Table of Contents
Fetching ...

On the Impossibility of Simulation Security for Quantum Functional Encryption

Mohammed Barhoush, Arthur Mehta, Anne Müller, Louis Salvail

TL;DR

This work shows that the classical barriers against simulation-based security for functional encryption largely persist in the quantum setting. By introducing a quantum incompressibility lemma for pseudorandom quantum states and novel reduction arguments, the authors prove three main impossibilities for secret-key QFE: an unconditional $M\text{-}1\text{-}AD$ SIM--secure impossibility with many ciphertext queries, a $1\text{-}1\text{-}NA$ SIM--secure impossibility under PRS (even for succinct schemes), and a $1\text{-}M\text{-}NA$ SIM--secure impossibility under PKE. The PKE-based result is particularly novel in this quantum context, and together these results provide strong evidence against the existence of SIM--secure QFE in general. The findings reinforce the view that quantum resources do not automatically overcome classical lower bounds for FE, guiding future work toward restricted circuit classes or alternative security notions. The incompressibility techniques developed here may also inform broader quantum cryptographic barriers and constructions.

Abstract

Functional encryption is a powerful cryptographic primitive that enables fine-grained access to encrypted data and underlies numerous applications. Although the ideal security notion for FE (simulation security) has been shown to be impossible in the classical setting, those impossibility results rely on inherently classical arguments. This leaves open the question of whether simulation-secure functional encryption can be achieved in the quantum regime. In this work, we rule out this possibility by showing that the classical impossibility results largely extend to the quantum world. In particular, when the adversary can issue an unbounded number of challenge messages, we prove an unconditional impossibility, matching the classical barrier. In the case where the adversary may obtain many functional keys, classical arguments only yield impossibility under the assumption of pseudorandom functions; we strengthen this by proving impossibility under the potentially weaker assumption of pseudorandom quantum states. In the same setting, we also establish an alternative impossibility based on public-key encryption. Since public-key encryption is not known to imply pseudorandom quantum states, this provides independent evidence of the barrier. As part of our proofs, we show a novel incompressibility property for pseudorandom states, which may be of independent interest.

On the Impossibility of Simulation Security for Quantum Functional Encryption

TL;DR

This work shows that the classical barriers against simulation-based security for functional encryption largely persist in the quantum setting. By introducing a quantum incompressibility lemma for pseudorandom quantum states and novel reduction arguments, the authors prove three main impossibilities for secret-key QFE: an unconditional SIM--secure impossibility with many ciphertext queries, a SIM--secure impossibility under PRS (even for succinct schemes), and a SIM--secure impossibility under PKE. The PKE-based result is particularly novel in this quantum context, and together these results provide strong evidence against the existence of SIM--secure QFE in general. The findings reinforce the view that quantum resources do not automatically overcome classical lower bounds for FE, guiding future work toward restricted circuit classes or alternative security notions. The incompressibility techniques developed here may also inform broader quantum cryptographic barriers and constructions.

Abstract

Functional encryption is a powerful cryptographic primitive that enables fine-grained access to encrypted data and underlies numerous applications. Although the ideal security notion for FE (simulation security) has been shown to be impossible in the classical setting, those impossibility results rely on inherently classical arguments. This leaves open the question of whether simulation-secure functional encryption can be achieved in the quantum regime. In this work, we rule out this possibility by showing that the classical impossibility results largely extend to the quantum world. In particular, when the adversary can issue an unbounded number of challenge messages, we prove an unconditional impossibility, matching the classical barrier. In the case where the adversary may obtain many functional keys, classical arguments only yield impossibility under the assumption of pseudorandom functions; we strengthen this by proving impossibility under the potentially weaker assumption of pseudorandom quantum states. In the same setting, we also establish an alternative impossibility based on public-key encryption. Since public-key encryption is not known to imply pseudorandom quantum states, this provides independent evidence of the barrier. As part of our proofs, we show a novel incompressibility property for pseudorandom states, which may be of independent interest.
Paper Structure (14 sections, 6 theorems, 5 equations, 1 table)

This paper contains 14 sections, 6 theorems, 5 equations, 1 table.

Key Result

theorem thmcountertheorem

There does not exist a $\textsf{M}\text{-}1\text{-}\textsf{AD}$SIM--secure $\mathsf{QFE}$ scheme.

Theorems & Definitions (6)

  • theorem thmcountertheorem: informal
  • theorem thmcountertheorem: informal
  • lemma thmcounterlemma: informal
  • theorem thmcountertheorem: informal
  • corollary thmcountercorollary
  • lemma thmcounterlemma