1 Introduction
Private set intersection (PSI) is a problem within the field of secure computation. In twoparty PSI, Alice and Bob each hold a set of items, i.e., and , respectively. The goal is to design a protocol by which Alice and Bob obtain the intersection , under the privacy restriction that anything about items that are not in the intersection must not be revealed. I.e., if then Alice learns nothing about it.
PSI is an important problem with implications in many areas. For example, in remote diagnostics [1]
, a vectorized patient’s (client) electronic health record gets a status (sick or not sick with a certain disease) from a medical diagnostic program. While the client learns about her sickness, the program remains secret and the program owner (server) does not learn anything about the client’s data. Another example is
private record linkage [2], where two data owners hold different types of information for the same customer. In order to make data mining possible, the two records must be linked together and shared without giving away any other private data stored. In private contact discovery, a user (client) wants to find out who of its private contacts also have a certain communication app (server) [3]. InDNA testing and pattern matching
[4], the user gets its DNA sequenced and wants to find out about sequences linked to genetic diseases which are stored on a database (server).In this work, we consider the case of twoparty PSI in the honestbutcurious setting. I.e., Alice and Bob fairly cooperate to obtain , but they would love to know the other party’s full set. We assume that Alice and Bob agree to use the service of an untrusted third party. In this setting, also known as serveraided PSI, Alice and Bob interact with an additional party, called Steve, under the following privacy restriction: Steve should not learn information about the items of Alice and Bob (Figure 1). We also assume neither Alice nor Bob collude with Steve to break the other party’s privacy.
We use delegated blind quantum computing, in the multiparty version introduced by Kashefi and Pappa [5], to solve the serveraided PSI problem. More precisely, we give a protocol that allows Alice and Bob (who do not have any quantum computational resources or quantum memory) to interact with Steve (who has a quantum computer) in order for Alice and Bob to obtain such that privacy is preserved. In particular, Steve learns nothing about Alice’s and Bob’s input, output, or desired computation. Because of blind quantum computing, the privacy is perfect, includes the computation (which is hidden from Steve), does not rely on any computational assumptions, and holds no matter what actions a cheating Steve undertakes.
Alice and Bob only need to prepare single qubits and send them to Steve, who creates an entangled state from all received quantum states. After this initial preparation (where all the quantum communication takes place), Alice and Bob drive the computation, using twoway classical communication to send singlequbit measurement instructions to Steve, depending on previous measurement outcomes. The protocol is characterized by a quantum communication complexity that is
, i.e., linear in the input size.1.1 Related Work
An almost complete survey of classical PSI protocols in the honestbutcurious setting can be found in the recent paper by Falk, Noble and Ostrovsky [6]. In that work, the authors propose a protocol requiring only communication between the parties, where is a security parameter. So far, this is the best classical solution to the PSI problem in the honestbutcurious setting.
Effective protocols for solving the serveraided PSI problem were proposed by Kamara et al. [7]. The central idea is to add redundancy to the data sent by Alice and Bob to Steve. Such data are shuffled so that the untrusted server, once executed the set intersection algorithm, cannot easily omit specific items, as the related redundancy is hard to locate. However, there is a case that is not addressed by these protocols: Steve can omit all values from the intersection and simply give back an empty list to Alice and Bob.
Recently, Le et al. [8] proposed a different approach for solving the above cheating potential by Steve without the need of redundancy. The proposed protocols force Steve to prove to Alice and Bob that . In the proof, Alice and Bob have to perform a task whose cost is . Moreover, the proposed protocols allow Alice and Bob to compute some arbitrary function over the intersection.
1.2 Outline of the Protocol
A Bloom filter is a data structure that provides spaceefficient storage of sets at the cost of a probability of false positives on membership queries
[14, 15]. As illustrated in Fig. 2, for each item we set to 1 the bits of the Bloom filter that correspond to the results of hash functions computed on the items. The optimal number of hash functions depends on the size of the Bloom filter and on the maximum number of items that have to be stored. More precisely, .In the proposed protocol, Alice and Bob agree on a Bloom filter of size , with sufficiently large to make the probability of false positives negligible. Then, Alice and Bob insert their items in their own Bloom filter instances, respectively and . Moreover, Alice stores , for all , in a dictionary . Similarly, Bob stores , for all , in a dictionary . The PSI problem reduces to privately computing the bitwise AND of the two Bloom filters.^{2}^{2}2It is worth noting that the bit Bloom filters allow Alice and Bob to have input sets with a different number of items, provided that such a number is less than or equal to .
Therefore, using a multiparty delegated quantum computing protocol, Alice and Bob drive Steve into performing a blind quantum computation whose quantum result, which is returned from Steve to Alice and Bob, encodes the classical result AND. By decrypting the quantum result, Alice and Bob can easily find by means of their dictionaries.
If Steve follows the protocol, the output is correct. If Steve is dishonest and deviates from the protocol, anyway he does not learn anything about the inputs of the clients (security property) and the computation he is performing (blindness property).
2 Preliminaries
2.1 MeasurementBased Quantum Computing (MBQC)
In the MBQC model [16, 17], a computation is described by a set of measurement angles on an entangled state. A circuit description of the MBQC model is provided in Fig. 3. The computation is done in layers, following what is called a measurement pattern, which is defined by a finite set of qubits , a subset of input qubits , a subset of output qubits and a sequence of measurements acting on qubits (with ). The outcome of the measurement done at qubit is denoted as . Dependent corrections, used to control nondeterminism, are written as and .
The qubits in the set can be considered as nodes of the underlying undirected graph of the entangled state. The tuple defines an open graph state, which is prepared by a quantum gate that we denote as . In this gate, there are an dependencies and these affect the future measurements. Their placement is dictated by the flow of the graph , which is a map , and by a partial order over the nodes of the graph such that for all :

