On the Cryptographic Futility of Non-Collapsing Measurements
Alper Cakan, Dakshita Khurana, Tomoyuki Morimae, Yuki Shirakawa, Kabir Tomer, Takashi Yamakawa
TL;DR
This work develops a unified framework to study quantum analogues of one-wayness, collision resistance, and cloning-resistance, using oracle-based separations to show limits of black-box reductions. By introducing classical and unitary oracle families (including a collision-finder Col, a cloning Col $\mathsf{QCol}$, and a non-collapsing measurement oracle $\mathcal{Q}$) and the compression technique $W_{\mathcal{O}}$, the authors prove that sub-exponentially secure iO and OWPs can coexist with quantum queries to these oracles, while simultaneously ruling out fully black-box constructions of several formidable primitives (e.g., distributional collision-resistant puzzles and quantum lightning) from iO/OWPs, even when oracle-aided circuits are allowed. The results yield strong separations: (i) iO/OWPs do not suffice to implement collision-resistant hashes in black-box fashion under quantum access; (ii) quantum lightning cannot be derived via black-box reductions from iO/OWPs; and (iii) access to non-collapsing measurements or cloning-unitaries does not collapse these separations. The framework also connects to PDQP/SampPDQP by showing that OW2H-compatible reductions cannot bridge to hard problems in these quantum classes, highlighting fundamental limits of quantum black-box cryptography. Overall, the paper illuminates the landscape of quantum-secure primitives and clarifies what can and cannot be achieved with black-box reductions in the quantum regime, with implications for quantum money, quantum money-like primitives, and cryptographic protocol design.
Abstract
We investigate quantum analogues of collision resistance and obtain separations between quantum ``one-way'' and ``collision-resistant'' primitives. 1. Our first result studies one-wayness versus collision-resistance defined over quantum circuits that output classical strings. We show that there is a classical oracle $\mathcal{O}$ relative to which (sub-exponentially secure) indistinguishability obfuscation and one-way permutations exist even against adversaries that make quantum queries to a non-collapsing measurement oracle, $\mathcal{Q}^{\mathcal{O}}$. Very roughly, $\mathcal{Q}^{\mathcal{O}}$ outputs the result of multiple non-collapsing measurements on the output of any quantum $\mathcal{O}$-aided circuit. This rules out fully black-box {\em quantum} constructions of $Y$ from $X$ for any $X \in \{$indistinguishability obfuscation and one-way permutations, public-key encryption, deniable encryption, oblivious transfer, non-interactive ZK, trapdoor permutations, quantum money$\}, Y \in \{$collision-resistant hash functions, hard problems in SZK, homomorphic encryption, distributional collision-resistant puzzles$\}$. 2. Our second result studies one-wayness versus collision-resistance defined over quantum states. Here, we show that relative to the same classical oracle $\mathcal{O}$, (sub-exponentially secure) indistinguishability obfuscation and one-way permutations exist even against adversaries that make quantum queries to a {\em cloning unitary} $\mathsf{QCol}^\mathcal{O}$. Very roughly, this latter oracle implements a well-defined, linear operation to clone a subset of the qubits output by any quantum $\mathcal{O}$-aided circuit. This rules out fully black-box constructions of quantum lightning from public-key quantum money.