Efficient Quantum Fully Homomorphic Encryption

Abstract

Quantum fully homomorphic encryption (QFHE) enables arbitrary quantum computations on encrypted data, but prior constructions require prohibitive quantum resources--specifically, O(lambda2) EPR pairs per T-gate evaluation using the Barrington-based approach (DSS16). This paper introduces a unified framework achieving exponential improvement over the generic Barrington-based approach in program length. The central innovation is a novel modular arithmetic program (MA-Program) tailored to learning with errors (LWE) decryption. We show that LWE decryption computes the inner product <sk,ct> mod q, a modular inner product that is NOT a symmetric function. Thus, prior symmetric-function optimizations (Sinha's O(n)-state branching programs) do not apply. Our MA-Program tracks partial sums modulus q with state space Zq requiring O(log q) bits, yielding programs of state count O(lambda) with binary encoding O(log lambda) and length O(lambda log lambda). This reduces the quantum gadget size from O(lambda2) to O(lambda log2 lambda) EPR pairs. To achieve a fully classical client, we transfer all quantum resources (EPR preparation, Bell measurements, adaptive error correction) to the server via the MA-Program gadget framework. Clients only perform classical LWE key generation, Pauli key encryption under classical FHE, and no quantum operations; a layered key structure further eliminates circular security assumptions. For parallel computation, we adopt the MBQC framework with flow functions, supporting up to O(log lambda) parallel measurements per layer. This separates offline resource preparation from online adaptive measurement, enabling parallel processing while maintaining deterministic evaluation.