pith. sign in

arxiv: 2606.28139 · v1 · pith:5JCQFWRBnew · submitted 2026-06-26 · 🪐 quant-ph

Optimizing Resource Costs: A Practical Guide to Achieving Target Security in Verifiable Blind Quantum Computing

Janice van Dam , Micha{\l} van Hooft , Stephanie D.C. Wehner This is my paper

Pith reviewed 2026-06-29 03:53 UTC · model grok-4.3

classification 🪐 quant-ph
keywords verifiable blind quantum computingresource optimizationconstrained optimizationnoise robustnessquantum delegationround minimizationtrapped ion hardware
0
0 comments X

The pith

A constrained optimization framework finds the minimal number of rounds required to achieve target security in noise-robust verifiable blind quantum computing.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper shows how to turn the interdependent parameters of the Leichtle et al. noise-robust VBQC protocol into a constrained optimization problem whose solution gives the smallest total number of computation and test rounds that still meets a chosen security target at a given hardware noise level. It also supplies a heuristic formula that approximates this minimal round count and reveals its scaling behavior. The same approach supports trading off gate rate against fidelity to reduce overall runtime. Readers interested in near-term quantum cloud services would care because the method converts abstract security proofs into concrete resource budgets for specific hardware.

Core claim

The central discovery is that the security and noise-tolerance conditions of the round-based VBQC protocol can be encoded as constraints in an optimization problem, allowing numerical solution for the parameter values that minimize the number of rounds while preserving the protocol's proven security guarantees.

What carries the argument

The constrained optimization framework that minimizes the total number of rounds subject to the protocol's security proof constraints and noise bounds.

Load-bearing premise

The original security proof of the Leichtle protocol continues to hold when its parameters are selected via constrained numerical optimization instead of direct analytic construction.

What would settle it

Execute the optimization for chosen noise and security values, then verify whether those parameters still satisfy the completeness and soundness bounds stated in the Leichtle et al. security proof.

Figures

Figures reproduced from arXiv: 2606.28139 by Janice van Dam, Micha{\l} van Hooft, Stephanie D.C. Wehner.

Figure 1
Figure 1. Figure 1: FIG. 1: The scaling of [PITH_FULL_IMAGE:figures/full_fig_p006_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: FIG. 2: The scaling of protocol parameters (a) [PITH_FULL_IMAGE:figures/full_fig_p008_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: FIG. 3: End-to-end protocol runtime as a function of [PITH_FULL_IMAGE:figures/full_fig_p009_3.png] view at source ↗
read the original abstract

Verifiable blind quantum computing (VBQC) enables a resource-limited client to securely delegate computations to an untrusted quantum server while maintaining privacy and detecting deviations from the prescribed computation. The noise-robust VBQC protocol of Leichtle et al. achieves this through a round-based structure: the client delegates multiple computation rounds and test rounds, using the test outcomes to detect cheating while tolerating honest hardware noise. The protocol's security proof involves numerous interdependent parameters, making it non-trivial to find a valid parameter set for a given hardware noise level and security target. We formalize this as a constrained optimization problem and develop a practical framework to solve it. The framework yields the protocol parameters that minimize the number of rounds for any given setup. We derive a heuristic formula for the minimal number of rounds to help understand the scaling with noise and security targets and to provide rapid resource estimation. Since the number of rounds depends on noise while the time per round depends on hardware rate, the framework also enables optimization of rate-fidelity trade-offs to minimize end-to-end runtime. We demonstrate both applications through a case study of a trapped-ion server with a measurement-only client, showing how the client's polarization control hardware specifications translate into protocol parameters and runtime estimates, providing concrete guidance for near-term implementations.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 2 minor

Summary. The manuscript formalizes parameter selection for the noise-robust VBQC protocol of Leichtle et al. as a constrained optimization problem whose objective is to minimize the total number of rounds while meeting a target security level for given hardware noise. It supplies a practical solver framework, derives a heuristic formula for the minimal round count as a function of noise and security parameters, and applies the method to a trapped-ion server with measurement-only client to produce concrete parameter sets and end-to-end runtime estimates that incorporate rate-fidelity trade-offs.

