Revision History for: Copy protection of Point Functions
- 2025-06-24 at 21:44 by JuliaM
implements Copy Protection
Introduction
This protocol achieves the functionality of Copy Protection allowing a Vendor to send a program to a Client such that the Client cannot duplicate it.
Related Paper(s)
Outline
Any Copy Protection protocol consists of two algorithms: Protect and Eval. For the family of compute-and-compare programs, these algorithms are described as follows:
- Protect: The Vendor encodes the required qubits into BB84 states using the program description. The Vendor then calculates the output of some hash function on the program description as input. The encoded qubits and the hashed description are sent to the Client as output.
- Eval: The Client decrypts the received qubits using the input on which they wish to evaluate the program. Using these qubits as inputs, the Client computes the same hash function (on ancillary qubits) and coherently compares it with the hashed description received from the vendor. The Client finally measures and outputs the result of the comparison.
Assumptions
- Vendor and Client are connected by quantum and classical channels.
- Vendor can create and transmit BB84 states.
- Client has the capability to perform universal quantum computation.
Requirements
No content has been added to this section, yet!
Notation
- $P_{y}$: The point function to be copy-protected in Protocol 1.
- $P_{y}$ is completely specified by a string of $n$ bits, $y$.
$$
P_{y}(x) =
\\\begin{cases}
1 & \\\text{if } x = y \\\\\\\\\
0 & \\\text{otherwise}
\\\end{cases}
$$ - $n$: Size of input string $x$
- $\\\lambda$: Security parameter
- $G: \\\{0,1\\\}^n \\\rightarrow \\\{0,1\\\}^{m(\\\lambda)}$ (Hash function)
- $H: \\\{0,1\\\}^{m(\\\lambda)} \\\rightarrow \\\{0,1\\\}^{\\\lambda}$ (Hash function)
- $|x^{\\\theta}\\\rangle = H^{\\\theta} |x\\\rangle = H^{\\\theta_1} \\\otimes \\\cdots \\\otimes H^{\\\theta_{\\\lambda}} |x\\\rangle,$ where $\\\theta$ is a $\\\lambda$-bit string $\\\theta_1, \\\ldots, \\\theta_{\\\lambda}$.
Properties
- The protocol has provable non-trivial security in the quantum random oracle model. Informally, a query bounded adversary fails at pirating with at least some constant probability.
- The Client should be able to perform universal quantum computation in order to compute the hash function $H$.
- The protected programs obtained in both protocols allow polynomially-many evaluations (as we evaluate the copy-protected programs reversibly).
- The protocol also satisfies the primitive of Virtual Black Box Obfuscation.
Technical Description
PF-Protect($\\\lambda, y$)
Inputs: $\\\lambda$ – security parameter; $y$ – description of point function $P_y$.- Set $\\\theta = G(y)$;
- Sample $v \\\leftarrow {0,1}^{m(\\\lambda)}$ uniformly at random;
- Let $z = H(v)$;
- Output $(|v^{\\\theta}\\\rangle, z)$.
PF-Eval($\\\lambda, (\\\rho, z), x$)
Inputs: $\\\lambda$ – security parameter; $(\\\rho, z)$ – Alleged copy-protected program; $x$ – Input on which the program is to be evaluated.- Set $\\\theta’ = G(x)$;
- Apply the Hadamard operator $H^{\\\theta’}$ to $\\\rho$;
- Append $n+1$ ancillary qubits to $\\\rho$, all in state $|0\\\rangle$;
- Compute the hash function $H$ onto the first $n$ ancillary qubits with $\\\rho$ as input;
- Coherently measure whether the first $n$ ancilla qubits are in state $|z\\\rangle$, recording the result in the last ancilla qubit;
- Uncompute the hash function $H$ and undo the Hadamards $H^{\\\theta’}$;
- Measure the last ancilla qubit to obtain a bit $b$ as output.
Experimental Implementations
No content has been added to this section, yet!
Further Information
For the security proof and extension of the protocol to other functionalities, refer to the paper by Coladangelo et al. (2020) [1].
References
- Coladangelo, Andrea, Christian Majenz, and Alexander Poremba. “Quantum copy-protection of compute-and-compare programs in the quantum random oracle model.” Quantum 8 (2024): 1330.
