Quantum metrology with delegated tasks

A quantum metrology scheme can be decomposed into three quantum tasks: state preparation, parameter encoding, and measurements. Consequently, it is imperative to have access to the technologies which can execute the aforementioned tasks to fully implement a quantum metrology scheme. In the absence of one or more of these technologies, one can proceed by delegating the tasks to a third party. However, doing so has security ramifications: the third party can bias the result or leak information. In this paper, we outline different scenarios where one or more tasks are delegated to an untrusted (and possibly malicious) third party. In each scenario, we outline cryptographic protocols which can be used to circumvent malicious activity. Further, we link the effectiveness of the quantum metrology scheme to the soundness of the cryptographic protocols.

Figure 1

The different delegated quantum metrology scenarios we address in this paper. A quantum metrology problem can be decomposed into three (quantum) tasks: state preparation, parameter encoding, and measurements. As a whole, this is technologically demanding and it may be necessary to delegate one or more of these tasks to a third party. In this paper we explore four different scenarios, each motivated through the necessity to delegate a task to a third party due to the lack of specific hardware. A red rectangle with an x mark indicates that the task is delegated to a third party, as opposed to a green rectangle with a check mark which indicates that the task is not delegated. In scenario 1, state preparation is delegated and we use verification protocols [22, 23] to achieve a sense of security. In scenario 2, the measurements are delegated and we devise an authentication based protocol to achieve a sense of security. In scenario 3, both state preparation and measurements are delegated, and we discuss the criteria for when both of the aforementioned protocols can be used in tandem to achieve a sense of security. Finally, in scenario 4, the parameter encoding is delegated, and we discuss the impossibility of constructing a computationally secure protocol.

Figure 2

Before sending a quantum state to Eve to be measured, Alice can attain a sense of security by employing our protocol. In summary, Alice prepares a quantum state, ${\rho }_{\text{in}}$, which is a combination of the qubits intended from quantum metrology as well as ancillary flag qubits. Alice then encrypts the quantum state by performing a permutation $\pi$ and a Clifford operation $C$. The measurement result $x$ returned by Eve is, without loss of generality, completely arbitrary. But for all intents and purposes we write that it stems from the measurement statistics as if Eve performed the requested measurement $\mathcal{M}$ after performing an arbitrary attack $\mathrm{\Gamma }$. Alice will perform postprocessing on $x$ to correctly interpret the result, i.e., decrypt the result by inverting the Clifford operation undoing the permutation. Alice accepts the result if the measurement result of the ancillary flag qubits corresponds to the expected result.

Figure 3

Ideally, Eve provides Alice the quantum state ${\rho }^{\otimes N}$, but in principle Eve can send Alice any $Nn$ qubit state ${\rho }^{\prime }$. Upon receipt, Alice encodes the unknown parameter of the quantum metrology problem in the $l\mathrm{th}$ block of $n$ qubits with $U^{\left(l\right)}$ and then encrypts the total quantum state with a Clifford $C$. All nonencoded blocks of qubits are then subjected to the verification protocol presented in [24], where Alice requests Eve for them to be measured with respect to the basis of an arbitrary (now encrypted) stabilizer of $\rho$. Again, without loss of generality, the measurement results $\vec{x}=x_1,...,x_N$ returned by Eve can be interpreted as if Eve performed an attack $\mathrm{\Gamma }$ before performing the requested measurement $\mathcal{M}$. Alice accepts the measurement result if (after postprocessing) the measurement result of the nonencoded blocks each results in a $+1$ eigenvalue with respect to their respective stabilizer measurement.