Significance. If the optimization constraints are shown to be faithful to the full set of interdependent bounds in the Leichtle et al. security theorem, the work supplies a concrete, reusable tool for resource estimation that directly supports near-term VBQC experiments by translating hardware specifications into minimal-round protocols and runtime predictions.

major comments (2)
  1. [Abstract; optimization formalization section] Abstract and the section describing the constrained optimization: the central claim that any optimizer output remains valid under the Leichtle et al. security theorem requires an explicit, itemized mapping from every interdependent condition in that theorem (noise tolerance, test-round acceptance thresholds, higher-order cheating-probability bounds, etc.) onto the implemented constraints. Without this mapping it is impossible to verify that the returned minimal-round solutions satisfy the original proof guarantees rather than a possibly relaxed surrogate.
  2. [Heuristic formula derivation] Section deriving the heuristic formula: the formula is presented as inheriting the same validity as the optimizer, yet no error analysis or comparison against the exact optimizer output is supplied for the parameter regimes used in the trapped-ion case study. This leaves open whether the heuristic systematically under- or over-estimates the required rounds when the full constraint set is enforced.
minor comments (2)
  1. [Notation and background] Notation for the security parameter and noise model should be introduced once with a clear reference to the corresponding quantities in Leichtle et al. to avoid ambiguity when the optimization constraints are stated.
  2. [Case study] The case-study figures would benefit from an additional panel or table that lists the exact constraint values returned by the optimizer alongside the heuristic prediction for direct numerical comparison.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for their careful reading and constructive comments on the manuscript. We address each major comment below.

read point-by-point responses

  1. Referee: [Abstract; optimization formalization section] Abstract and the section describing the constrained optimization: the central claim that any optimizer output remains valid under the Leichtle et al. security theorem requires an explicit, itemized mapping from every interdependent condition in that theorem (noise tolerance, test-round acceptance thresholds, higher-order cheating-probability bounds, etc.) onto the implemented constraints. Without this mapping it is impossible to verify that the returned minimal-round solutions satisfy the original proof guarantees rather than a possibly relaxed surrogate.

    Authors: We agree that an explicit, itemized mapping is required to substantiate the central claim. In the revised manuscript we will add a dedicated subsection (or table) that enumerates every condition appearing in the Leichtle et al. security theorem and shows its direct correspondence to the constraint implemented in the optimization framework. This addition will confirm that optimizer outputs remain faithful to the original proof guarantees. revision: yes

  2. Referee: [Heuristic formula derivation] Section deriving the heuristic formula: the formula is presented as inheriting the same validity as the optimizer, yet no error analysis or comparison against the exact optimizer output is supplied for the parameter regimes used in the trapped-ion case study. This leaves open whether the heuristic systematically under- or over-estimates the required rounds when the full constraint set is enforced.

    Authors: We acknowledge the absence of a quantitative validation for the heuristic. In the revised manuscript we will include a new subsection that compares heuristic predictions against exact optimizer outputs across a range of noise and security parameters, with explicit focus on the regimes of the trapped-ion case study. The comparison will report relative errors and discuss any systematic bias. revision: yes

Circularity Check

0 steps flagged

No significant circularity; optimization framework applies external security constraints

full rationale

The paper cites the Leichtle et al. security proof as the source of the constrained optimization problem and develops a solver plus heuristic for minimal rounds. No self-definitional mappings, fitted inputs renamed as predictions, or load-bearing self-citations appear in the provided text. The derivation chain remains self-contained by treating the cited protocol's bounds as given external inputs.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

Based solely on the abstract, the claim rests on the security properties of the Leichtle et al. protocol and the assumption that parameter selection can be cast as a solvable constrained optimization problem. No new free parameters, axioms beyond the cited protocol, or invented entities are introduced.

axioms (1)
  • domain assumption The noise-robust VBQC protocol of Leichtle et al. achieves security through round-based computation and test rounds that tolerate honest hardware noise.
    Invoked as the foundation for the optimization problem in the abstract.

pith-pipeline@v0.9.1-grok · 5767 in / 1382 out tokens · 65277 ms · 2026-06-29T03:53:30.212109+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

53 extracted references · 2 linked inside Pith

  1. [1]

    In MBQC, the computation is driven by single-qubit measure- ments performed on a highly entangled multi-qubit resource state, known as a cluster or graph state

    Measurement-based quantum computing The rVBQC protocol relies on the MBQC model [19], an alternative to the more common circuit-based model. In MBQC, the computation is driven by single-qubit measure- ments performed on a highly entangled multi-qubit resource state, known as a cluster or graph state. A graph state is a quantum state that directly represen...

