Quantum homomorphic encryption, which allows computation by a server directly on encrypted data, is a fundamental primitive out of which more complex quantum cryptography protocols can be built. For such constructions to be possible, quantum homomorphic encryption must satisfy two privacy properties: data privacy which ensures that the input data is private from the server, and circuit privacy which ensures that the ciphertext after the computation does not reveal any additional information about the circuit used to perform it, beyond the output of the computation itself. While circuit privacy is well-studied in classical cryptography and many homomorphic encryption schemes can be equipped with it, its quantum analogue has received little attention. Here we establish a definition of circuit privacy for quantum homomorphic encryption with information-theoretic security. Furthermore, we reduce quantum oblivious transfer to quantum homomorphic encryption. By using this reduction, our work unravels fundamental trade-offs between circuit privacy, data privacy and correctness for a broad family of quantum homomorphic encryption protocols, including schemes that allow only the computation of Clifford circuits.

翻译：量子同态加密允许服务器直接在加密数据上进行计算，是构建更复杂量子密码协议的基本原语。为实现此类构建，量子同态加密需满足两种隐私性质：数据隐私性确保输入数据对服务器保密，而电路隐私性则保证计算后的密文不会泄露除计算结果本身之外的任何关于执行电路的信息。尽管电路隐私性在经典密码学中已有深入研究且许多同态加密方案可具备该特性，但其量子类比却鲜受关注。本文为信息论安全的量子同态加密建立了电路隐私性的定义。此外，我们将量子不经意传输归约至量子同态加密。通过这一归约，我们的工作揭示了一类广泛量子同态加密协议（包括仅允许计算克利福德电路的方案）中电路隐私性、数据隐私性与正确性之间的根本性权衡。