,

,

for all , we also have .
Each qubit is dependent on qubit and dependent on qubits for which belongs to the set of neighbors of in , which is denoted as . An open graph state with flow is illustrated in Fig. 4.
2.2 Delegated Blind Quantum Computing
Childs [19] proposed the first delegated blind quantum computing protocol, with one client and one server, which was quite demanding in terms of quantum resources. In particular, the client was required to control a quantum memory and perform SWAP gates. Later, Arrighi and Salvail [20] introduced a scheme with mechanisms for both verification and blindness for a limited range of functions.
The Universal Blind Quantum Computation (UBQC) scheme by Broadbent, Fitzsimons and E. Kashefi [21]
requires the client and the server to exchange only one quantum message, while the rest of the communication is classical. The quantum message sent by the client to the server consists of a tensor product of singlequbit states. Thus, the only quantum capability the client needs is the ability to prepare singlequbit states.
The UBQC protocol is described in terms of the MBQC framework. More precisely, UBQC can be considered as the distributed version of an MBQC computation. In this context, any quantum computation (represented by a unitary operator ) is given as a measurement pattern on a brickwork state, which is an entangled state of qubits.
In the preparation phase, the client prepares quantum states and sends them to the server, which entangles them for creating the brickwork state. Note that this process unavoidably reveals upper bounds on the length of the input and depth of the computation. However, due to universality of the brickwork state, it does not reveal any additional information on the client’s computation.
The client has in mind a unitary operator that is implemented with a measurement pattern on the brickwork state. This pattern could have been designed either directly in MBQC or from a circuit construction. Note that it is assumed that the client’s input to the computation is built into . In other words, the client wishes to compute . In the computation phase, the client transmits (classical) measurement instructions to the server. The classical outcomes of the measurements are communicated by the server to the client, whose choice of the angles in future rounds will depend on these values. The protocol is blind as the client’s quantum states and classical messages are astutely chosen so that, no matter what the server does, it cannot infer anything about the client’s measurement pattern. At the end, the server returns the final qubits to the client.
To further extend the idea of computing over encrypted data, a multiparty delegated quantum computation protocol in the MBQC framework was proposed by Kashefi and Pappa [5]
. Also this protocol consists of a preparation phase where all the quantum communication takes place, followed by a computation phase where the communication is purely classical. During the first stage, each client onetime pads its quantum input and sends it to the server. In this way, the private data of the clients remain secret during the protocol. At the end of this stage, the server entangles the received quantum states in order to produce the brickwork state (Fig.
5). In the second stage, the clients need to securely communicate between them and with the server, in order to jointly compute the measurement angles of the qubits in the different layers of computation. This procedure is purely classical, and based on a Verifiable Secret Sharing (VSS) scheme [23] and a computation oracle [24, 25, 26]. The resulting measurement pattern does not reveal the corresponding unitary operator to the server. At the end of the MBQC process, each client receives its quantum output, consisting of qubits that are naturally encrypted due to the randomness from previous measurements that propagated during the computation. The decryption of the quantum output is based on the classical secret shares of all clients.3 Main Protocol
From now on, we denote Alice and Bob (the two clients) as and . We want that the private data of each client (i.e., its quantum input and output) remains secret during the protocol. Moreover, we want that the measured angles are not known to the server (i.e., Steve), but are secretshared with the clients (using a VSS scheme). The quantum input provided by the two clients contributes to the preparation of the quantum state at the server. The measurement angles for qubits are denoted as .
3.1 Preparation Phase
The quantum state at the server is prepared as follows. For (such that qubits of the server are affected):

