Signatures From Pseudorandom States via $\bot$-PRFs

TL;DR

The paper addresses the challenge of deriving cryptographic primitives, notably digital signatures and public-key encryption, from quantum pseudorandom state assumptions, focusing on SPRS and the barrier of multi-time/adaptive security.It introduces bot-PRG and bot-PRF with recognizable abort and shows how PD-PRG and SP RSs yield these bot notions, leveraging a multi-time security framework to enable adaptive security for PRFs and downstream primitives.By building a GGM-style bot-PRF from a multi-time bot-PRG and then constructing bot-OWF/UOWHF, the work derives robust DS schemes (including stateless, many-message variants) and CPA-secure tamper-proof QPKE with classical public keys, using SP RS-based assumptions.The approach provides a structured pathway from SP RS to DS and QPKE, clarifying how to tolerate non-deterministic signings via recognizable abort and repetition to achieve high correctness, with applications in authentication and encryption.Overall, the work closes part of the gap between quantum pseudorandomness and classic cryptographic primitives, enabling new cryptographic constructions under PRS-like assumptions and suggesting directions for strengthening adaptive security and quantum-access security in future work.

Abstract

Different flavors of quantum pseudorandomness have proven useful for various cryptographic applications, with the compelling feature that these primitives are potentially weaker than post-quantum one-way functions. Ananth, Lin, and Yuen (2023) have shown that logarithmic pseudorandom states can be used to construct a pseudo-deterministic PRG: informally, for a fixed seed, the output is the same with $1-1/poly$ probability. In this work, we introduce new definitions for $\bot$-PRG and $\bot$-PRF. The correctness guarantees are that, for a fixed seed, except with negligible probability, the output is either the same (with probability $1-1/poly$) or recognizable abort, denoted $\bot$. Our approach admits a natural definition of multi-time PRG security, as well as the adaptive security of a PRF. We construct a $\bot$-PRG from any pseudo-deterministic PRG and, from that, a $\bot$-PRF. Even though most mini-crypt primitives, such as symmetric key encryption, commitments, MAC, and length-restricted one-time digital signatures, have been shown based on various quantum pseudorandomness assumptions, digital signatures remained elusive. Our main application is a (quantum) digital signature scheme with classical public keys and signatures, thereby addressing a previously unresolved question posed in Morimae and Yamakawa's work (Crypto, 2022). Additionally, we construct CPA secure public-key encryption with tamper-resilient quantum public keys.

Figures (4)

• Figure 1: $\bot\text{-}\mathsf{PRF}$ pseudorandomness experiment
• Figure 2: CPA security experiment for tamper-proof QPKE.
• Figure 3: A $\bot\text{-}\mathsf{PRF}$ family $\mathcal{F}=\{\mathsf{Tree}\text{-}\mathsf{PRF}(k,\cdot)\}_{k\in \{0,1\}^\secpar}$ with domain $\{0,1\}^{m(\secpar)}$ and co-domain $\{0,1\}^{\secpar}$, for any polynomial $m(\secpar)$. This is a natural extension of the GGM construction GGM86 of $\prf$ from $\prg$, in the recognizable abort setting.
• Figure :

Theorems & Definitions (106)

• theorem 1: Informal version of \ref{['thm:pdprg_implies_botPRG']}
• theorem 2: Informal version of \ref{['thm:bot_prf_from_bot_prg']}
• theorem 3: Informal version of \ref{['thm:main sig']}
• theorem 4: Informal version of \ref{['thm:qpke-from-pdprf-restated']}
• theorem 5: Chernoff bound for $n$ independent Poisson trials cited from Theorems 4.4,4.5 MU05
• definition 1: Pseudorandom State Generator
• definition 2: Pseudodeterministic Pseudorandom Generators, adapted from Definition 4.1 in ALY23
• definition 3: Weak/Strong Pseudorandomness for $\mathsf{PD}\text{-}\mathsf{PRG}$, adapted from Definition 4.1 in ALY23
• definition 4: Pseudorandom Generator with Recognizable Abort ($\bot\text{-}\mathsf{PRG}$)
• definition 5: $\mathsf{Is}\text{-}\bot$