- 2025-05-16 at 17:39 by JuliaM
implements Copy Protection
Introduction
This protocol achieves the functionality of Copy Protection allowing a Vendor to send a program to a Client such that the Client cannot duplicate it.
Related Paper(s)
Outline
Any Copy Protection protocol consists of two algorithms: Protect and Eval. For the family of compute-and-compare programs, these algorithms are described as follows:
- Protect: The Vendor encodes the required qubits into BB84 states using the program description. The Vendor then calculates the output of some hash function on the program description as input. The encoded qubits and the hashed description are sent to the Client as output.
- Eval: The Client decrypts the received qubits using the input on which they wish to evaluate the program. Using these qubits as inputs, the Client computes the same hash function (on ancillary qubits) and coherently compares it with the hashed description received from the vendor. The Client finally measures and outputs the result of the comparison.
Assumptions
- Vendor and Client are connected by quantum and classical channels.
- Vendor can create and transmit BB84 states.
- Client has the capability to perform universal quantum computation.
Requirements
No content has been added to this section, yet!
Notation
- $P_{y}$: The point function to be copy-protected in Protocol 1.
- $P_{y}$ is completely specified by a string of $n$ bits, $y$.
$$
P_{y}(x) =
\\\begin{cases}
1 & \\\text{if } x = y \\\\\\\\\
0 & \\\text{otherwise}
\\\end{cases}
$$ - $n$: Size of input string $x$
- $\\\lambda$: Security parameter
- $G: \\\{0,1\\\}^n \\\rightarrow \\\{0,1\\\}^{m(\\\lambda)}$ (Hash function)
- $H: \\\{0,1\\\}^{m(\\\lambda)} \\\rightarrow \\\{0,1\\\}^{\\\lambda}$ (Hash function)
- $|x^{\\\theta}\\\rangle = H^{\\\theta} |x\\\rangle = H^{\\\theta_1} \\\otimes \\\cdots \\\otimes H^{\\\theta_{\\\lambda}} |x\\\rangle,$ where $\\\theta$ is a $\\\lambda$-bit string $\\\theta_1, \\\ldots, \\\theta_{\\\lambda}$.
Properties
- The protocol has provable non-trivial security in the quantum random oracle model. Informally, a query bounded adversary fails at pirating with at least some constant probability.
- The Client should be able to perform universal quantum computation in order to compute the hash function $H$.
- The protected programs obtained in both protocols allow polynomially-many evaluations (as we evaluate the copy-protected programs reversibly).
- The protocol also satisfies the primitive of Virtual Black Box Obfuscation.
Technical Description
PF-Protect($\\\lambda, y$)
Inputs: $\\\lambda$ – security parameter; $y$ – description of point function $P_y$.- Set $\\\theta = G(y)$;
- Sample $v \\\leftarrow {0,1}^{m(\\\lambda)}$ uniformly at random;
- Let $z = H(v)$;
- Output $(|v^{\\\theta}\\\rangle, z)$.
PF-Eval($\\\lambda, (\\\rho, z), x$)
Inputs: $\\\lambda$ – security parameter; $(\\\rho, z)$ – Alleged copy-protected program; $x$ – Input on which the program is to be evaluated.- Set $\\\theta\’ = G(x)$;
- Apply the Hadamard operator $H^{\\\theta\’}$ to $\\\rho$;
- Append $n+1$ ancillary qubits to $\\\rho$, all in state $|0\\\rangle$;
- Compute the hash function $H$ onto the first $n$ ancillary qubits with $\\\rho$ as input;
- Coherently measure whether the first $n$ ancilla qubits are in state $|z\\\rangle$, recording the result in the last ancilla qubit;
- Uncompute the hash function $H$ and undo the Hadamards $H^{\\\theta\’}$;
- Measure the last ancilla qubit to obtain a bit $b$ as output.
Experimental Implementations
No content has been added to this section, yet!
Further Information
For the security proof and extension of the protocol to other functionalities, refer to the paper by Coladangelo et al. (2020) [1].
References
- Coladangelo, Andrea, Christian Majenz, and Alexander Poremba. “Quantum copy-protection of compute-and-compare programs in the quantum random oracle model.” Quantum 8 (2024): 1330.