The client that owns the th qubit applies to its qubit (i.e., performs a onetime padding) and sends the quantum state to the server. The values and are randomly picked, and secretshared with the other client.

The other client runs Protocol 1 with the server. If the client passes the test, the server at the end has the state , where identifies the client.

The server runs Protocol 2 and announces the outcome .
At this point the server has the state
(1) 
where
(2) 
Then, for (such that qubits of the server are affected):

Both clients run Protocol 1 with the server. If the test is passed by both clients, the server at the end has two states , where identifies the client.

The server runs Protocol 3 getting the outcome , and ends up with the state , where
(3)
At this point, for , the server prepares states (such that qubits of the server are affected). Finally, the server entangles all the qubits to a brickwork state by applying gates.
3.2 Computation Phase
In this phase, the clients drive the measurement process at the server. We remark that, in the following description, denotes the sum of the values , where is each node of the graph (representing the entangled state) that has an dependency with node . Similarly, denotes the sum of the values , where is each node that has a dependency with node .
For (the nonoutput qubits of the server):

Both clients choose random , which they secretshare with each other. Then, with the help of a computation oracle, they compute the measurement angle of qubit :
(4) where undefined values are equal to zero, or otherwise:


is the “plain” measurement angle for the th qubit in the brickwork state,

,

,

, for ,

.


