Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Less is More: On Copy Complexity in Quantum Cryptography

Prabhanjan Ananth, Eli Goldin

TL;DR

The paper addresses how quantum cryptographic security definitions depend on copy complexity, introducing a general copy-expansion theorem that converts single-copy security into multi-copy security across pseudorandomness and unclonable-cryptography settings. The authors develop a simulator based on a compressed oracle framework and a controlled quantum one-time pad to show that $t$ copies of certain mixed states can be efficiently simulated from $t$ i.i.d. copies of purifications, enabling multi-copy security from 1-copy security under mild ancilla assumptions. They apply this framework to construct $t$-copy secure pseudorandom states and unitaries, and to derive identical-copy secure quantum money and copy-protection schemes under standard post-quantum cryptographic assumptions, including indistinguishability obfuscation. The approach unifies several unclonable primitives and PR notions, offering new cryptographic possibilities and strengthening the security guarantees of quantum money and copy-protection in practical, post-quantum settings.

Abstract

Quantum cryptographic definitions are often sensitive to the number of copies of the cryptographic states revealed to an adversary. Making definitional changes to the number of copies accessible to an adversary can drastically affect various aspects including the computational hardness, feasibility, and applicability of the resulting cryptographic scheme. This phenomenon appears in many places in quantum cryptography, including quantum pseudorandomness and unclonable cryptography. To address this, we present a generic approach to boost single-copy security to multi-copy security and apply this approach to many settings. As a consequence, we obtain the following new results: -One-copy stretch pseudorandom state generators (under mild assumptions) imply the existence of t-copy stretch pseudorandom state generators, for any fixed polynomial t. -One-query pseudorandom unitaries with short keys (under mild assumptions) imply the existence of t-query pseudorandom unitaries with short keys, for any fixed polynomial t. -Assuming indistinguishability obfuscation and other standard cryptographic assumptions, there exist identical-copy secure unclonable primitives such as public-key quantum money and quantum copy-protection.

Less is More: On Copy Complexity in Quantum Cryptography

TL;DR

The paper addresses how quantum cryptographic security definitions depend on copy complexity, introducing a general copy-expansion theorem that converts single-copy security into multi-copy security across pseudorandomness and unclonable-cryptography settings. The authors develop a simulator based on a compressed oracle framework and a controlled quantum one-time pad to show that copies of certain mixed states can be efficiently simulated from i.i.d. copies of purifications, enabling multi-copy security from 1-copy security under mild ancilla assumptions. They apply this framework to construct -copy secure pseudorandom states and unitaries, and to derive identical-copy secure quantum money and copy-protection schemes under standard post-quantum cryptographic assumptions, including indistinguishability obfuscation. The approach unifies several unclonable primitives and PR notions, offering new cryptographic possibilities and strengthening the security guarantees of quantum money and copy-protection in practical, post-quantum settings.

Abstract

Quantum cryptographic definitions are often sensitive to the number of copies of the cryptographic states revealed to an adversary. Making definitional changes to the number of copies accessible to an adversary can drastically affect various aspects including the computational hardness, feasibility, and applicability of the resulting cryptographic scheme. This phenomenon appears in many places in quantum cryptography, including quantum pseudorandomness and unclonable cryptography. To address this, we present a generic approach to boost single-copy security to multi-copy security and apply this approach to many settings. As a consequence, we obtain the following new results: -One-copy stretch pseudorandom state generators (under mild assumptions) imply the existence of t-copy stretch pseudorandom state generators, for any fixed polynomial t. -One-query pseudorandom unitaries with short keys (under mild assumptions) imply the existence of t-query pseudorandom unitaries with short keys, for any fixed polynomial t. -Assuming indistinguishability obfuscation and other standard cryptographic assumptions, there exist identical-copy secure unclonable primitives such as public-key quantum money and quantum copy-protection.

Paper Structure

This paper contains 50 sections, 29 theorems, 101 equations, 2 figures.

Table of Contents

  1. Introduction
  2. Case study: Quantum Pseudorandomness and Microcrypt.
  3. Case Study: Unclonable Cryptography.
  4. Our Work.
  5. Results
  6. Pseudorandomness.
  7. Unclonable Cryptography.
  8. Technical Overview
  9. Background: the compressed oracle method
  10. The main challenge
  11. Example: random states from a family
  12. Erasing the index
  13. Handling general mixed states
  14. Applications
  15. Pseudorandom states
  16. ...and 35 more sections

Key Result

Theorem 1.1

Consider a family of states $\{\ket{\phi_i}_{{\color{gray} {\bf A}} {\color{gray} {\bf B}}}\}_{i \in \{0,1\}^{n}}$. Define the following state: Let $\rho_t=\mathop{\mathbb{E}}_{f_1,f_2,f_3,f_4}\left[ \left( \ketbra{\psi_{f_1,f_2,f_3,f_4}} \right)^{\otimes t} \right]$. Then, $\rho_t$ can be efficiently approximated with $t$ i.i.d copies of $\{\mathsf{Tr}_{{\color{gray} {\bf B}}}\left( \ketbra{\phi

Figures (2)

  • Figure 1: The efficient implementation of the simulator for general isometries. Here the $\uplus$ gate represents adding the string on register ${\color{gray} {\bf K}}$ to the multiset stored in ${\color{gray} {\bf St}}'$.
  • Figure 2: Construction of a $t$-copy non-adaptive PRU from a $1$-copy pure PRU. The key consists of $f_1,f_2$ two $2t$-wise independent hashes, and $U,U'$ two $t$-designs.

Theorems & Definitions (85)

  • Theorem 1.1: Main Theorem; Informal
  • Theorem 1.2: Informal
  • Theorem 1.3: Informal
  • Theorem 1.4: Informal
  • Theorem 1.5: Informal
  • Theorem 2.1
  • Definition 3.1: Type vectors
  • Definition 3.2
  • Definition 3.3
  • Theorem 3.4: 2twise
  • ...and 75 more