Separating Pseudorandom Generators from Logarithmic Pseudorandom States: A Black-Box Separation Resolves an Open Problem in Cryptographic Applications

Pseudorandom generators form a cornerstone of modern cryptography, yet researchers continually explore alternative assumptions that might offer comparable security with potentially different trade-offs. Recent work introduced pseudorandom states as one such possibility, and surprisingly, logarithmic-size pseudorandom states have enabled cryptographic applications, like digital signatures and public-key encryption, that remain elusive with their linear counterparts. Mohammed Barhoush from Université de Montréal, along with co-authors, now resolves a critical open question by demonstrating a fundamental difference between pseudorandom generators and pseudorandom states of any size. The team constructs a specific computational environment where a pseudorandom generator cannot be built from a pseudorandom state, establishing a clear separation between these two approaches to cryptographic security and, consequently, separating pseudorandom generators from several advanced cryptographic schemes built upon logarithmic pseudorandom states.

Quantum States Mimic True Randomness

Scientists investigated the fundamental limits of quantum pseudorandomness, exploring how much cryptographic security can be built solely from quantum states that appear random. The research centers on pseudorandom quantum states (QPRSs), which are the quantum equivalent of classical pseudorandom number generators, and asks whether these states can serve as the foundation for more complex cryptographic tools. This study demonstrates that there are inherent limitations to what can be achieved with QPRSs alone, clarifying that they are not as powerful as initially hoped and cannot serve as a universal building block for all cryptographic applications. The findings provide guidance for cryptographic designers, suggesting that relying solely on QPRSs may not be sufficient for building secure systems.

This research contributes to a deeper understanding of quantum cryptography, refining our knowledge of what quantum resources can and cannot provide in terms of security, and lays the foundation for future research opening new avenues for exploring the relationships between quantum resources, cryptographic primitives, and computational complexity. In essence, this research asks whether a seemingly random number generator can be used to build any secure system. The surprising answer is no, some things are simply impossible to build, even with a perfect random number generator. This work proves that quantum randomness alone has limits, and other ingredients are necessary to build truly secure systems.

Pseudorandomness Separation via Quantum Oracles

Scientists established a clear separation between pseudorandom generators (PRGs) and pseudorandom states (PRSs), regardless of the size of the PRS used, resolving a long-standing problem in quantum cryptography. The team engineered a novel separation technique relative to a unitary quantum oracle with inverse access, demonstrating that PRGs cannot be constructed from PRSs in a black-box manner. This breakthrough circumvents limitations of previous approaches by avoiding reliance on a concentration inequality that fails in certain scenarios. As a direct consequence, several cryptographic applications, including existentially unforgeable digital signatures and CPA-secure quantum public-key encryption with tamper-resilient keys, also cannot be constructed from PRSs alone. This research extends prior separations between linear PRSs and PRGs, and between PRSs and digital signatures, by establishing a complete separation for PRSs of any size, clarifying the hierarchy of computational hardness in the quantum setting and advancing the understanding of fundamental building blocks for secure quantum communication.

Pseudorandom States Cannot Build Generators

Scientists have definitively separated pseudorandom generators (PRGs) and pseudorandom states (PRSs), resolving a long-standing open problem in quantum cryptography. The research demonstrates that PRGs cannot be constructed from PRSs, even when the PRSs have access to inverse oracle queries, for any size regime where the PRS size is proportional to the input length. This breakthrough utilizes a novel construction involving two unitary oracles: a PSPACE oracle and a specially designed oracle generating Haar random states. Experiments involved demonstrating that any attempt to build a PRG from a PRS would necessarily require breaking the PSPACE oracle, proving the impossibility of a black-box construction. The results demonstrate that PRGs possess a strictly stronger assumption than PRSs, with implications for the foundations of quantum cryptography, and extends to several cryptographic primitives implied by logarithmic PRSs, including existentially unforgeable digital signatures and CPA-secure quantum public-key encryption with tamper-resilient keys. The team’s work strengthens existing separations and does not rely on unproven conjectures, providing a robust and definitive result, clarifying the hierarchy of computational hardness in the quantum setting and advancing the understanding of fundamental cryptographic assumptions.

PRGs and PRSs Are Fundamentally Distinct

This research establishes a fundamental separation between pseudorandom generators (PRGs) and pseudorandom states (PRSs), resolving a long-standing open question in computational complexity. The team demonstrates that no black-box construction can create a PRG from a PRS, regardless of whether the PRS is logarithmic or linear in size. This separation is achieved through the construction of a specific unitary oracle, against which such a construction is impossible, and strengthens previous results by not relying on unproven conjectures. The significance of this finding lies in clarifying the limits of what can be achieved with PRSs as a potential substitute for PRGs in cryptographic applications. While logarithmic PRSs have enabled certain cryptographic schemes not yet realized with linear PRSs, this work demonstrates that they cannot universally replace PRGs. Future work could explore the implications of these separations for other cryptographic primitives and investigate the boundaries between classical and quantum computational assumptions.