As with the first conventional computers, the first quantum computers will likely be hosted only by major institutions. A client wishing to use one may have to rely on “cloud-based” quantum computing, where data are stored and manipulated at a remote site. In such a setting, privacy becomes an important concern. A protocol is needed for delegating quantum computation in a way that hides the work from the server performing it. All current protocols require the client to possess quantum capabilities, such as the ability to prepare or measure quantum states, or they require multiple noncommunicating servers. This limits the feasibility of secure cloud-based quantum computing to locations with extensive quantum networks. We show how an ordinary user without access to special quantum technology can hide critical aspects of a computation delegated to a remote quantum computer.

Our protocol exploits the ambiguity in the flow of information in a measurement-based quantum computer. The uncertainty arises because there are multiple ways to interpret a sequence of measurements on a cluster state as a quantum computation, if the logic for deciding dependencies between measurement settings is not known. During a run of this protocol, there are exponentially many choices of computation for the client, and the quantum server never receives enough information to unambiguously identify the client’s choice from her communication, even if the server actively deviates from the protocol.

Our intent is to demonstrate that it is possible for a client equipped only with a classical computer to obfuscate her choice of quantum computation from a malicious quantum server. While we do not offer a full solution, the results support the possibility of making secure cloud quantum computing accessible to a wider population using existing communications infrastructure.