The significant advantage of the quantum homomorphic encryption scheme is to ensure the perfect security of quantum private data. In this paper, a novel secure multiparty quantum homomorphic encryption scheme is proposed, which can complete arbitrary quantum computation on the private data of multiple clients without decryption by an almost dishonest server. Firstly, each client obtains a secure encryption key through the measurement device independent quantum key distribution protocol and encrypts the private data by using the encryption operator and key. Secondly, with the help of the almost dishonest server, the non-maximally entangled states are pre-shared between the client and the server to correct errors in the homomorphic evaluation of

Classical homomorphic encryption (HE) is focused on the related notion of homomorphism in the field of abstract algebra. Its central idea is to take advantage of homomorphism as a preserving function to ensure the security of private data. Under this premise, the operations on the ciphertext are outsourced to a server with powerful computing capabilities. The idea of homomorphic encryption first emerged in 1978 when the professional term was called privacy homomorphism that was proposed by Rivest et al. [

The development and progress of quantum computers provide access to accelerate the calculation based on the properties of quantum mechanics. The application of quantum computation in quantum communication network [

At the same time, the functionality and application scenarios of the QHE scheme have also been extensively studied. In 2017, Alagic et al. [

At present, the existing schemes [

We will give the symbols and concepts that are essential for the construction of the scheme. For a more detailed introduction to quantum computation, refer to Nielsen et al. [

Our work will employ the universal quantum circuit model, denoted as

The entanglement appearance between quantum states is a property of the quantum composite system described in quantum mechanics. Bell state, as the representative of the two-qubit entangled state, is in the maximally entangled state, also known as the EPR (Einstein-Podolsky-Rosen) pair. It consists of four entangled states as follows,

We define

A density matrix

This property is allowed to construct a quantum one-time pad (QOTP) and qubits are encrypted in a quantum cryptography scheme. The Pauli key used only once will be randomly generated. Only with the correct key can the quantum ciphertext be decrypted to obtain valid information. So, even if an attacker intercepts the complete quantum ciphertext, it is meaningless to ensure the security of privacy information.

Quantum homomorphic encryption refers to that the client encrypts the quantum state and sends it to the server. After the server is delegated to perform quantum evaluation operations on the quantum ciphertext, the calculation result is returned to the client for decryption. And the intended result of the quantum evaluation operations on the original quantum state is finally obtained. The concepts introduced in this section include QHE, correctness, compactness, and QFHE. For a more in-depth understanding of the above definitions, refer to Broadbent et al. [

(i)

(ii)

(iii)

(iv)

In this section, we first introduce the probabilistic QHE scheme that uses the non-maximally entangled state to accomplish

As a non-Clifford gate,

At first, the client prepares a quantum state

Similarly, if

Then the first and third particles in the

Without loss of generality, we take the

At last, the auxiliary particle

In this subsection, we propose a secure MQHE scheme, which allows multiple clients to complete the evaluation of the universal quantum circuit on encrypted private data in parallel with the assistance of the almost dishonest server. In particular, the quantum circuit includes Clifford gates and a finite number of non-Clifford gates. The almost dishonest server in our scheme is the one with great computing capability, which will loyally perform quantum computations. It will not cooperate with clients to launch a collusion attack but will take the initiative to steal clients’ private data. At the same time, a trusted key center is introduced and responsible for the execution of the key generation algorithm, and updating the encryption key to obtain the decryption key.

Next, we will specifically describe our MQHE scheme. Assume that there are

The complete process of our scheme is illustrated by step as follows.

(a) If

(b) If

(c) If

(d) If

(e) If

In the end,

Through the description of the above scheme, we propose a novel MQHE scheme, which enables any number of clients to request homomorphic quantum computations from the almost dishonest but computationally capable server in parallel. The server implements homomorphic evaluation of the universal quantum circuit including a limited number of

This section will discuss the security of our MQHE scheme in different aspects, mainly from the outside attack and inside attack. An outside attack means that an external eavesdropper attempts to grab the private data. An inside attack means that an attack initiated by the client, server, and key center.

On the one hand, this scheme uses the MDI-QKD protocol to ensure the security of the key for possible security loopholes when the server performs measurement during the key distribution process. On the other hand, the QOTP technology is utilized to encrypt private data, thereby minimizing the risk of data leakage to guarantee the security of private data. According to the four stages of the QHE scheme, we specifically analyze and prove that our scheme can resist outside attacks.

Initially, the security of the key generation stage is analyzed. In our scheme, the distribution of quantum keys adopts the MDI-QKD protocol. It can resist the attack of the external eavesdropper Eve that has been rigorously proved in [

Then, in the encryption stage, each client has only access to their original private data and uses the secure key as the Pauli key to encrypt the private data in combination with the QOTP method. It is an asymmetric encryption method that uses random keys makes the encrypted quantum ciphertext in a totally mixed state. The effective information cannot be obtained by Eve without the correct key so that the security of private data is guaranteed in the transmission process. Now, we prove the aforesaid conclusion.

It can be seen that the quantum plaintext is mapped to the same output density matrix

Finally, in the decryption stage, the trusted key center renews the decryption key according to the secure encryption key obtained in S1, the quantum gate used in the quantum circuit in S2, and the key update rule given in S4. The decryption key is sent to

Through the discussion in this section, our MQHE scheme can securely against outside attacks, thereby protecting any information about private data and keys from being leaked.

Clients, servers, and trusted key centers are the main participants in the scheme. If an inside attack is launched, it may pose a serious security threat to the cryptographic scheme. Without loss of generality, suppose there exists a dishonest client

As an almost dishonest third-party server, there is data exchange with the client, and it can faithfully complete the homomorphic evaluation of the universal quantum circuit without colluding with the malicious client. Unfortunately, the server will evade eavesdropping detection and try to grab the private data. In our scheme, both the encrypted data and the evaluated data are in a completely mixed state and have information-theoretic security. If the server eavesdrops on the quantum channel in the transmission, it will be treated as an outside attacker and unable to extract meaningful information by the means of the outside attack. In QOTP, all keys are randomized and used only once. The security of the key distribution is guaranteed by the MDI-QKD protocol. The replication and retransmission of the quantum state by a malicious server will introduce errors with a certain probability and may be monitored in the post-processing step of the key. In other words, the server cannot infer the value of the key.

The trusted key center, Charlie, introduced in our scheme, is responsible for cooperating with each client to realize the secure distribution of the encryption key, and updating the correct decryption key depending on the quantum circuit and key update rules. Charlie will honestly abide by the requirements of the MQHE scheme, and will not disclose the encryption and decryption keys to anyone other than

In summary, it is demonstrated that the proposed MQHE scheme is good at security in terms of private data and keys, and has outstanding performance in resisting outside and inside attacks.

This paper presents a secure MQHE scheme. On the one hand, the non-maximally entangled state is used to tackle the computational issues of