The server receives and measures qubit in the basis, getting as result, which is then announced by the server to the clients.
Then, for (the last qubits at the server), the server sends the quantum state to the corresponding client, which applies to retrieve the actual quantum output.
A straightforward way to implement the bitwise AND function between the inputs of the clients is to implement parallel Toffoli gates in the brickwork state.^{3}^{3}3For each Toffoli gate, there are two input qubit states and one ancilla state that must be provided by one of the clients. However, the encrypted quantum output of each Toffoli gate cannot be produced in two copies (one for each client), because of the nocloning theorem. To solve this issue, half of the quantum output is sent to , the other half to . Therefore, further secure classical interaction between the clients is needed, so that they both end up with AND.
4 Analysis of the Protocol
4.1 Communication Complexity
To implement parallel Toffoli gates in the brickwork state, using the strategy proposed by Chien et al. [22] we end up with layers, each layer having qubits. The total number of transmitted qubits is then . For each transmitted quantum state, there is an overhead due to Protocols 1, 2 and 3, that can be expressed as a constant factor. We may conclude that, in general, the quantum communication complexity of the protocol is .
4.2 Correctness, Security and Blindness
The correctness of the proposed protocol comes from the correctness of the individual circuits implementing Protocols 2 and 3. A detailed proof can be derived from the proof of Theorem 1 in [5], asserting the correctness of the general MBQCbased multiparty delegated quantum computation protocol.
The security property of the protocol derives from the fact that the clients never share their sets with each other. The proposed protocol is also secure against a malicious server. This is true in general for the MBQCbased multiparty delegated quantum computation protocol [5]. The proof is based on the fact that the protocol emulates an ideal multiparty delegated quantum computation resource that does not give the server any access to the clients’ input.
At the same time, the protocol has the blindness property, meaning that the server does not know what computation it is doing, provided that the measurement angles remain hidden from the server.
5 Leveraging the Quantum Internet
In the proposed protocol, Alice and Bob send qubits to Steve in the preparation phase, while Steve sends qubits to Alice and Bob at the end of the computation phase. In order to move qubits between any two parties over long distances, quantum state teleportation is preferred to quantum communication, whose fidelity decreases exponentially with the channel length, due to loss [27]. Quantum teleportation requires endtoend entanglement generation, i.e., probably the most important generalpurpose service in the future Quantum Internet [28, 29, 30, 31, 32, 33]. In Figure 6, an example of quantum network stack architecture, inspired by the TCP/IP one, is presented [34, 35].
6 Conclusion and Future Work
In this work we have proposed a protocol that solves the serveraided PSI problem using delegated blind quantum computing. The protocol is correct, secure and blind against a malicious server. Moreover, it is characterized by a quantum communication complexity that is linear in the input size.
Regarding future work, we plan to study alternative approaches to the implementation of the bitwise AND function at the server. Moreover, we are interested in exploring different strategies with respect to the Bloom filter’s one we have adopted in this work, to efficiently map the clients’ input to the server. An interesting future direction is investigating the possibility to implement a variant of the proposed protocol where clients are fully classical. In a recent work, Aaronson, Cojocaru, Gheorghiu and Kashefi [18] suggested that there is no scheme for blind quantum computing that is informationtheoretically secure and that requires only classical communication between client and server. On the other hand, there are interesting proposals for fullyclassical client protocols that achieve more restricted levels of security [36, 37, 38].
Acknowledgements
The author would like to thank Anna Pappa for helpful discussions on the MBQCbased multiparty delegated quantum computation protocol.
References
 [1] J. Brickell, D. E. Porter, V. Shmatikov, E. Witchel, PrivacyPreserving Remote Diagnostics, Proc. of the 14th ACM conference on Computer and Communications Security (2007)
 [2] X. He, A. Machanavajjhala, C. Flynn, D. Srivastava, Composing Differential Privacy and Secure Computation: A case study on scaling private record linkage, Proc. of the 24th ACM conference on Computer and Communications Security (2017)
 [3] D. Demmler, P. Rindal, M. Rosulek, N. Trieu, PIRPSI: Scaling Private Contact Discovery, Proc. on Privacy Enhancing Technologies, vol. 2018, no. 4 (2018)
 [4] A. Yanai, Private Set Intersection, https://decentralizedthoughts.github.io/20200329privatesetintersectionasoftintroduction/ (2020)
 [5] E. Kashefi, A. Pappa, Multiparty Delegated Quantum Computing, Cryptography, vol. 1, no. 12 (2017)
 [6] B. Hemenway Falk, D. Noble, R. Ostrovsky, Private Set Intersection with Linear Communication from General Assumptions, Proc. of the 18th ACM Workshop on Privacy in the Electronic Society (2019)
 [7] S. Kamara, P. Mohassel, M. Raykova, S. Sadeghian, Scaling Private Set Intersection to BillionElement Sets, Proc. of the International Conference on Financial Cryptography and Data Security (2014)
 [8] P. H. Le, S. Ranellucci, S. Dov Gordon, Twoparty Private Set Intersection with an Untrusted Third Party, Proc. of the 2019 ACM SIGSAC Conference on Computer and Communications (2019)
 [9] X. Cheng, R. Guo, Y. Chen, Cryptanalysis and improvement of a quantum private set intersection protocol, Quantum Information Processing, vol. 16, no. 37 (2017)
 [10] B. Liu, M. Zhang, R. Shi, Quantum Secure Multiparty Private Set Intersection Cardinality, International Journal of Theoretical Physics vol. 59, pp. 1992–2007 (2020)
 [11] A. Maitra, Quantum secure twoparty computation for set intersection with rational players, Quantum Information Processing, vol. 17, no. 197 (2018)

