Private Remote Quantum Sensing (PRQS)

Updated 15 November 2025

PRQS is a quantum framework that estimates global functions (e.g., weighted sums) across distributed sensors while ensuring individual parameter privacy.
It employs methods such as GHZ state encoding, stabilizer-based verification, and continuous-variable homodyne detection to achieve Heisenberg-limited precision.
Robust composable security is ensured through strict QFIM alignment, advanced resource-state engineering, and fault-tolerant protocols in both discrete and continuous regimes.

Private Remote Quantum Sensing (PRQS) is an emerging framework in quantum information science that enables distributed or remote quantum sensing with fine-grained cryptographic privacy: the goal is to estimate a prescribed function of local parameters (most canonically, a linear function such as the mean of distributed local phases) across a network in such a way that only this function is revealed, while all other combinations of local data remain private. The field encompasses networked quantum metrology, cryptographic privacy mechanisms, resource-state engineering, and composable security analysis, and spans discrete-variable and continuous-variable resource regimes.

1. Foundational Principles and Security Definitions

In PRQS, $n$ spatially separated quantum sensors each possess an unknown local parameter %%%%1%%%%. The network’s aim is to securely estimate a linear function %%%%2%%%% (with $k_j\in\mathbb{Z}$ , $M$ known) while ensuring that only $f(\Theta)$ is accessible—no party or coalition, including external adversaries, can learn more about the individual $\theta_j$ 's than is implied by $f(\Theta)$ and their own inputs (2207.14450). This is formalized via the Quantum Fisher Information Matrix (QFIM) $Q$ of the globally encoded probe, requiring $Q \propto w w^T$ for perfect privacy (where $w$ is the weighting vector for the function), so that only the function $w^T\Theta$ is estimable and all orthogonal directions carry zero information (Hassani et al., 2024, Bugalho et al., 2024).

Security goals of PRQS encompass:

Correctness (Integrity): The global estimator for $f(\Theta)$ saturates the quantum Cramér–Rao bound (QCRB) up to small additive deviations $O(\epsilon)$ introduced by imperfect states, with explicit bounds on both bias and variance of the estimator.
Input Privacy: All adversaries (possibly including network nodes, source, or eavesdroppers) can access at most $O(\epsilon)$ QFIM about any individual input parameter. In the perfect case, the QFIM for $\theta_j$ vanishes after masking, making all $\theta_j$ perfectly private except for what is inferable from $f(\Theta)$ itself (Ho et al., 2024).
Robustness and Composability: Security holds even in the presence of dishonest or malicious nodes, non-trusted sources, and adversarial quantum/classical channels. Composability is rigorously formalized in abstract-cryptography frameworks, ensuring that privacy guarantees persist when PRQS is composed as a subroutine in broader protocols (Solomons et al., 7 Oct 2025).

2. Protocol Realizations: Resource States, Encoding, and Verification

The canonical discrete-variable PRQS protocol is based on the Greenberger–Horne–Zeilinger (GHZ) state, $\ket{GHZ_n} = (\ket{0}^{\otimes n} + \ket{1}^{\otimes n})/\sqrt{2}$ . Each node $j$ applies a local phase encoding $U_j(\theta_j) = e^{i\theta_j Z_j}$ to their share of the state, thereby imprinting a global phase $e^{i\sum_j \theta_j}$ onto the GHZ superposition (2207.14450). For weighted sums, node $j$ is assigned $|k_j|$ qubits, with suitable Clifford preprocessing for negative weights.

GHZ state distribution is accompanied by a stabilizer-based verification protocol:

Multiple copies of the purported GHZ are distributed; random subsets are measured in the eigenbases of the stabilizer generators, and failure rates are tallied.
The protocol accepts only if the average failure rate $f$ is below a threshold $1/(2n^2)$ . This generates a concrete lower bound $F \geq 1 - 2 n f$ on the state fidelity, which in turn bounds privacy and integrity parameters via closed-form relations (Ho et al., 2024).

In continuous-variable (CV) settings, analogues employ multi-mode entangled Gaussian states (e.g., distributed two-mode squeezed vacuum over $M$ sensors), with local phase encoding $U_i(\theta_i) = e^{i \theta_i a_i^\dagger a_i}$ and local homodyne detection. The CV QFIM analysis shows that although perfect (rank-1) privacy is achievable only asymptotically with infinite squeezing, privacy quantifiers approach unity exponentially fast in resource number, while Heisenberg scaling in estimation precision is retained (Junior et al., 15 Sep 2025, Alushi et al., 26 Sep 2025).

Alternative architectures include robust "private–ancilla" states—GHZ–Dicke superpositions designed for resilience against qubit loss—and schemes that generalize to arbitrary linear functions by weighted resource assignment (Bugalho et al., 2024).

3. Measurement, Estimation, and Precision Scaling

Measurement proceeds by local X-basis (or homodyne) detection:

Each node measures in the $X$ -basis and broadcasts their parity (or posts outcome on a classical channel).
The global parity product yields an unbiased estimator for $\cos f(\Theta)$ (or its sine), from which $f(\Theta)$ can be efficiently estimated (e.g., $\hat{f} = \arccos[\langle X^{\otimes n} \rangle]$ ).
Repetition over $\nu$ rounds leads to mean-squared error scaling as $\mathrm{Var}(\hat{f}) \sim 1/(\nu N^2)$ for $N$ -qubit GHZ resource states (Heisenberg limit), as opposed to $1/(\nu N)$ for separable probes (2207.14450, Ho et al., 2024).

