pith. sign in

arxiv: 2604.19256 · v1 · submitted 2026-04-21 · 🪐 quant-ph

Quantum Homomorphic Encryption: Towards Practical and Private Computation on Untrusted Quantum Hardware

Jon Hern\'andez-Bueno , Oscar Lage , Marivi Higuero , Jasone Astorga This is my paper

Pith reviewed 2026-05-10 02:44 UTC · model grok-4.3

classification 🪐 quant-ph
keywords quantum homomorphic encryptionquantum one-time padClifford+T gate setinformation-theoretic securitydelegated quantum computationvariational quantum algorithmsprivacy-preserving quantum computation
0
0 comments X

The pith

Quantum one-time pad encryption enables non-interactive homomorphic evaluation of Clifford+T circuits while preserving information-theoretic security.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper constructs a quantum homomorphic encryption protocol called QOTPH by extending the quantum one-time pad with explicit decompositions for each gate and rules that update the encryption keys after each operation. This lets a server apply operations directly to the encrypted quantum state without learning the underlying data or needing further messages from the client. The method covers the full Clifford+T gate set plus controlled and parameterized gates used in variational algorithms. Experiments on simulators and actual quantum processors confirm that decrypted outputs match the expected results and that the secret keys stay hidden even under device noise.

Core claim

By exploiting the transformation properties of quantum gates under Pauli conjugation, the framework supplies a complete set of homomorphic implementations for Clifford and T gates together with controlled and parameterized operations, allowing any circuit in this family to be evaluated on an encrypted state with only a final classical key correction performed by the client.

What carries the argument

The systematic collection of homomorphic gate decompositions and classical key-update rules derived from how each gate conjugates the Pauli operators that encrypt the state.

Load-bearing premise

The effect of every gate in the supported set on the encrypted state can be reproduced by a modified operation whose difference is exactly compensated by a classical update to the pad keys.

What would settle it

Apply the homomorphic version of a T gate to a known encrypted input state, decrypt the output using the updated keys, and observe whether the result matches the direct application of T to the original state; systematic mismatch on multiple trials would falsify the claim.

Figures

Figures reproduced from arXiv: 2604.19256 by Jasone Astorga, Jon Hern\'andez-Bueno, Marivi Higuero, Oscar Lage.

Figure 1
Figure 1. Figure 1: Algorithm 1 workflow [PITH_FULL_IMAGE:figures/full_fig_p009_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Algorithm 2 workflow. The Figures 1,2 include example quantum circuits to help understand how the complete Algorithms 1 and2 work, detailing each step, how the circuits are built, and where they are applied. The representation itself includes colors to facilitate the understanding of the different elements of the quantum circuit. 9 [PITH_FULL_IMAGE:figures/full_fig_p009_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: Fidelity of the results obtained for Algorithm [PITH_FULL_IMAGE:figures/full_fig_p010_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: Visual comparison of a standard quantum circuit [PITH_FULL_IMAGE:figures/full_fig_p011_4.png] view at source ↗
Figure 5
Figure 5. Figure 5: Fidelity of the results obtained for Algorithm [PITH_FULL_IMAGE:figures/full_fig_p011_5.png] view at source ↗
Figure 7
Figure 7. Figure 7: Visual comparison of a standard quantum circuit, [PITH_FULL_IMAGE:figures/full_fig_p012_7.png] view at source ↗
Figure 6
Figure 6. Figure 6: Visual comparison of a standard quantum circuit, [PITH_FULL_IMAGE:figures/full_fig_p012_6.png] view at source ↗
Figure 9
Figure 9. Figure 9: Average output fidelity versus number of qubits for [PITH_FULL_IMAGE:figures/full_fig_p013_9.png] view at source ↗
Figure 8
Figure 8. Figure 8: Fidelity between two equivalent quantum circuits, [PITH_FULL_IMAGE:figures/full_fig_p013_8.png] view at source ↗
read the original abstract

