On Limits on the Provable Consequences of Quantum Pseudorandomness
Samuel Bouaziz--Ermann, Minki Hhan, Garazi Muguruza, Quoc-Huy Vu
TL;DR
This work investigates fundamental limits in quantum pseudorandomness by constructing CHFS-based oracle worlds that separate quantum primitives. It shows PRSGs can exist relative to CHFS oracles while PRUs lacking ancilla do not, using process tomography and swap-test techniques to argue about state purity and information leakage. Under a geometric, isoperimetric-type conjecture, the authors argue that quantum pseudorandom generators (QPRGs) with negligible error cannot be built from short PRFSGs in a black-box fashion, linking the hardness to ${\mathrm BQP} \neq {\mathrm QCMA}$. The paper also argues that certain length-extension schemes for PRSGs are impossible under these conjectural assumptions, highlighting a fundamental separation between quantum and classical pseudorandomness and guiding future exploration of quantum cryptographic primitives. The results collectively suggest that quantum pseudorandomness exhibits qualitative differences from classical analogs and that black-box constructions will face intrinsic obstacles without ancillary resources or new techniques.
Abstract
There are various notions of quantum pseudorandomness, such as pseudorandom unitaries (PRUs), pseudorandom state generators (PRSGs) and pseudorandom function-like state generators (PRSFGs). Unlike the different notions of classical pseudorandomness, which are known to be existentially equivalent to each other, the relation between quantum pseudorandomness has yet to be fully established. We present some evidence suggesting that some quantum pseudorandomness is unlikely to be constructed from the others, or at least is hard to construct unless some conjectures are false. This indicates that quantum pseudorandomness could behave quite differently from classical pseudorandomness. We study new oracle worlds where one quantum pseudorandomness exists but another pseudorandomness does not under some assumptions or constraints, and provide potential directions to achieve the full black-box separation. More precisely: - We give a unitary oracle relative to which PRFSGs exist but PRUs without using ancilla do not. This can be extended to the general PRUs if we can prove a structural property of the PRU algorithm. - Assuming an isoperimetric inequality-style conjecture, we show a unitary oracle world where log-length output PRFSGs exist but proving the existence of quantum-computable pseudorandom generators (QPRGs) with negligible correctness error is as hard as proving that ${\sf BQP}\neq {\sf QCMA}$. This result suggests that the inverse-polynomial error in the state of the art construction of QPRGs from log-length PRSGs is inherent. - Assuming the same conjecture, we prove that some natural way of constructing super-log-length output PRSGs from log-length output PRFSGs is impossible. This partly complements the known hardness of shrinking the PRSG output lengths. Along the way, we also discuss other potential approaches to extend the PRSG output lengths.