On the computational hardness needed for quantum cryptography

TL;DR

This paper explores the necessity of EFI pairs in quantum cryptography, showing they are fundamental for many cryptographic primitives, similar to how one-way functions are essential in classical cryptography.

Contribution

It demonstrates that EFI pairs are necessary for a wide range of quantum cryptographic applications, establishing their role as a minimal and essential primitive.

Findings

EFI pairs can be constructed from simple commitment schemes and other primitives.

EFI pairs are necessary for quantum zero-knowledge proofs for all of QIP.

EFI pairs serve as a foundational primitive in quantum cryptography, akin to OWFs in classical cryptography.

Abstract

In the classical model of computation, it is well established that one-way functions (OWF) are minimal for computational cryptography: They are essential for almost any cryptographic application that cannot be realized with respect to computationally unbounded adversaries. In the quantum setting, however, OWFs appear not to be essential (Kretschmer 2021; Ananth et al., Morimae and Yamakawa 2022), and the question of whether such a minimal primitive exists remains open. We consider EFI pairs -- efficiently samplable, statistically far but computationally indistinguishable pairs of (mixed) quantum states. Building on the work of Yan (2022), which shows equivalence between EFI pairs and statistical commitment schemes, we show that EFI pairs are necessary for a large class of quantum-cryptographic applications. Specifically, we construct EFI pairs from minimalistic versions of commitments schemes, oblivious transfer, and general secure multiparty computation, as well as from $\mathsf{QCZK}$ proofs from essentially any non-trivial language. We also construct quantum computational zero knowledge ($\mathsf{QCZK}$) proofs for all of $\mathsf{QIP}$ from any EFI pair. This suggests that, for much of quantum cryptography, EFI pairs play a similar role to that played by OWFs in the classical setting: they are simple to describe, essential, and also serve as a linchpin for demonstrating equivalence between primitives.