- 2025-05-16 at 17:39 by JuliaM
implements Copy Protection
Introduction
This protocol achieves the functionality of Copy Protection allowing a Vendor to send a program to a Client such that the Client cannot duplicate it.
Related Paper(s)
Outline
Any Copy Protection protocol consists of two algorithms: Protect and Eval. For the family of compute-and-compare programs, these algorithms are described as follows:
- Protect: The Vendor encodes the required qubits into BB84 states using the program description. The Vendor then calculates the output of some hash function on the program description as input. The encoded qubits and the hashed description are sent to the Client as output.
- Eval: The Client decrypts the received qubits using the input on which they wish to evaluate the program. Using these qubits as inputs, the Client computes the same hash function (on ancillary qubits) and coherently compares it with the hashed description received from the vendor. The Client finally measures and outputs the result of the comparison.
Assumptions
- Vendor and Client are connected by quantum and classical channels.
- Vendor can create and transmit BB84 states.
- Client has the capability to perform universal quantum computation.
Requirements
No content has been added to this section, yet!
Notation
- $P_{y}$: The point function to be copy-protected in Protocol 1.
- $P_{y}$ is completely specified by a string of $n$ bits, $y$.
$$
P_{y}(x) =
\\\begin{cases}
1 & \\\text{if } x = y \\\\\\\\\
0 & \\\text{otherwise}
\\\end{cases}
$$ - $n$: Size of input string $x$
- $\\\lambda$: Security parameter
- $G: \\\{0,1\\\}^n \\\rightarrow \\\{0,1\\\}^{m(\\\lambda)}$ (Hash function)
- $H: \\\{0,1\\\}^{m(\\\lambda)} \\\rightarrow \\\{0,1\\\}^{\\\lambda}$ (Hash function)
- $|x^{\\\theta}\\\rangle = H^{\\\theta} |x\\\rangle = H^{\\\theta_1} \\\otimes \\\cdots \\\otimes H^{\\\theta_{\\\lambda}} |x\\\rangle,$ where $\\\theta$ is a $\\\lambda$-bit string $\\\theta_1, \\\ldots, \\\theta_{\\\lambda}$.
Properties
- The protocol has provable non-trivial security in the quantum random oracle model. Informally, a query bounded adversary fails at pirating with at least some constant probability.
- The Client should be able to perform universal quantum computation in order to compute the hash function $H$.
- The protected programs obtained in both protocols allow polynomially-many evaluations (as we evaluate the copy-protected programs reversibly).
- The protocol also satisfies the primitive of Virtual Black Box Obfuscation.
Technical Description
PF-Protect($\\\lambda, y$)
Inputs: $\\\lambda$ – security parameter; $y$ – description of point function $P_y$.- Set $\\\theta = G(y)$;
- Sample $v \\\leftarrow {0,1}^{m(\\\lambda)}$ uniformly at random;
- Let $z = H(v)$;
- Output $(|v^{\\\theta}\\\rangle, z)$.
PF-Eval($\\\lambda, (\\\rho, z), x$)
Inputs: $\\\lambda$ – security parameter; $(\\\rho, z)$ – Alleged copy-protected program; $x$ – Input on which the program is to be evaluated.- Set $\\\theta\’ = G(x)$;
- Apply the Hadamard operator $H^{\\\theta\’}$ to $\\\rho$;
- Append $n+1$ ancillary qubits to $\\\rho$, all in state $|0\\\rangle$;
- Compute the hash function $H$ onto the first $n$ ancillary qubits with $\\\rho$ as input;
- Coherently measure whether the first $n$ ancilla qubits are in state $|z\\\rangle$, recording the result in the last ancilla qubit;
- Uncompute the hash function $H$ and undo the Hadamards $H^{\\\theta\’}$;
- Measure the last ancilla qubit to obtain a bit $b$ as output.
Experimental Implementations
No content has been added to this section, yet!
Further Information
For the security proof and extension of the protocol to other functionalities, refer to the paper by Coladangelo et al. (2020) [1].
References
- Coladangelo, Andrea, Christian Majenz, and Alexander Poremba. “Quantum copy-protection of compute-and-compare programs in the quantum random oracle model.” Quantum 8 (2024): 1330.