On the Computational Hardness of Quantum One-Wayness

IF 5.1 2区物理与天体物理 Q1 PHYSICS, MULTIDISCIPLINARY Quantum Pub Date : 2025-03-27 DOI:10.22331/q-2025-03-27-1679

Bruno Cavalar, Eli Goldin, Matthew Gray, Peter Hall, Yanyi Liu, Angelos Pelecanos

{"title":"On the Computational Hardness of Quantum One-Wayness","authors":"Bruno Cavalar, Eli Goldin, Matthew Gray, Peter Hall, Yanyi Liu, Angelos Pelecanos","doi":"10.22331/q-2025-03-27-1679","DOIUrl":null,"url":null,"abstract":"There is a large body of work studying what forms of computational hardness are needed to realize classical cryptography. In particular, one-way functions and pseudorandom generators can be built from each other, and thus require equivalent computational assumptions to be realized. Furthermore, the existence of either of these primitives implies that $\\rm{P} \\neq \\rm{NP}$, which gives a lower bound on the necessary hardness.<br/> One can also define versions of each of these primitives with quantum output: respectively one-way state generators and pseudorandom state generators. Unlike in the classical setting, it is not known whether either primitive can be built from the other. Although it has been shown that pseudorandom state generators for certain parameter regimes can be used to build one-way state generators, the implication has not been previously known in full generality. Furthermore, to the best of our knowledge, the existence of one-way state generators has no known implications in complexity theory.<br/> We show that pseudorandom states compressing $n$ bits to $\\log n + 1$ qubits can be used to build one-way state generators and pseudorandom states compressing $n$ bits to $\\omega(\\log n)$ qubits are one-way state generators. This is a nearly optimal result since pseudorandom states with fewer than $c \\log n$-qubit output can be shown to exist unconditionally. We also show that any one-way state generator can be broken by a quantum algorithm with classical access to a $\\rm{PP}$ oracle.<br/> An interesting implication of our results is that a $t(n)$-copy one-way state generator exists unconditionally, for every $t(n) = o(n/\\log n)$. This contrasts nicely with the previously known fact that $O(n)$-copy one-way state generators require computational hardness. We also outline a new route towards a black-box separation between one-way state generators and quantum bit commitments.","PeriodicalId":20807,"journal":{"name":"Quantum","volume":"12 1","pages":""},"PeriodicalIF":5.1000,"publicationDate":"2025-03-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Quantum","FirstCategoryId":"101","ListUrlMain":"https://doi.org/10.22331/q-2025-03-27-1679","RegionNum":2,"RegionCategory":"物理与天体物理","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"PHYSICS, MULTIDISCIPLINARY","Score":null,"Total":0}

引用次数: 0

Abstract

There is a large body of work studying what forms of computational hardness are needed to realize classical cryptography. In particular, one-way functions and pseudorandom generators can be built from each other, and thus require equivalent computational assumptions to be realized. Furthermore, the existence of either of these primitives implies that $\rm{P} \neq \rm{NP}$, which gives a lower bound on the necessary hardness.
One can also define versions of each of these primitives with quantum output: respectively one-way state generators and pseudorandom state generators. Unlike in the classical setting, it is not known whether either primitive can be built from the other. Although it has been shown that pseudorandom state generators for certain parameter regimes can be used to build one-way state generators, the implication has not been previously known in full generality. Furthermore, to the best of our knowledge, the existence of one-way state generators has no known implications in complexity theory.
We show that pseudorandom states compressing $n$ bits to $\log n + 1$ qubits can be used to build one-way state generators and pseudorandom states compressing $n$ bits to $\omega(\log n)$ qubits are one-way state generators. This is a nearly optimal result since pseudorandom states with fewer than $c \log n$-qubit output can be shown to exist unconditionally. We also show that any one-way state generator can be broken by a quantum algorithm with classical access to a $\rm{PP}$ oracle.
An interesting implication of our results is that a $t(n)$-copy one-way state generator exists unconditionally, for every $t(n) = o(n/\log n)$. This contrasts nicely with the previously known fact that $O(n)$-copy one-way state generators require computational hardness. We also outline a new route towards a black-box separation between one-way state generators and quantum bit commitments.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

论量子单向性的计算硬度

有大量的工作在研究实现经典密码学需要什么形式的计算硬度。特别是，单向函数和伪随机生成器可以相互构建，因此需要等效的计算假设来实现。此外，这两个原语中的任何一个的存在都意味着$\rm{P} \neq \rm{NP}$，它给出了必要硬度的下界。还可以用量子输出定义这些原语的每个版本：分别是单向状态生成器和伪随机状态生成器。不像在古典的背景下，它不知道是否两个原始可以由另一个建造。虽然已经证明，某些参数体系的伪随机状态发生器可以用来构建单向状态发生器，但其含义以前还没有得到全面的了解。此外，据我们所知，单向状态发生器的存在在复杂性理论中没有已知的含义。我们证明将$n$位压缩为$\log n + 1$量子位的伪随机状态可用于构建单向状态生成器，将$n$位压缩为$\omega(\log n)$量子位的伪随机状态是单向状态生成器。这是一个近乎最优的结果，因为输出小于$c \log n$ -qubit的伪随机状态可以被证明是无条件存在的。我们还表明，任何单向状态生成器都可以通过对$\rm{PP}$ oracle的经典访问的量子算法来破坏。我们的结果的一个有趣的含义是，对于每个$t(n) = o(n/\log n)$，都无条件地存在一个$t(n)$ -copy单向状态生成器。这与先前已知的事实形成鲜明对比，即$O(n)$ -copy单向状态生成器需要计算难度。我们还概述了在单向状态生成器和量子比特承诺之间实现黑盒分离的新途径。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Quantum Physics and Astronomy-Physics and Astronomy (miscellaneous)

CiteScore

9.20

自引率

10.90%

发文量

241

审稿时长

16 weeks

期刊介绍： Quantum is an open-access peer-reviewed journal for quantum science and related fields. Quantum is non-profit and community-run: an effort by researchers and for researchers to make science more open and publishing more transparent and efficient.