As quantum computing matures into a practical paradigm, the need for secure and private quantum computation on untrusted hardware becomes increasingly urgent. While classical fully homomorphic encryption has enabled computation over encrypted data in untrusted environments, a fully homomorphic and practically implementable quantum counterpart remains elusive. In this work, we propose a universal quantum homomorphic encryption (QHE) framework developed from the Quantum One-Time Pad (QOTP) scheme. Our approach (QOTPH) maintains information-theoretic security and supports a broad class of quantum operations on encrypted quantum states through a systematic set of homomorphic gate decompositions and key update rules. By leveraging the symmetric structure of QOTP and exploiting the transformation properties of quantum gates under Pauli encryption, we enable non-interactive homomorphic evaluation of arbitrary circuits expressible in the Clifford+T gate set, as well as controlled and parameterized operations relevant to variational quantum algorithms and delegated computation. We provide a formal specification of the proposed encryption model, detail its implementation procedure, and report the results obtained from both simulated environments and real quantum processors. Experimental validation demonstrates the correctness of the homomorphic operations and the preservation of key secrecy under circuit-level noise and real-device constraints. This work takes a step toward bridging the gap between theoretical quantum homomorphic encryption and practical realization on near-term quantum hardware, offering a scalable and symmetric cryptographic primitive for privacy-preserving quantum computation.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 1 minor

Summary. The paper proposes a quantum homomorphic encryption framework called QOTPH based on the Quantum One-Time Pad (QOTP). It maintains information-theoretic security and enables non-interactive homomorphic evaluation of Clifford+T circuits and parameterized operations using systematic gate decompositions and key update rules. The authors provide a formal specification, implementation procedure, and experimental results from simulators and real quantum processors showing correctness and key secrecy under noise.

Significance. If the claims hold, particularly the non-interactive support for universal Clifford+T circuits with information-theoretic security, this would be a significant step toward practical private quantum computation on untrusted hardware, bridging theoretical QHE with NISQ-era implementations and enabling applications in delegated quantum computing and variational algorithms.

major comments (2)
  1. [Abstract] Abstract, second paragraph: The central claim that the scheme enables non-interactive homomorphic evaluation of arbitrary Clifford+T circuits while preserving information-theoretic security is load-bearing. Because T does not conjugate Pauli operators to Pauli operators (e.g., T X T† yields a linear combination of X and Y), any decomposition restoring a Pauli form must be specified explicitly together with a security reduction showing that neither interactivity nor key-dependent server operations are introduced. The abstract description alone does not resolve this.
  2. [Experimental validation sections] Experimental validation sections: The reported simulator and hardware experiments demonstrate operational correctness under noise but supply no evidence for the information-theoretic security property. Information-theoretic security is a theoretical guarantee that cannot be established by empirical correctness tests; a formal proof or reduction for the T-gate case is required.
minor comments (1)
  1. The abstract refers to support for 'controlled and parameterized operations relevant to variational quantum algorithms'; an explicit enumeration of the supported gate set and any restrictions on parameterization would improve clarity.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive comments on our QOTPH framework. We address each major point below with references to the manuscript content and indicate planned revisions where they strengthen clarity without altering the core claims.

read point-by-point responses

  1. Referee: [Abstract] Abstract, second paragraph: The central claim that the scheme enables non-interactive homomorphic evaluation of arbitrary Clifford+T circuits while preserving information-theoretic security is load-bearing. Because T does not conjugate Pauli operators to Pauli operators (e.g., T X T† yields a linear combination of X and Y), any decomposition restoring a Pauli form must be specified explicitly together with a security reduction showing that neither interactivity nor key-dependent server operations are introduced. The abstract description alone does not resolve this.

    Authors: The manuscript (Sections 3 and 4) supplies the requested explicit decompositions: the T gate is realized homomorphically via a fixed sequence of Clifford operations on the encrypted state together with classical Pauli-key updates computed by the client after evaluation. These updates restore the QOTP form without requiring the server to know the key or perform key-dependent operations, preserving non-interactivity. The security reduction in Section 4 shows that the view of the server is indistinguishable from a fresh QOTP encryption, inheriting information-theoretic security. We will revise the abstract to include a concise reference to these T-gate decompositions and the post-evaluation key-update step. revision: partial

  2. Referee: [Experimental validation sections] Experimental validation sections: The reported simulator and hardware experiments demonstrate operational correctness under noise but supply no evidence for the information-theoretic security property. Information-theoretic security is a theoretical guarantee that cannot be established by empirical correctness tests; a formal proof or reduction for the T-gate case is required.