Explicit error bounds are tied to the infidelity $\epsilon$ of the resource state: $\begin{aligned} |E[\hat{f}_{\text{real}}] - E[\hat{f}_{\text{ideal}}]| &\leq O(\epsilon), \ |\mathrm{Var}(\hat{f}_{\text{real}}) - \mathrm{Var}(\hat{f}_{\text{ideal}})| &\leq O(\epsilon), \end{aligned}$ with failure probabilities suppressed exponentially in the number of verification copies (2207.14450).

In the presence of noise or loss (e.g., CV with transmissivity $\eta$ ), precision and privacy trade-off analytically; perfect privacy is approached when the QFIM becomes nearly proportional to the weight vector, and quadratic precision scaling is available provided the Gaussian probe symmetricity is maintained (Junior et al., 15 Sep 2025, Alushi et al., 26 Sep 2025).

4. Security Proofs and Quantitative Privacy Metrics

PRQS privacy is formalized in terms of the QFIM's alignment: $Q_{ij}(\rho) = \lambda\, w_i w_j$ implying that only the function $w^T\theta$ is estimable and all $\theta_j$ are hidden except through $f(\Theta)$ (Hassani et al., 2024, Bugalho et al., 2024).

Imperfect states result in $\epsilon$ -privacy ( $\epsilon$ -close to perfect): $P(Q, w) = \frac{w^T Q w}{\mathrm{Tr}\,Q},$ with $P=1$ for perfect privacy and $P\to 1$ exponentially quickly in resource scaling for optimized states.

Composable security frameworks yield universal bounds: for any protocol, if two parameter sets $w^T\Theta=w^T\Theta'$ (i.e., same global function value), then the trace distance between encoded states seen by any coalition is at most $\epsilon$ (Solomons et al., 7 Oct 2025). This ensures no leakage of information beyond $f(\Theta)$ , even under arbitrary protocol composition.

Experimental validation on small ( $n=3$ ) networks achieves privacy parameter $\epsilon_p = 0.005\pm0.002$ (as measured via QFIM tomography), while the variance and bias of the global estimator adhere to the theoretical and observed integrity bounds (Ho et al., 2024).

5. Extensions: Function Generalization, Anonymity, and Robustness

Protocols extend to:

Arbitrary Linear Functions: Non-uniform $\{k_j\}$ weights via GHZ resource partitioning and local Clifford processing. Nonlinear or analytic functions are addressed by embedding in multi-qubit encoding or using continuous-variable entanglement (2207.14450, Bizzarri et al., 5 May 2025).
Anonymity: Recent works implement an anonymous coordinator protocol combining NOTIFICATION and VOTE mechanisms to ensure neither the identity nor the participation set in an estimation round is disclosed beyond the initiator, while privacy of parameter values is preserved information-theoretically (Jong et al., 1 Jul 2025).
Robustness: Private–ancilla state families, constructed as GHZ–Dicke superpositions with additional qubits per node, provide loss resilience without sacrificing perfect privacy for the global function (Bugalho et al., 2024). These designs tolerate explicit patterns of qubit erasure and generalize to multi-block ("logical qubit") embeddings.

6. Practical Resource Requirements, Implementations, and Limitations

Implementation aspects include:

Resource Cost: For network size $n$ , verification requires $N_{\mathrm{total}} \sim n^5 \log n$ copies of the GHZ for full-fidelity protocols (2207.14450); the same scaling places constraints on quantum memory and throughput in current platforms (Ho et al., 2024).
Scalability: Hybrid protocols interleaving entangled and separable rounds maintain constant security per round regardless of network size, avoiding the exponential loss of security of naive fully entangled schemes (Moore et al., 2024).
Experimental Demonstrations: Three-party GHZ-based PRQS is demonstrated on a photonic platform with measured GHZ fidelity $0.923\pm0.005$ and privacy parameter $\epsilon_p=0.005\pm0.002$ , achieving Heisenberg-limited variance in global phase estimation (Ho et al., 2024). Network implementations in CV architectures attain near-perfect privacy and quadratic sensitivity scaling with local homodyne detection (Junior et al., 15 Sep 2025, Alushi et al., 26 Sep 2025).

Outstanding challenges and performance trade-offs include the high resource requirements for verification, the need for composably tight security in large-scale systems, and the engineering of robust, fault-tolerant private resource states for noisy or lossy channels.

7. Applications, Generalizations, and Outlook

Key applications enabled by PRQS include secure network clock synchronization, geospatial arrays for environmental or medical sensor networks, and privacy-preserving distributed quantum metrology in untrusted infrastructures. The composable security framework (Solomons et al., 7 Oct 2025) ensures PRQS can safely structure as a subroutine within larger cryptographic or distributed computing protocols. Future extensions target sample-efficient state verification, broader classes of target functions, continuous-variable and hybrid resource regimes, multi-function estimation, and device-independent or measurement-device-independent privacy guarantees. Development of robust PRQS architectures stands as a central step toward a quantum internet supporting secure, collaborative, and privacy-aware quantum-enhanced sensing.