Quantum Advantage from One-Way Functions

by   Tomoyuki Morimae, et al.

We demonstrate quantum advantage with several basic assumptions, specifically based on only the existence of OWFs. We introduce inefficient-verifier proofs of quantumness (IV-PoQ), and construct it from classical bit commitments. IV-PoQ is an interactive protocol between a verifier and a quantum prover consisting of two phases. In the first phase, the verifier is probabilistic polynomial-time, and it interacts with the prover. In the second phase, the verifier becomes inefficient, and makes its decision based on the transcript of the first phase. If the prover is honest, the inefficient verifier accepts with high probability, but any classical malicious prover only has a small probability of being accepted by the inefficient verifier. Our construction demonstrates the following results: (1)If one-way functions exist, then IV-PoQ exist. (2)If distributional collision-resistant hash functions exist (which exist if hard-on-average problems in 𝐒𝐙𝐊 exist), then constant-round IV-PoQ exist. We also demonstrate quantum advantage based on worst-case-hard assumptions. We define auxiliary-input IV-PoQ (AI-IV-PoQ) that only require that for any malicious prover, there exist infinitely many auxiliary inputs under which the prover cannot cheat. We construct AI-IV-PoQ from an auxiliary-input version of commitments in a similar way, showing that (1)If auxiliary-input one-way functions exist (which exist if 𝐂𝐙𝐊⊈𝐁𝐏𝐏), then AI-IV-PoQ exist. (2)If auxiliary-input collision-resistant hash functions exist (which is equivalent to 𝐏𝐖𝐏𝐏⊈𝐅𝐁𝐏𝐏) or 𝐒𝐙𝐊⊈𝐁𝐏𝐏, then constant-round AI-IV-PoQ exist.


page 1

page 2

page 3

page 4

∙ 11/30/2020

Oblivious Transfer is in MiniQCrypt

MiniQCrypt is a world where quantum-secure one-way functions exist, and ...
∙ 11/05/2020

A Black-Box Approach to Post-Quantum Zero-Knowledge in Constant Rounds

In a recent seminal work, Bitansky and Shmueli (STOC '20) gave the first...
∙ 08/26/2022

Proofs of Quantumness from Trapdoor Permutations

Assume that Alice can do only classical probabilistic polynomial-time co...
∙ 05/03/2021

Distributional Collision Resistance Beyond One-Way Functions

Distributional collision resistance is a relaxation of collision resista...
∙ 03/04/2022

Constructive Post-Quantum Reductions

Is it possible to convert classical cryptographic reductions into post-q...
∙ 03/30/2021

A note about claw function with a small range

In the claw detection problem we are given two functions f:D→ R and g:D→...

Please sign up or login with your details

Forgot password? Click here to reset