Quantum Circuit Obfuscation

• Quantum circuit obfuscation is a set of techniques that transform quantum circuits to preserve functionality while concealing underlying structure and proprietary details.
• Gate-teleportation, path-sum, and classical-oracle schemes are key methodologies that implement indistinguishability obfuscation by leveraging resource states and update functions.
• The field addresses security challenges against white-box and black-box adversaries and examines tradeoffs in efficiency, hardware compatibility, and cryptographic robustness.

Quantum circuit obfuscation encompasses a range of cryptographic and information-hiding techniques that transform a quantum circuit or program into an alternative representation—often a state, circuit, or oracle-hybrid—such that the computational functionality is preserved but the underlying structure, logic, or secrets are concealed from adversaries. This area intersects quantum complexity theory, classical and quantum cryptography, and practical considerations in quantum software security, with major motivations including the protection of proprietary algorithms, secure delegated quantum computing, and cryptographic primitives such as indistinguishability obfuscation and functional encryption.

1. Formal Framework and Obfuscation Notions

Quantum circuit obfuscation generalizes classical definitions to the quantum regime, with several key models:

• Indistinguishability Obfuscation (QiO): A quantum circuit obfuscator is required to produce for any two circuits $C_1, C_2$ implementing the same CPTP map, obfuscated outputs that are indistinguishable (perfectly, statistically, or computationally) to any quantum polynomial-time (QPT) adversary. Functionality must remain preserved up to negligible error, typically measured in trace or diamond norm (Alagic et al., 2016, Zhang et al., 2024, Broadbent et al., 2020).
• Virtual Black-Box (VBB) Obfuscation: The obfuscated representation reveals no more to any QPT adversary than black-box access to the original circuit (Alagic et al., 2016, Bartusek et al., 9 Oct 2025).
• Classical-Oracle Model: The obfuscator may output both a quantum state and access to a classical oracle, enabling novel constructions that leverage post-quantum classical iO (Bartusek et al., 2024, Bartusek et al., 2023, Huang et al., 16 Jul 2025).
• Specialized Classes: Pseudo-deterministic circuits (producing a single classical output with high probability) and null circuits (rejecting all inputs) have tailored obfuscation schemes (Bartusek et al., 2021, Bartusek et al., 2023, Bartusek et al., 9 Oct 2025).

Impossibility results exclude statistical or information-theoretic iO for arbitrary quantum circuits in the multi-instance or reusable setting, but various relaxations (restriction to single-state outputs, computational security, or pseudo-deterministic settings) allow nontrivial constructions (Alagic et al., 2016).

2. Gate-Teleportation-Based and Clifford+T Obfuscation: Hardness Barriers

A central cryptographic primitive for quantum circuit obfuscation is the Broadbent–Kazmi gate-teleportation protocol, which allows functional obfuscation of Clifford+T circuits with logarithmic T-gate count. The scheme uses "magic states" and classically obfuscated update functions $f_F(\cdot)$ encoding the Pauli correction for teleportation (Broadbent et al., 2020). The efficiency and scope of such protocols hinge on the computational hardness of describing the action of general quantum circuits upon conjugation (so-called "conjugate-encoding").

The Exact Non-Identity Check (ENIC) problem, asking whether a circuit $C$ implements identity (up to global phase) on all inputs, emerges as a hardness bottleneck. For Clifford+T circuits with T-depth $O(\log n)$, ENIC is shown to be NP-hard via reductions from the BINARY-WEIGHT problem in coding theory. This NP-hardness precludes efficient gate-teleportation-based iO for such circuits unless P = NP, and therefore marks a concrete barrier delineating the landscape of feasible quantum circuit obfuscation for general classes (Nevin, 22 Nov 2025). For low (constant) T-depth, efficient conjugate-encoding and perfect iO is possible, but as soon as T-depth exceeds one, the problem becomes computationally intractable.

Circuit Class	iO Feasibility	Hardness
Clifford (T-depth 0)	Efficient, perfect iO	Canonical forms; easy ENIC
Clifford+T, low T-count	Gate-teleportation iO	Efficient if T-count $O(\log n)$
Clifford+T, T-depth $O(1)$	Efficient (depth=1 only)	Hard for $d \ge 2$ (open for $d=2$)
Clifford+T, T-depth $O(\log n)$	NP-hard	No efficient iO unless P=NP

In summary, even shallow quantum circuits (logarithmic T-depth) encode NP-hard instances of classical problems, defining the complexity-theoretic boundaries for gate-teleportation-based quantum circuit iO (Nevin, 22 Nov 2025, Broadbent et al., 2020).

3. Obfuscation Constructions and Methodologies

3.1 Gate-Teleportation and Update-Function Obfuscation: For low-T-count Clifford+T circuits, gate-teleportation obfuscation proceeds by (1) preparing resource ("magic") states, (2) publishing an obfuscated classical program $f_F$ that outputs quantum corrections for Bell measurement outcomes, and (3) using gate teleportation plus classically-computed corrections to implement the circuit (Broadbent et al., 2020).