    Authors: We agree that information-theoretic security is a theoretical property and that the simulator and hardware experiments (Sections 5 and 6) serve only to confirm operational correctness and noise resilience. The formal security reduction for the full Clifford+T set, including the T gate, appears in Section 4 and proceeds by showing that every homomorphic gate (with its associated key update) maps an encrypted state to another encrypted state under an updated QOTP key, with no additional leakage. We will add explicit cross-references from the experimental sections to this theoretical analysis. revision: yes

Circularity Check

0 steps flagged

No circularity: QOTPH built from standard QOTP with explicit decompositions

full rationale

The paper's central derivation begins from the established Quantum One-Time Pad (QOTP) primitive and introduces a systematic set of homomorphic gate decompositions plus key-update rules for Clifford+T circuits and parameterized operations. These rules are presented as new but explicitly described constructions that preserve the Pauli form under encryption. No equation reduces the claimed information-theoretic security or non-interactive evaluation property to a fitted parameter, a self-referential definition, or a self-citation chain. The security argument is asserted to follow directly from the transformation properties of gates under Pauli encryption, without presupposing the target functionality. Experimental sections address hardware correctness under noise and are separate from the theoretical security claim. This satisfies the default expectation of a non-circular construction.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 1 invented entities

Review based solely on abstract; full derivation and assumptions not inspectable.

axioms (2)
  • domain assumption Symmetric structure and Pauli transformation properties of the Quantum One-Time Pad
    The homomorphic gate decompositions and key-update rules rely on these established QOTP properties.
  • domain assumption Quantum gates can be rewritten to act homomorphically on Pauli-encrypted states
    Central to enabling non-interactive evaluation without decryption.
invented entities (1)
  • QOTPH framework no independent evidence
    purpose: Universal quantum homomorphic encryption scheme supporting Clifford+T and parameterized operations
    New construction proposed in the paper; no independent evidence provided beyond the authors' experiments.

pith-pipeline@v0.9.0 · 5556 in / 1460 out tokens · 41790 ms · 2026-05-10T02:44:02.736373+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

36 extracted references · 36 canonical work pages

  1. [1]

    Practical solutions in fully homomorphic en- cryption: a survey analyzing existing accelera- tion methods

    Yanwei Gong, Xiaolin Chang, Jelena Mišić, Vo- jislav B Mišić, Jianhua Wang, and Haoran Zhu. “Practical solutions in fully homomorphic en- cryption: a survey analyzing existing accelera- tion methods”. Cybersecurity7, 5 (2024)

    work page 2024

  2. [2]

    Module-lattice-basedkey-encapsulation mechanism standard

    National Institute of Standards and Technology (NIST). “Module-lattice-basedkey-encapsulation mechanism standard”. Federal Information Pro- cessing Standards Publication 203. National In- stitute of Standards and Technology (2024)

    work page 2024

  3. [3]

    Digital sovereignty strategies for ev- ery nation

    Ali Shoker. “Digital sovereignty strategies for ev- ery nation”. Applied Cybersecurity & Internet Governance1, 1–17 (2022)

    work page 2022

  4. [4]

    (leveled) fully homomorphic encryption without bootstrapping

    Zvika Brakerski, Craig Gentry, and Vinod Vaikuntanathan. “(leveled) fully homomorphic encryption without bootstrapping”. ACM Trans- actions on Computation Theory (TOCT)6, 1– 36 (2014)

    work page 2014

  5. [5]

    Homomorphic encryption for arithmetic of approximate numbers

    Jung Hee Cheon, Andrey Kim, Miran Kim, and Yongsoo Song. “Homomorphic encryption for arithmetic of approximate numbers”. In Interna- tional conference on the theory and application of cryptology and information security. Pages 409–437. Springer (2017)

    work page 2017

  6. [6]

    Homomorphic encryption from learning with errors: Conceptually-simpler, asymptotically- faster, attribute-based

    Craig Gentry, Amit Sahai, and Brent Waters. “Homomorphic encryption from learning with errors: Conceptually-simpler, asymptotically- faster, attribute-based”. In Annual cryptology conference. Pages 75–92. Springer (2013)

    work page 2013

  7. [7]