  2. [2]

    Because the client does not have the resources themselves, they delegate to a remote server

    Blind delegation in the MBQC model Consider a scenario where a resource-limited client wants to execute a quantum computation. Because the client does not have the resources themselves, they delegate to a remote server. If the client wants their computation to remain pri- vate, it can use blind quantum computing (BQC) [2]. In BQC, the server remains ignor...

  3. [3]

    dummy qubits

    Verification In addition to keeping the computation secret, we also want a way to check that the server performs as it is supposed to. This is where verification comes in. Verification is commonly achieved by embedding "traps" within the computation [9]. A trap is a qubit for which the client can deterministically determine the outcome when it is measured...

  4. [4]

    [14] introduces a noise-robust protocol that modifies the trap structure to enhance practi- cality and noise tolerance

    The rVBQC protocol The work by Leichtle et al. [14] introduces a noise-robust protocol that modifies the trap structure to enhance practi- cality and noise tolerance. Instead of embedding individual traps within a single, large computational graph, this pro- tocol separates thentotal rounds into two sets. The full protocol consists ofdcomputation rounds, ...

  5. [5]

    Attacking conservatively: Attacking fewer than aZ fraction of rounds on average, avoiding detection with highprobabilitybutalsoflippingthemajorityvotewith low probability

  6. [6]

    Ok" or "Abort

    Attacking aggressively: Attacking at least aZfraction of rounds on average, to flip the majority vote with higher probability but also have a low probability of doing this undetected. The security proof bounds both scenarios. Each bound can be tuned by independently adjusting how much statistical slack we allow around expected values for cheating strategi...

  7. [7]

    This means that each additional order of mag- nitude in security (adding a ‘nine’ of security) comes at a fixed, additive cost in the number of rounds

    The cost of security: the resource scales linearly with -log(ϵ⋆). This means that each additional order of mag- nitude in security (adding a ‘nine’ of security) comes at a fixed, additive cost in the number of rounds

  8. [8]

    This impliesp max should be significantly lower thanZ/kfor the protocol to be practically im- plementable

    The cost of noise: the resource cost follows a power-law divergence as the hardware noise approaches it toler- ance limit. This impliesp max should be significantly lower thanZ/kfor the protocol to be practically im- plementable. We find that, while this heuristic reproduces the dominant behavior, a slow drift of the valuesaandbremains as the noise level ...

  9. [9]

    Collective dephasing of the trapped ions with a coher- ence time of 4 seconds [31]

  10. [10]

    Probability of depolarizing trapped ion when applying a single-qubit gate of 0.01 [32]

  11. [11]

    Probability of depolarizing trapped ion when applying a two-qubit gate of 0.05 [32]

  12. [12]

    Ion-photonentanglementasaWernerstatewithfidelity 0.88 [33]

  13. [13]

    Dark count probability at the client detecors as depo- larizing noise with depolarizing probability 0.02 [31]

  14. [14]

    Measurement error probability of ion trap of 0.0001 [31]

  15. [15]

    In the code, we made several simplifications that would lead to an incorrect implementation of the protocol, but lead to a correct estimation ofp max andt round

    Loss modes: server efficiency (including coupling to fiber [34] and frequency conversion [31]) of 0.287, prob- ability of successfully transmitting through fiber of 10−10∗0.2/10 ≈0.63, detector efficiency of 0.87 [34]. In the code, we made several simplifications that would lead to an incorrect implementation of the protocol, but lead to a correct estimat...

  16. [16]

    is published along with the code. ACKNOWLEDGEMENTS The authors would like to thank Sounak Kar for point- ing to useful bounds, and Guus Avis, Jeroen Grimbergen, Sergio Loarte and Harold Ollivier for useful feedback on the manuscript and discussions. The authors would additionally like to thank Ben Lanyon and Tracy Northup and groups for providing informat...

