On the (Im)possibility of Quantum Pseudorandomness in the (Inverseless) Haar Random Oracle Model

Allowing the adversary access to the inverse of the Haar random oracle (i.e., considering the QHROM instead of the iQHROM) would significantly impact the results and introduce substantial challenges: Breaking PRU Constructions: The current PRU constructions in the iQHROM, particularly those relying on simple structures like U(Xk ⊗ id)U or (Zk ⊗ id)U, would likely become insecure in the QHROM. The adversary could potentially use the inverse oracle (U†) to effectively "unwind" the PRU construction, revealing information about the key or internal workings. Difficulty in Security Proofs: The path-recording formalism, a crucial tool for analyzing the iQHROM, becomes much harder to apply when the adversary has access to the inverse oracle. The current proofs heavily rely on the fact that the adversary cannot invert the action of U. With access to U†, the adversary's actions become more complex to analyze, making it difficult to establish relationships between the real and ideal worlds. New Techniques Required: Analyzing security in the QHROM would necessitate developing new techniques and approaches. One possible direction could involve exploring more sophisticated PRU constructions that are inherently resistant to attacks leveraging the inverse oracle. Another avenue could be to develop alternative proof techniques that can effectively handle the presence of both U and U†. Potential for Stronger Primitives: While the QHROM presents significant challenges, it also opens possibilities for constructing stronger cryptographic primitives. For instance, it might be possible to design PRUs with stronger security guarantees, such as adaptive security or security against adversaries with unbounded query access, by leveraging the additional power offered by the inverse oracle. In summary, transitioning from the iQHROM to the QHROM would fundamentally alter the landscape of achievable results. Existing constructions would likely become insecure, demanding the development of new techniques and potentially leading to the discovery of more robust quantum pseudorandom primitives.

The current constructions and proofs in the (i)QHROM primarily focus on security against adversaries with bounded query access, meaning the adversary's power is restricted by the number of times they can query the Haar random oracle or the constructed primitive. Adapting these constructions to provide security against computationally bounded quantum adversaries, a more realistic model, poses significant challenges: Query Complexity vs. Computational Complexity: The current security arguments heavily rely on the limited query access of the adversary. Transitioning to a computationally bounded model requires bridging the gap between query complexity and computational complexity. It's not immediately clear how to translate the existing proofs, which bound the adversary's success probability based on the number of queries, into proofs that bound the adversary's advantage based on their computational resources. Instantiating the Haar Random Oracle: In a practical setting, the Haar random oracle would need to be instantiated with an efficiently computable function. However, the properties of the Haar measure, such as its continuous nature and the difficulty of sampling from it efficiently, make it challenging to find suitable real-world instantiations that maintain the desired security properties against computationally bounded adversaries. New Proof Techniques: Proving security against computationally bounded adversaries would likely require developing new proof techniques beyond the path-recording formalism. Techniques from post-quantum cryptography, such as security reductions to well-established hard problems, might be necessary to establish computational security. Potential for Weaker Security: It's important to note that achieving security against computationally bounded adversaries might come at the cost of weaker security guarantees compared to the unbounded query setting. The specific security level achievable would depend on the chosen instantiation of the Haar random oracle and the strength of the underlying computational assumptions. In conclusion, while the current (i)QHROM constructions provide valuable insights, adapting them to handle computationally bounded adversaries is a non-trivial task. It demands new approaches to bridge the gap between query and computational complexity, careful consideration of oracle instantiation, and potentially the acceptance of weaker security guarantees.

The findings presented, particularly the existence of pseudorandom primitives in the (i)QHROM, have several important implications for the development of post-quantum cryptography and the security of quantum communications: New Candidates for Post-Quantum Cryptography: The constructions of PRUs and PRSGs in the (i)QHROM offer potential candidates for building post-quantum cryptographic primitives. If the Haar random oracle can be instantiated with an efficiently computable function based on a post-quantum secure assumption, these constructions could lead to new public-key encryption schemes, digital signature schemes, and other cryptographic tools resistant to quantum attacks. Weaker Assumptions: The (i)QHROM provides a framework for exploring cryptographic constructions based on potentially weaker assumptions than traditional one-way functions. This is significant because the existence of one-way functions is a strong assumption, and finding alternative foundations for cryptography is an active area of research. Understanding Randomness in Quantum Settings: The study of pseudorandomness in the (i)QHROM contributes to a deeper understanding of randomness in the quantum world. It sheds light on the behavior of Haar random unitaries and their potential for generating computationally indistinguishable objects, which is crucial for various quantum information processing tasks. Implications for Quantum Key Distribution (QKD): While not directly addressed in the context, the findings have indirect implications for QKD. The existence of PRSGs in the (i)QHROM suggests potential new approaches for generating secret keys in quantum communication protocols. If these PRSGs can be securely instantiated, they could offer alternative methods for key generation in QKD. Further Research Directions: The work opens up several avenues for future research. These include: Finding Secure Instantiations: Exploring concrete instantiations of the Haar random oracle based on well-studied post-quantum assumptions is crucial for practical applications. Stronger Security Models: Investigating the feasibility of achieving security against computationally bounded adversaries in the (i)QHROM is essential for real-world security. New Primitives: Exploring the construction of other cryptographic primitives, such as commitment schemes, oblivious transfer protocols, and secure multi-party computation protocols, within the (i)QHROM framework could lead to a broader range of post-quantum cryptographic tools. In summary, the research on pseudorandomness in the (i)QHROM provides valuable insights with potential implications for post-quantum cryptography and quantum communications. It offers new directions for building secure primitives, exploring weaker assumptions, and understanding the nature of randomness in quantum settings. However, further research is needed to address the challenges of instantiation, computational security, and the development of a wider array of cryptographic tools.