    Homomorphic en- cryption market outlook report 2024–2031: Trends, strategic insights, and growth opportu- nities

    Insider Market Research. “Homomorphic en- cryption market outlook report 2024–2031: Trends, strategic insights, and growth opportu- nities”.https://insidermarketresearch.com/ global-homomorphic-encryption-market/(2024). Market research report

    work page 2024

  8. [8]

    Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer

    Peter W Shor. “Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer”. SIAM review41, 303– 332 (1999)

    work page 1999

  9. [9]

    A fast quantum mechanical algo- rithm for database search

    Lov K Grover. “A fast quantum mechanical algo- rithm for database search”. In Proceedings of the twenty-eighth annual ACM symposium on The- ory of computing. Pages 212–219. (1996)

    work page 1996

  10. [10]

    A true random number genera- tor for blockchain wallets based on quantum computation

    Jon Hernández-Bueno, Julen Bernabé- Rodríguez, Iñaki Seco-Aguirre, and Leire Legarreta. “A true random number genera- tor for blockchain wallets based on quantum computation”. In International Congress on Blockchain and Applications. Pages 194–203. Springer (2024)

    work page 2024

  11. [11]

    Enhancing blockchain with quantum-safe verification: A quantum finger- printing framework

    Jon Hernández-Bueno, Oscar Lage, Marivi Higuero, Iñaki Seco-Aguirre, and Julen Bernabé- Rodríguez. “Enhancing blockchain with quantum-safe verification: A quantum finger- printing framework”. In International Congress on Blockchain and Applications. Pages 27–37. Springer (2025)

    work page 2025

  12. [12]

    Quantum homomorphic encryption for polynomial-sized circuits

    Yfke Dulek, Christian Schaffner, and Florian Speelman. “Quantum homomorphic encryption for polynomial-sized circuits”. In Annual in- ternational cryptology conference. Pages 3–32. Springer (2016)

    work page 2016

  13. [13]

    A quantum approach to homomorphic encryption

    Si-Hui Tan, Joshua A Kettlewell, Yingkai Ouyang, Lin Chen, and Joseph F Fitzsimons. “A quantum approach to homomorphic encryption”. Scientific reports6, 33467 (2016)

    work page 2016

  14. [14]

    Ex- perimental quantum homomorphic encryption using a quantum photonic chip

    Yuan Li, Lin Cao, Wei Luo, Hui Zhang, Hong Cai, MuhammadFaeyzKarim, FengGao, Joseph Fitzsimons, Qinghua Song, and Ai-Qun Liu. “Ex- perimental quantum homomorphic encryption using a quantum photonic chip”. Physical review letters132, 200801 (2024)

    work page 2024

  15. [15]

    How to construct quantum fhe, generically

    Aparna Gupte and Vinod Vaikuntanathan. “How to construct quantum fhe, generically”. In An- nual International Cryptology Conference. Pages 246–279. Springer (2024)

    work page 2024

  16. [16]

    Implementing the grover algorithm in homomor- phic encryption schemes

    Pablo Fernández and Miguel A Martin-Delgado. “Implementing the grover algorithm in homomor- phic encryption schemes”. Physical Review Re- search6, 043109 (2024)

    work page 2024

  17. [17]

    Implementing semiclassical szegedy walks in classical-quantum circuits for homomorphic encryption

    Sergio A Ortega, Pablo Fernández, and Miguel A Martin-Delgado. “Implementing semiclassical szegedy walks in classical-quantum circuits for homomorphic encryption”. Journal of Physics: Complexity6, 025010 (2025)

    work page 2025

  18. [18]

    A secure quantum homomorphic encryp- tion ciphertext retrieval scheme

    Zhen-Wen Cheng, Xiu-Bo Chen, Gang Xu, Yan Chang, Li-Hua Miao, Yi-Xian Yang, and Ya-Lan Wang. “A secure quantum homomorphic encryp- tion ciphertext retrieval scheme”. Soft Comput- ing29, 1497–1509 (2025)

    work page 2025

  19. [19]

