Efficient simulation of random states and random unitaries

TL;DR

This paper develops efficient quantum algorithms to simulate random quantum states and unitaries convincingly against unbounded adversaries, with applications to quantum money and advancing lazy sampling theory.

Contribution

It introduces stateful quantum algorithms for simulating Haar-random states and unitaries with negligible error, even against unbounded adversaries, a novel advancement in quantum cryptography.

Findings

Polynomial-time simulation of Haar-random states with negligible error.

Polynomial-space simulation of Haar-random unitaries with perfect accuracy.

Application to unforgeable and untraceable quantum money schemes.

Abstract

We consider the problem of efficiently simulating random quantum states and random unitary operators, in a manner which is convincing to unbounded adversaries with black-box oracle access. This problem has previously only been considered for restricted adversaries. Against adversaries with an a priori bound on the number of queries, it is well-known that $t$-designs suffice. Against polynomial-time adversaries, one can use pseudorandom states (PRS) and pseudorandom unitaries (PRU), as defined in a recent work of Ji, Liu, and Song; unfortunately, no provably secure construction is known for PRUs. In our setting, we are concerned with unbounded adversaries. Nonetheless, we are able to give stateful quantum algorithms which simulate the ideal object in both settings of interest. In the case of Haar-random states, our simulator is polynomial-time, has negligible error, and can also simulate verification and reflection through the simulated state. This yields an immediate application to quantum money: a money scheme which is information-theoretically unforgeable and untraceable. In the case of Haar-random unitaries, our simulator takes polynomial space, but simulates both forward and inverse access with zero error. These results can be seen as the first significant steps in developing a theory of lazy sampling for random quantum objects.