3.2 Path-Sum and Δ-Subpath Obfuscation: Recent frameworks employ path-sum representations of quantum circuits, expressing them as sums over computational paths with associated phase polynomials. Indistinguishability obfuscation is accomplished by inserting "identity-loops" (Δ-subpath transformations) that can turn any implementation of a function into another with negligible probability of distinguishing, using only a polynomial number of modifications and a single polynomial-identity test (Zhang et al., 2024, Zhang et al., 23 Jul 2025). This model eliminates the exponential loss that would arise from exhaustive input-output checks and enables efficient iO even for universal circuits.

3.3 Classical-Oracle-Based Schemes: Publicly-verifiable quantum fully homomorphic encryption (QFHE) enables classical obfuscation of quantum circuits in the random-oracle model, especially for pseudo-deterministic circuits (Bartusek et al., 9 Oct 2025, Bartusek et al., 2024, Bartusek et al., 2023). Techniques include Pauli functional commitments, one-shot signature schemes, and compact public verification protocols.

3.4 Obfuscation of Unitary Programs: New results extend quantum state obfuscation from pseudo-deterministic scenarios to unitary quantum programs acting on quantum data, utilizing functional authentication schemes and projective LM program compilations with classical oracles (Huang et al., 16 Jul 2025).

4. Security Notions, Metricization, and Threat Models

Security of quantum circuit obfuscation is established against both white-box and black-box adversaries:

• White-box adversaries can access obfuscated circuit descriptions (e.g., QASM, Qiskit IR) and attempt algebraic or structural recovery.
• Black-box adversaries have query access only, allowing input-output sampling or measurement-based statistical inference. Security is quantified using indistinguishability metrics (diamond and trace norms), semantic accuracy (the fraction of outcome distributions aligned under obfuscation), and total variation distance (TVD) between obfuscated and original output distributions (Parayil et al., 22 Dec 2025, Bartusek et al., 9 Oct 2025).

The infeasibility of generic circuit identity checking and conjugate-encoding underpins the security of many schemes. Table-based and compiler-resistance analyses further differentiate schemes, with randomized basis conjugation (e.g., U3-conjugation) obfuscating single-qubit gates and wrapping them as opaque unitary blocks, eluding pattern-based reverse engineering (Parayil et al., 22 Dec 2025).

5. Limitations, Open Problems, and Future Directions

Open questions and challenges defined by current research include:

• Complexity barriers for general circuits: Removing the NP-hardness for ENIC with higher T-depth, or proving fixed-parameter tractability in T-depth, remains unresolved. Whether ENIC is hard at constant T-depth ≥2 is conjectured but open (Nevin, 22 Nov 2025).
• Extending beyond pseudo-deterministic or unitary obfuscation: Current classical-oracle schemes handle either one-bit outputs or unitary programs. Obfuscation for quantum samplers, general isometries, or circuits producing superpositions is not yet realized (Bartusek et al., 2024, Huang et al., 16 Jul 2025).
• Hardware-aware and scalable solutions: Implementation challenges exist for scaling randomized conjugation-based obfuscators, integrating with hardware-specific native gates, and ensuring viable decomposition and fidelity on large devices (Parayil et al., 22 Dec 2025).
• Oracle-model limitations: Most strong security results require at least a classical random oracle, with instantiation in the plain (non-oracle) model—especially for full indistinguishability obfuscation—remaining open (Huang et al., 16 Jul 2025, Bartusek et al., 9 Oct 2025).
• Approximate functional equivalence and approximate iO: If one allows approximate correctness (AGM-style), some barriers may be bypassed, but the relationship between approximate iO and exact ENIC remains an avenue for further research (Nevin, 22 Nov 2025).
• Practical privacy/efficiency tradeoffs: Obfuscators must balance circuit overhead (gate count, depth increase), run-time performance, and fidelity deviation, especially in NISQ and cloud compilation settings (Parayil et al., 22 Dec 2025).

6. Practical Applications and Broader Implications

Quantum circuit obfuscation underpins several advanced cryptographic and software security tasks:

• Quantum software IP protection: Randomized conjugation and barrier insertion conceal gate-level structure, with empirical results showing high semantic accuracy and resistance to reverse engineering on standard algorithmic benchmarks (Parayil et al., 22 Dec 2025).
• Blind and delegated quantum computation: Publicly-verifiable QFHE-based obfuscators enable succinct, blind, non-interactive verification of BQP computations by classical clients, with the first such protocols supporting blindness and public verifiability (Bartusek et al., 9 Oct 2025).
• Quantum cryptography primitives: Indistinguishability obfuscation (even for null or pseudo-deterministic circuits) facilitates witness encryption for QMA, publicly-verifiable zero-knowledge protocols, and attribute-based encryption for BQP (Bartusek et al., 2021).
• Compiler/hardware privacy: In cloud or multi-tenant contexts, dummy-gate strategies, cover traffic via t-designs, and hardware-level pulse obfuscation (including decoy-pulse schemes) further mitigate circuit and data leakage at both software and physical layers (Trochatos et al., 2023, Punch et al., 31 Aug 2025).

Continued progress in quantum circuit obfuscation, both in foundational models and practical instantiations, is essential for scalable, secure quantum software deployment, cryptographic innovation, and long-term realization of secure, delegated quantum computation.