Simulation-secure One-Time Memories Achieve ≤ ½ Conjugate-Basis Guessing Probability

Scientists are tackling the challenge of creating genuinely secure one-time programs, and a new study led by Lev Stambler from the University of Maryland, College Park, and NeverLocal Ltd., offers a significant step forward! Stambler, alongside his colleagues, demonstrate a simulation-secure one-time memory (OTM) constructible using only single-qubit Wiesner states and conjunction obfuscation , a simplification over previous complex entanglement requirements! This research is particularly noteworthy because it establishes a new bound on measurement probabilities and proposes security against adaptive, depth-bounded adversaries, mirroring realistic attacks on single-qubit state OTMs! Ultimately, this work not only paves the way for practical and truly secure one-time programs, but also suggests a path towards encoding these memories into error-corrected states for long-term persistence.

Wiesner States and LPN for Secure Memory offer

Scientists have constructed simulation-secure one-time memories (OTM) within the random oracle model, presenting a compelling argument for their security against adversaries possessing bounded and adaptive depth! This breakthrough utilizes a remarkably simple scheme employing only single-qubit Wiesner states and conjunction obfuscation, constructible from Learning Parity with Noise (LPN), thereby circumventing the need for complex entanglement or advanced quantum cryptography! The research establishes a novel POVM bound, proving that any measurement achieving success on one basis limits conjugate-basis guessing probability to at most 1/2m + O(ε1/4), a significant refinement of existing bounds! This innovative approach enables the creation of simulation-secure OTMs where adversaries are restricted to classical queries of the random oracle, enhancing practical applicability.

The team achieved adaptive depth security through an informal application of a lifting theorem from Arora et al, conjecturing security against adversaries with polynomial circuit depth between random oracle queries! This is particularly noteworthy as security against such adaptive, depth-bounded adversaries mirrors realistic attacks on OTMs built from single-qubit. This innovative approach leverages conjunction obfuscation, instantiable from the Learning Parity with Noise (LPN) assumption, to provide a practical and efficient construction. The study pioneered a new POVM bound demonstrating that any measurement achieving success on one basis limits conjugate-basis guessing probability to at most 1/2m + O(ε1/4), where ‘m’ represents the number of qubits and ‘ε’ denotes the error probability.

Experiments employed a sequential POVM bound, crucially holding even when the adversary learns the basis choice post-measurement, and generalising existing single-qubit results to the multi-qubit setting. The team prepared ‘n’ independent ‘m’-qubit conjugate coding states, each encoding a uniformly random secret si ∈ {0, 1}m, then randomly assigned positions to either the X or Z basis, forming sets ΘX and ΘZ respectively. Two conjunction obfuscations were then implemented, each verifying the alignment of hashed measurement outcomes with expected values, effectively concealing the basis assignments and generating a key kα upon successful evaluation. Messages were encrypted as cα = kα ⊕ mα, meaning recovery of mα necessitates evaluating the conjunction Oα, and the random oracle compels the adversary to commit to specific measurement outcomes via classical queries.

The system delivers security grounded in the novel POVM bound and the random oracle, guaranteeing that correct measurement in one basis leaves conjugate-basis secrets with high min-entropy, preventing the adversary from generating valid queries for both conjunctions and enforcing one-time execution. Researchers harnessed an informal application of a lifting theorem from Arora et al to conjecture security against adversaries with polynomial circuit depth between random oracle queries, classifying these adversaries within the complexity class BPPQNCBPPd. This approach enables encoding one-time memories into error-corrected memory states, potentially allowing for long-term persistence of one-time programs, and the special random oracle, H, required by Arora et al, was built by concatenating hash functions, H(x) = HO(λ)(HO(λ)−1(. H1(x). )), where each Hi is a standard cryptographic hash function.

Single-Qubit OTMs and Sequential POVM Security

Scientists have constructed simulation-secure one-time memories (OTM) utilising single-qubit Wiesner states and conjunction obfuscation, eliminating the need for complex entanglement or indistinguishability obfuscation required by previous approaches! The team achieved this within the random oracle model, presenting a strong argument for security against adversaries with both bounded and adaptive depth. Crucially, the research introduces a new POVM bound demonstrating that any measurement successfully identifying computational basis states limits conjugate-basis guessing probability to at most 1/2m + O(ε1/4). Experiments revealed a sequential POVM bound, meaning it remains valid even when the adversary learns the basis choice after measurement, and generalises prior single-qubit results to the multi-qubit setting.

Specifically, for m = Θ(λ) qubits, the conjugate-basis guessing becomes exponentially hard. This breakthrough delivers a new information-theoretic bound for conjugate coding, showing that a POVM achieving success probability of (1 − ε) on identifying m qubits in the computational basis allows guessing the string encoded in the conjugate (Hadamard) basis with a probability of at most 1/2m + O(ε1/4). The researchers prepared n independent m-qubit conjugate coding states, each encoding a uniformly random secret si ∈ {0, 1}m, to facilitate this achievement. Measurements confirm the construction of an OTM, proving its security against adversaries making classical queries to a random oracle.

The team employed two conjunction obfuscations, each verifying whether hashed measurement outcomes align with expected values, to conceal the basis assignments and generate a key kα upon successful evaluation. Messages were encrypted as cα = kα ⊕ mα, meaning recovery of mα necessitates evaluating the conjunction Oα. The random oracle enforces commitment to specific measurement outcomes via classical queries, and the POVM bound guarantees high min-entropy for conjugate-basis secrets even after correct measurement in one basis. Furthermore, the study conjectures security against adaptive quantum adversaries with polynomial quantum depth between oracle queries, leveraging an informal application of the lifting framework from Arora et al.

Tests prove that classical-query security should extend to this adaptive quantum depth setting, as the adversaries’ oracle queries effectively collapse to classical transcripts. This opens the possibility of storing one-time memories in quantum memory for extended periods, paving the way for practical and truly secure one-time programs! The special random oracle, H, required by Arora et al., can be built by concatenating hash functions, H(x) = HO(λ)(HO(λ)−1(. H1(x). )), where each Hi is a standard cryptographic hash function modelled as a random oracle.