Verifiable Blind Quantum Computation

• Verifiable blind quantum computation is a protocol that secures delegated quantum tasks by concealing client input and verifying results via strategically embedded trap and dummy qubits.
• The protocol integrates cryptographic tests with fault-tolerant resource states to ensure that any server deviation results in an exponentially small probability of an undetected error.
• Resource state designs such as the cylinder brickwork and dotted-complete graph state enhance scalability and fault-tolerance, making secure quantum cloud computing practically attainable.

Verifiably Blind Quantum Computation (VBQC) is a framework within blind quantum computing (BQC) that allows a client with limited quantum abilities to delegate a quantum computation to a server while ensuring both the blindness of the computation (the server learns nothing about the client's input, algorithm, or output) and the verifiability of the result (the client can detect, with high probability, if the server deviated from the protocol). Unconditional verifiability in VBQC is achieved by embedding cryptographic tests—most notably, trap and dummy qubits—along with fault‑tolerant resource states and rigorous verifiability quantification. The following sections elaborate the mechanisms and guarantees established in "Unconditionally verifiable blind computation" (Fitzsimons et al., 2012).

1. Verification through Trap and Dummy Qubits

The protocol achieves verifiability by randomly embedding “trap” qubits into the computational resource state constructed by the server. A trap qubit is prepared in a known state $|+_{\theta}\rangle$ (with random angle $\theta$ from a finite set) and is surrounded by “dummy” qubits, which are randomly chosen eigenstates of Pauli $Z$ (i.e., $|0\rangle$ or $|1\rangle$). The dummy qubits isolate the trap from the entangling operations performed by the server (Bob).

The trap-and-dummy construction operates as follows:

• Trap qubits are placed at randomly chosen positions, determined by the client (Alice), who keeps their positions, basis angles, and random bits secret.
• Dummy qubits sever all entanglement pathways between the trap and the computation, ensuring the trap remains unentangled and its measurement outcome is deterministic and known to Alice.
• After execution, Alice examines the measurement outcomes for the traps: any deviation by Bob that impacts a trap can be detected with certainty, as Alice knows the correct measurement outcome in advance.

This strategy thwarts server cheating attempts because the server cannot distinguish traps from computational qubits due to the blindness of preparation and measurement instructions.

2. Trap-Based Security and the $\varepsilon$-Verifiable Guarantee

Security is formalized in terms of $\varepsilon$-verifiability: for any adversarial server strategy, the probability $p_{\text{incorrect}}$ that Alice accepts a corrupted outcome is bounded above by a tunable, exponentially small $\varepsilon$.

Key points:

• Bob must perform the computation as instructed or risk altering at least one trap qubit's outcome.
• If a deviation protocol by Bob has “weight,” i.e., it nontrivially impacts several qubits, it will, with high probability, also affect a trap qubit.
• In the basic protocol with a single trap, the acceptance probability of an incorrect computation is at most $1 - \frac{1}{2m}$ (or $1 - \frac{1}{m}$ for classical output) where $m$ is a parameter that scales with the number of qubits.

This guarantee is robust to any type of quantum deviation, as general server deviations can be decomposed into a linear combination of Pauli errors. The protocol ensures that any undetectable deviation necessitates a "high weight" (i.e., must simultaneously impact many qubits), making cheating probabilities exponentially small in the number of traps or the error-correcting code distance.

3. Enhanced Verifiability via Resource State Design and Fault-Tolerance

To further amplify detection probability and exponentially suppress cheating probability, the protocol utilizes:

• Multiple Traps: Inserted at random positions; using $cN$ isolated traps out of $N$ total qubits, with $c$ a constant.
• Fault-Tolerant Encoding: Incorporating topological codes such as Raussendorf–Harrington–Goyal (RHG), which correct or detect all Pauli errors below a certain weight $d$ (minimum code distance or security parameter).
• Novel Resource States: The “cylinder brickwork state” and “dotted-complete graph state” facilitate constant overhead logical gate application between arbitrary pairs of qubits. For example, a dotted-complete graph state with $3N$ qubits can be split into three disjoint subgraphs for the computation and traps, further obfuscating trap locations from Bob.