[12]
T. Salman and Y. Baram,
Quantum Set Intersection and its Application to Associative Memory
, Journal of Machine Learning Research 13 (2012)
 [13] R. Shi, Y. Mu, H. Zhong, J. Cui, S. Zhang, An efficient quantum scheme for Private Set Intersection, Quantum Information Processing, vol. 15, no. 1 (2016)
 [14] A. Broder, M. Mitzenmacher, Network applications of Bloom filters: A survey, Internet Math., vol. 1, no. 4, pp. 485–509 (2004)
 [15] M. Amoretti, O. Alphand, G. Ferrari, F. Rousseau and A. Duda, DINAS: A Lightweight and Efficient Distributed Naming Service for AllIP Wireless Sensor Networks, IEEE Internet of Things Journal, vol. 4, no. 3, pp. 670684 (2017)
 [16] R. Raussendorf, H. Briegel, A oneway quantum computer, Phys. Rev. Lett., vol. 86, pp. 5188–5191 (2001)
 [17] R. Raussendorf, D. Browne, H. Briegel, Measurementbased quantum computation with cluster states, Phys. Rev. A, vol. 68, pp. 022312 (2003)
 [18] S. Aaronson, A. Cojocaru, A. Gheorghiu, E. Kashefi, Complexitytheoretic limitations on blind delegated quantum computation, Proc. of the 46th International Colloquium on Automata, Languages, and Programming (2019)
 [19] A. Childs, Secure Assisted Quantum Computation, Quantum Information & Computation, vol. 5, no. 6, pp. 456–466 (2005)
 [20] P. Arrighi, L. Salvail, Blind Quantum Computation, International Journal of Quantum Information, vol. 4, no. 5, pp. 883–898 (2006)
 [21] A. Broadbent, J. Fitzsimons, E. Kashefi, Universal Blind Quantum Computation, Proc. of the 50th Annual Symposium on Foundations of Computer Science (2009)
 [22] C.H. Chien, E. van Meter, S.Y. Kuo, FaultTolerant Operations for Universal Blind Quantum Computation ACM Journal on Emerging Technologies in Computing Systems, vol. 12, no. 1, 2015.
 [23] B. Chor, S. Goldwasser, S. Micali, B. Awerbuch, Verifiable secret sharing and achieving simultaneity in the presence of faults, 26th Annual Symposium on Foundations of Computer Science, pp. 383395 (1985)
 [24] R. Canetti, Universally composable security: a new paradigm for cryptographic protocols, Proc. of the 42nd IEEE Symposium on Foundations of Computer Science (2001)
 [25] Y. Ishai, M. Prabhakaran, A. Sahai, Founding Cryptography on Oblivious Transfer – Efficiently Proc. of CRYPTO (2008)
 [26] D. Unruh, Universally Composable Quantum Multiparty Computation, Proc. of EUROCRYPT (2010)
 [27] P. P. Rohde, The Quantum Internet, Cambridge University Press (2021)
 [28] S. Wehner, D. Elkouss, R. Hanson, Quantum Internet: a Vision for the road ahead, Science, 362, 6412 (2018)
 [29] A. S. Cacciapuoti, M. Caleffi, F. Tafuri, F. S. Cataliotti, S. Gherardini and G. Bianchi, Quantum Internet: Networking Challenges in Distributed Quantum Computing, IEEE Network, vol. 34, no. 1, pp. 137143 (2020)
 [30] H. V. Nguyen, Z. Babar, D. Alanis, P. Botsinis, D. Chandra, M. A. Mohd Izhar, S. X. Ng and L. Hanzo, Towards the Quantum Internet: Generalised Quantum Network Coding for LargeScale Quantum Communication Networks, IEEE Access, vol. 5, pp. 1728817308 (2017)
 [31] M. Amoretti and S. Carretta, Entanglement verification in quantum networks with tampered nodes, IEEE Journal on Selected Areas in Communications, vol. 38, no. 3, pp. 598604 (2020)
 [32] R. Van Meter and S. J. Devitt, The Path to Scalable Distributed Quantum Computing, Computer, vol. 49, no. 9, pp. 3142 (2016)
 [33] D. Ferrari, A. S. Cacciapuoti, M. Amoretti and M. Caleffi, Compiler Design for Distributed Quantum Computing, IEEE Transactions on Quantum Engineering, vol. 2, pp. 120, art no. 4100720 (2021)
 [34] A. Dahlberg, M. Skrypczyk, T. Coopmans, L. Wubben, F. Rozpedek, M. Pompili, A. Stolk, P. Pawelczak, R. Knegjens, J. de Oliveira Filho, R. Hanson, S. Wehner, A link layer protocol for quantum networks, Proc. of ACM SIGCOMM, pp.159173 (2019)
 [35] M. Pompili, C. Delle Donne, I. te Raa, B. van der Vecht, M. Skrypczyk, G. Ferreira, L. de Kluijver, A. J. Stolk, S. L. N. Hermans, P. Pawelczak, W. Kozlowski, R. Hanson, S. Wehner, Experimental demonstration of entanglement delivery using a quantum network stack, arXiv:2111.11332 (2021)
 [36] A. Mantri, T. F. Demarie, N. C. Menicucci, J. F. Fitzsimons, Flow Ambiguity: A Path Towards Classically Driven Blind Quantum Computation, Physical Review X, vol. 7, no. 3, pp. 031004 (2017)
 [37] U. Mahadev, Classical Verification of Quantum Computations, Proc. of IEEE FOCS, pp.259267 (2018)
 [38] A. Cojocaru, L. Colisson, E. Kashefi and P. Wallden, On the Possibility of Classical Client Blind Quantum Computing, Cryptography, vol. 5, no. 1, art no. 3 (2021)
Comments
There are no comments yet.