  17. [17]

    Secure assisted quantum computa- tion.arXiv preprint quant-ph/0111046, 2001

    Andrew M Childs. Secure assisted quantum computa- tion.arXiv preprint quant-ph/0111046, 2001

    Pith/arXiv arXiv 2001

  18. [18]

    Universal blind quantum computation

    Anne Broadbent, Joseph Fitzsimons, and Elham Kashefi. Universal blind quantum computation. In2009 50th an- nual IEEE symposium on foundations of computer sci- ence, pages 517–526. IEEE, 2009

    2009

  19. [19]

    Verification of quantum computation: An overview of existing approaches.Theory of computing systems, 63(4):715–808, 2019

    Alexandru Gheorghiu, Theodoros Kapourniotis, and El- ham Kashefi. Verification of quantum computation: An overview of existing approaches.Theory of computing systems, 63(4):715–808, 2019

    2019

  20. [20]

    Fitzsimons, Anton Zeilinger, and Philip Walther

    Stefanie Barz, Elham Kashefi, Anne Broadbent, Joseph F. Fitzsimons, Anton Zeilinger, and Philip Walther. Demonstration of blind quantum computing. Science, 335(6066):303–308, 2012

    2012

  21. [21]

    Demon- stration of measurement-only blind quantum computing

    Chiara Greganti, Marie-Christine Roehsner, Stefanie Barz, Tomoyuki Morimae, and Philip Walther. Demon- stration of measurement-only blind quantum computing. New Journal of Physics, 18(1):013020, 2016

    2016

  22. [22]

    Sanders, Chao-Yang Lu, and Jian-Wei Pan

    He-Liang Huang, Qi Zhao, Xiongfeng Ma, Chang Liu, Zu-En Su, Xi-Lin Wang, Li Li, Nai-Le Liu, Barry C. Sanders, Chao-Yang Lu, and Jian-Wei Pan. Experimen- tal blind quantum computing for a classical client.Phys- ical Review Letters, 119(5):050503, 2017

    2017

  23. [23]

    Fitzsimons, Elham Kashefi, and Philip Walther

    Stefanie Barz, Joseph F. Fitzsimons, Elham Kashefi, and Philip Walther. Experimental verification of quantum computation.Nature Physics, 9(11):727–731, 2013

    2013

  24. [24]

    Ver- ifiable blind quantum computing with trapped ions and single photons.Physical Review Letters, 132(15):150604, 2024

    Peter Drmota, DP Nadlinger, D Main, BC Nichol, EM Ainley, Dominik Leichtle, A Mantri, Elham Kashefi, R Srinivas, G Araneda, CJ Ballance, and DM Lucas. Ver- ifiable blind quantum computing with trapped ions and single photons.Physical Review Letters, 132(15):150604, 2024

    2024

  25. [25]

    Uncondition- ally verifiable blind quantum computation.Phys

    Joseph F Fitzsimons and Elham Kashefi. Uncondition- ally verifiable blind quantum computation.Phys. Rev. A, 96:012303, 2017

    2017

  26. [26]

    Verifiable measurement-only blind quantum computing with sta- bilizer testing.Physical review letters, 115(22):220502, 2015

    Masahito Hayashi and Tomoyuki Morimae. Verifiable measurement-only blind quantum computing with sta- bilizer testing.Physical review letters, 115(22):220502, 2015

    2015

  27. [27]

    Classical verification of quantum com- putations

    Urmila Mahadev. Classical verification of quantum com- putations. In2018 IEEE 59th Annual Symposium on Foundations of Computer Science (FOCS), pages 259–

  28. [28]

    Quantum Computing in the NISQ era and beyond.Quantum, 2:79, 2018

    John Preskill. Quantum Computing in the NISQ era and beyond.Quantum, 2:79, 2018

    2018

  29. [29]

    Plugging leaks in fault-tolerant quantum computation and verification.arXiv preprint arXiv:2510.03227, 2025

    Theodoros Kapourniotis, Dominik Leichtle, Luka Mu- sic, and Harold Ollivier. Plugging leaks in fault-tolerant quantum computation and verification.arXiv preprint arXiv:2510.03227, 2025