The improvement in efficiency is crucial: while earlier schemes incurred linear overhead to enforce nearest-neighbor gate constraints, the new resource states allow entangling operations at constant overhead, thus enhancing both scalability and fault-tolerance thresholds.

• When a fault-tolerance code of distance $d$ is embedded and a constant fraction of traps is used, the undetected error probability is upper-bounded as
  • Quantum output: $$p_{\text{incorrect}} \leq (5/6)^{\lceil 2d/5 \rceil}$$
  • Classical output: $$p_{\text{incorrect}} \leq (2/3)^{\lceil 2d/5 \rceil}$$

By increasing $d$, the probability that Alice fails to detect cheating can be made arbitrarily small, with only polynomial resource overhead.

4. Mathematical Formalization of Verifiability

Verifiability is formalized using projection operators and tight probabilistic bounds. For any possible server deviation (which may be an arbitrary superoperator), there is a projection operator $P_{\text{incorrect}}^{\nu}$ that projects onto the subspace of incorrect outcomes. The protocol proves that for any such deviation, the acceptance probability of an incorrect outcome is:

$$p_{\text{incorrect}} \leq (5/6)^{\lceil \frac{2d}{5} \rceil} \quad \text{(quantum output)}, \quad p_{\text{incorrect}} \leq (2/3)^{\lceil \frac{2d}{5} \rceil} \quad \text{(classical output)}$$

Here, $d$ is the code distance or the fault-tolerance parameter—higher $d$ yields stronger suppression of the cheating probability.

5. Protocol Workflow and Practical Considerations

The layered verification pipeline can be summarized as follows:

1. Alice samples secret randomness for angles, dummy positions, trap positions and random bits.
2. Alice prepares and transmits single-qubit states to Bob—these are drawn from a set of separable qubit states, randomly interleaving computational, dummy, and trap qubits.
3. Bob constructs the entangled resource state (cylinder brickwork, dotted-complete, etc.), applies measurement instructions as received, and returns measurement outcomes.
4. Alice post-processes the outcomes; any incorrect trap outcome triggers outright rejection of the computation.
5. If fault-tolerant encoding is present, errors below the detection threshold are corrected; only logically significant errors (Pauli errors of weight $\ge d$) can possibly survive, but are caught with exponentially high probability by the trap outcomes.

Resource requirements scale polynomially in the security parameter $d$; the number of extra qubits and measurements remains practical for moderate values of $d$. The protocol does not demand that Alice possess any quantum memory or a quantum computer—only the ability to generate and send random single-qubit states from a finite set.

6. Significance for Quantum Interactive Proofs and Scalability

The protocol’s design—enabling a classically limited client to both mask the computation and verify server honesty—establishes a universal and unconditionally verifiable interactive proof for quantum computation. The switch from nearest-neighbor to arbitrary-geometry resource states (constant overhead for entangling gates) markedly improves both circuit depth overhead and fault-tolerance thresholds, which are paramount for practical scalability of delegated quantum computation.

By bounding the probability of accepting a corrupted output to be exponentially small and decoupling efficiency from the code dimension, the protocol enables scalable deployment of verifiable quantum cloud computation where resource overhead is strictly polynomial in the desired security level.

---

In summary, unconditionally verifiable blind quantum computation as realized in this protocol synthesizes blind instruction encoding, trap-based verification, topological fault-tolerance, and novel resource states to provide a practical, composable, and exponentially secure approach to delegated quantum computation. This framework stands as a foundation for real-world, secure quantum cloud computing and for complexity-theoretic results linking quantum interactive proofs to the class of problems efficiently verifiable by such hybrid protocols.