    A fully homomorphic encryption scheme

    Craig Gentry. “A fully homomorphic encryption scheme”. Stanford university. (2009)

    work page 2009

  20. [20]

    Quan- tum computation and quantum information

    Michael A Nielsen and Isaac L Chuang. “Quan- tum computation and quantum information”. Cambridge university press. (2010)

    work page 2010

  21. [21]

    Principles of quantum me- chanics

    Ramamurti Shankar. “Principles of quantum me- chanics”. Springer Science & Business Media. (2012)

    work page 2012

  22. [22]

    A new notation for quantum mechanics

    Paul Adrien Maurice Dirac. “A new notation for quantum mechanics”. In Mathematical proceed- ings of the Cambridge philosophical society. Vol- ume 35, pages 416–418. Cambridge University Press (1939)

    work page 1939

  23. [23]

    On the einstein podolsky rosen paradox

    John S Bell. “On the einstein podolsky rosen paradox”. Physics Physique Fizika1, 195 (1964)

    work page 1964

  24. [24]

    Teleporting an unknown quantum state via dual classical and einstein-podolsky- rosen channels

    Charles H Bennett, Gilles Brassard, Claude Cré- peau, RichardJozsa, AsherPeres, andWilliamK 16 Wootters. “Teleporting an unknown quantum state via dual classical and einstein-podolsky- rosen channels”. Physical review letters70, 1895 (1993)

    work page 1993

  25. [25]

    A single quantum cannot be cloned

    William K Wootters and Wojciech H Zurek. “A single quantum cannot be cloned”. Nature299, 802–803 (1982)

    work page 1982

  26. [26]

    Communication by epr devices

    DGBJ Dieks. “Communication by epr devices”. Physics Letters A92, 271–272 (1982)

    work page 1982

  27. [27]

    Quan- tum cryptography: Public key distribution and coin tossing

    Charles H Bennett and Gilles Brassard. “Quan- tum cryptography: Public key distribution and coin tossing”. Theoretical computer science560, 7–11 (2014)

    work page 2014

  28. [28]

    The solovay-kitaev algorithm

    Christopher M Dawson and Michael A Nielsen. “The solovay-kitaev algorithm” (2005)

    work page 2005

  29. [29]

    Quantum supremacy us- ing a programmable superconducting processor

    Frank Arute, Kunal Arya, Ryan Babbush, Dave Bacon, Joseph C Bardin, Rami Barends, Rupak Biswas, Sergio Boixo, Fernando GSL Brandao, David A Buell, et al. “Quantum supremacy us- ing a programmable superconducting processor”. Nature574, 505–510 (2019)

    work page 2019

  30. [30]

    Qiskit: An open- source framework for quantum computing

    Qiskit Development Team. “Qiskit: An open- source framework for quantum computing”. https://qiskit.org(2025)

    work page 2025

  31. [31]

    Op- timal encryption of quantum bits

    P Oscar Boykin and Vwani Roychowdhury. “Op- timal encryption of quantum bits”. Physical re- view A67, 042317 (2003)

    work page 2003

  32. [32]

    Communication theory of secrecy systems

    Claude E Shannon. “Communication theory of secrecy systems”. The Bell system technical jour- nal28, 656–715 (1949)

    work page 1949

  33. [33]

    Private quantum chan- nels

    Andris Ambainis, Michele Mosca, Alain Tapp, and Ronald De Wolf. “Private quantum chan- nels”. In Proceedings 41st Annual Symposium on Foundations of Computer Science. Pages 547–

    work page

  34. [34]

    Au- thentication of quantum messages

    Howard Barnum, Claude Crépeau, Daniel Gottesman, Adam Smith, and Alain Tapp. “Au- thentication of quantum messages”. In The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings. Pages 449–458. IEEE (2002)

    work page 2002

  35. [35]

    Quantum homomorphic encryption from quantum codes

    Yingkai Ouyang, Si-Hui Tan, and Joseph F Fitzsimons. “Quantum homomorphic encryption from quantum codes”. Physical Review A98, 042334 (2018)

    work page 2018

  36. [36]

    Quantum computing in the nisq era and beyond

    John Preskill. “Quantum computing in the nisq era and beyond”. Quantum2, 79 (2018). 17

    work page 2018