    Pith/arXiv arXiv 2025

  30. [30]

    Verifying bqp computations on noisy devices with minimal overhead.PRX Quantum, 2(4):040302, 2021

    Dominik Leichtle, Luka Music, Elham Kashefi, and Harold Ollivier. Verifying bqp computations on noisy devices with minimal overhead.PRX Quantum, 2(4):040302, 2021

    2021

  31. [31]

    Entanglement routing based on fidelity curves.arXiv preprint arXiv:2303.12864, 2023

    Bruno C Coutinho, Raul Monteiro, Luís Bugalho, and Francisco A Monteiro. Entanglement routing based on fidelity curves.arXiv preprint arXiv:2303.12864, 2023

    arXiv 2023

  32. [32]

    Rate-fidelity trade-off in cavity-based remote entanglement generation.Physical Review A, 110(4):042405, 2024

    Kazufumi Tanji, Hiroki Takahashi, Wojciech Roga, and Masahiro Takeoka. Rate-fidelity trade-off in cavity-based remote entanglement generation.Physical Review A, 110(4):042405, 2024

    2024

  33. [33]

    Entangling remote qubits using the single-photon protocol: an in- depth theoretical and experimental study.New Journal of Physics, 25(1):013011, 2023

    Sophie LN Hermans, Matteo Pompili, L Dos Santos Mar- tins, A RP Montblanch, Hans KC Beukers, Simon Baier, Johannes Borregaard, and Ronald Hanson. Entangling remote qubits using the single-photon protocol: an in- depth theoretical and experimental study.New Journal of Physics, 25(1):013011, 2023

    2023

  34. [34]

    Single-click protocols for re- mote state preparation using weak coherent pulses.arXiv preprint arXiv:2508.14857, 2025

    Janice van Dam, Emil R Hellebek, Tzula B Propp, Junior R Gonzales-Ureta, Anders S Sørensen, and Stephanie DC Wehner. Single-click protocols for re- mote state preparation using weak coherent pulses.arXiv preprint arXiv:2508.14857, 2025

    arXiv 2025

  35. [35]

    Aone-wayquan- tum computer.Physical review letters, 86(22):5188, 2001

    RobertRaussendorfandHansJBriegel. Aone-wayquan- tum computer.Physical review letters, 86(22):5188, 2001

    2001

  36. [36]

    Multi- party entanglement in graph states.Physical Review A, 69(6):062311, 2004

    Marc Hein, Jens Eisert, and Hans J Briegel. Multi- party entanglement in graph states.Physical Review A, 69(6):062311, 2004

    2004

  37. [37]

    Remote state preparation.Physical Review Letters, 87(7):077902, 2001

    Charles H Bennett, David P DiVincenzo, Peter W Shor, John A Smolin, Barbara M Terhal, and William K Woot- ters. Remote state preparation.Physical Review Letters, 87(7):077902, 2001

    2001

  38. [38]

    Abstract cryptogra- phy

    Ueli Maurer and Renato Renner. Abstract cryptogra- phy. InInnovations in Computer Science, Beijing, 2011. Tsinghua University Press

    2011

  39. [39]

    In this context, the ‘server’ is anything but the client itself, so any evesdropper on the channel, for example, is absorbed, from a security standpoint, into the server

  40. [40]

    Composable security of del- egated quantum computation

    Vedran Dunjko, Joseph F Fitzsimons, Christopher Port- mann, and Renato Renner. Composable security of del- egated quantum computation. InInternational Confer- ence on the Theory and Application of Cryptology and Information Security, pages 406–425. Springer, 2014

    2014

  41. [41]

    Differential evolution– a simple and efficient heuristic for global optimization over continuous spaces.Journal of global optimization, 11(4):341–359, 1997

    Rainer Storn and Kenneth Price. Differential evolution– a simple and efficient heuristic for global optimization over continuous spaces.Journal of global optimization, 11(4):341–359, 1997

    1997

  42. [42]

    Scipy 1.0: fundamental algorithms for sci- entific computing in python.Nature methods, 17(3):261– 272, 2020

