Blind Quantum Computing

Blind quantum computing solves a fundamental trust problem: if you want to run a quantum computation but do not own a quantum computer, can you use someone else’s machine without revealing what you are computing? Classical cloud computing has no satisfactory answer to this question; a classical server can read plaintext unless you restrict what computations it can perform. Blind quantum computing, first demonstrated rigorously by Broadbent, Fitzsimons, and Kashefi in 2009, gives a provably secure answer using quantum resources.

The protocol

The BFK protocol works in the measurement-based quantum computing (MBQC) framework. The client prepares individual qubits, each in a randomly rotated state $|+_\theta\rangle = \frac{1}{\sqrt{2}}(|0\rangle + e^{i\theta}|1\rangle)$ where $\theta$ is chosen uniformly from a discrete set, and sends them to the server. The server entangles the received qubits into a resource state (the graph state) and then proceeds to measure them one by one.

At each measurement step, the client instructs the server which angle to measure, but the angle sent is the true computation angle plus the random offset $\theta$. Because the server does not know $\theta$, it cannot determine the true measurement angle, so it cannot learn what computation is being performed. The server’s measurement outcomes are returned to the client, who uses them (along with classical byproduct corrections) to extract the final computation result.

Security is information-theoretic: the server’s view is independent of the computation being performed, regardless of its computational power. The client requires only the ability to prepare single-qubit states and perform classical processing; no quantum memory or entanglement capability is needed on the client side. This is sometimes called the “quantum cloud computing” model.

Verification extensions to the protocol allow the client to detect a malicious or faulty server with high probability by weaving trap qubits into the resource state, qubits whose correct measurement outcomes are known to the client but hidden from the server.

Why it matters for learners

Blind quantum computing sits at the intersection of quantum cryptography and distributed quantum computation. It demonstrates that quantum mechanics enables a qualitatively new kind of privacy guarantee that has no classical analogue: a computationally unbounded server learns nothing about the client’s computation.

As quantum cloud services become commercially available (IBM, Amazon Braket, IonQ, Quantinuum all offer remote quantum access today), blind quantum computing provides the theoretical foundation for what a truly private quantum cloud service would look like. The practical bottleneck is the quantum channel from client to server: the client must transmit freshly prepared qubits, which requires either a direct photonic link or quantum teleportation of states through pre-shared entanglement.

Common misconceptions

Misconception 1: Blind quantum computing requires the client to have a full quantum computer. The client’s requirements are minimal: only single-qubit state preparation (no entanglement, no multi-qubit gates, no quantum memory). This is a substantially weaker capability than building or running a quantum computer.

Misconception 2: The server is completely in the dark about the computation. The server knows the size and structure of the resource state (i.e., how many qubits and which topology), which gives it some information about the class of computation being delegated. Full hiding of the circuit size requires additional techniques such as universal resource states.

See also

• Quantum Cryptography
• Quantum Internet
• Quantum Teleportation
• Quantum Key Distribution