U _en | ψ _en 〉; Step 3: Decryption: First, the cloud performs homomorphic encryption HE (Homomorphic Encryption) to calculate U _en | ψ _en 〉, and transmits the encrypted calculation result to the data recipient (Alice). Then the data recipient (Alice) uses the private key Key _priv =A ^ P ^ is decoded, as shown in the following formula,

; | λ 〉 is the syndrome state of n - k bits; then the encrypted calculation result is sent to the data receiver (Alice), and then the data receiver (Alice) uses the private key Key _priv to decrypt Key _priv U _en | ψ _en 〉 and get the final answer ( M | x 〉).

Images