    Pauli Virtanen, Ralf Gommers, Travis E Oliphant, Matt Haberland, Tyler Reddy, David Cournapeau, Evgeni Burovski, Pearu Peterson, Warren Weckesser, Jonathan Bright, et al. Scipy 1.0: fundamental algorithms for sci- entific computing in python.Nature methods, 17(3):261– 272, 2020

    2020

  43. [43]

    Publication code.https://gitlab.tudelft.nl/wehner-research/ security_paper_publication_code.git, 2025

    Janice van Dam and Michal van Hooft. Publication code.https://gitlab.tudelft.nl/wehner-research/ security_paper_publication_code.git, 2025

    2025

  44. [44]

    Quantum com- plexity theory

    Ethan Bernstein and Umesh Vazirani. Quantum com- plexity theory. InProceedings of the twenty-fifth annual ACM symposium on Theory of computing, pages 11–20, 1993

    1993

  45. [45]

    Hardware requirements for trapped- ion-based verifiable blind quantum computing with a measurement-only client.Quantum Science and Tech- nology, 9(4):045031, 2024

    Janice van Dam, Guus Avis, Tz B Propp, F Fer- reira da Silva, Joshua A Slater, Tracy E Northup, and Stephanie Wehner. Hardware requirements for trapped- ion-based verifiable blind quantum computing with a measurement-only client.Quantum Science and Tech- nology, 9(4):045031, 2024

    2024

  46. [46]

    NetSquid, a NETwork Simulator for QUantum Information using Discrete events.Communi- cations Physics, 4(1):164, 2021

    Tim Coopmans, Robert Knegjens, Axel Dahlberg, David Maier, Loek Nijsten, Julio de Oliveira Filho, Martijn Papendrecht, Julian Rabbie, Filip Rozpędek, Matthew Skrzypczyk, et al. NetSquid, a NETwork Simulator for QUantum Information using Discrete events.Communi- cations Physics, 4(1):164, 2021. 11

    2021

  47. [47]

    Private communica- tion, 2025

    Ben Lanyon and Tracy Northup. Private communica- tion, 2025. Trapped-ion system parameters, University of Innsbruck

    2025

  48. [48]

    Telecom-wavelength quantumrepeaternodebasedonatrapped-ionprocessor

    Viktor Krutyanskiy, Marco Canteri, Martin Meraner, James Bate, Vojtech Krcmarsky, Josef Schupp, Nico- las Sangouard, and Ben P Lanyon. Telecom-wavelength quantumrepeaternodebasedonatrapped-ionprocessor. Physical Review Letters, 130(21):213601, 2023

    2023

  49. [49]

    En- tanglement of trapped-ion qubits separated by 230 me- ters.Physical Review Letters, 130(5):050803, 2023

    Viktor Krutyanskiy, Maria Galli, Vojtech Krcmarsky, Si- mon Baier, DA Fioretto, Yunfei Pu, Azadeh Mazloom, Pavel Sekatski, Marco Canteri, Markus Teller, et al. En- tanglement of trapped-ion qubits separated by 230 me- ters.Physical Review Letters, 130(5):050803, 2023

    2023

  50. [50]

    Interface between trapped-ion qubits and traveling pho- tons with close-to-optimal efficiency.PRX Quantum, 2(2):020331, 2021

    Josef Schupp, Vojtech Krcmarsky, Viktor Krutyanskiy, Martin Meraner, Tracy E Northup, and Ben P Lanyon. Interface between trapped-ion qubits and traveling pho- tons with close-to-optimal efficiency.PRX Quantum, 2(2):020331, 2021. 12 Appendix A: Glossary Here we provide an overview of the parameters introduced in this paper, for reference. We divide the pa...

    2021

  51. [51]

    Input parameters: these parameters define the opti- mization problem and are user-provided, these are pre- sented in Table II

  52. [52]

    These are presented in Table III

    Tuning parameters: parameters that are part of the security proof and can be tuned the find the minimal number of rounds. These are presented in Table III

  53. [53]

    conserva- tive

    Other parameters: parameters that occur but do not fit into the above two categories. These are presented in Table IV TABLE II: Input parameters Meaning ϵ⋆ Overall security error target pmax The probability that a test round fails in an honest-but-noisy setting: deter- mined by the physical noise level of the system k The colourability of the graph that i...