Quantum Pseudorandomness Cannot Be Shrunk In a Black-Box Way

TL;DR

This paper proves that in a relativized setting, it is impossible to reduce the size of pseudorandom quantum states from polynomial to logarithmic qubits without losing their pseudorandomness, highlighting fundamental size limitations.

Contribution

It establishes a relativized impossibility result for shrinking pseudorandom quantum states, addressing a key open question in quantum cryptography.

Findings

Short-PRSs cannot exist relative to Kretschmer's quantum oracle.

PRSs with polynomial size output are known to exist.

The result applies in a relativized setting, not unconditionally.

Abstract

Pseudorandom Quantum States (PRS) were introduced by Ji, Liu and Song as quantum analogous to Pseudorandom Generators. They are an ensemble of states efficiently computable but computationally indistinguishable from Haar random states. Subsequent works have shown that some cryptographic primitives can be constructed from PRSs. Moreover, recent classical and quantum oracle separations of PRS from One-Way Functions strengthen the interest in a purely quantum alternative building block for quantum cryptography, potentially weaker than OWFs. However, our lack of knowledge of extending or shrinking the number of qubits of the PRS output still makes it difficult to reproduce some of the classical proof techniques and results. Short-PRSs, that is PRSs with logarithmic size output, have been introduced in the literature along with cryptographic applications, but we still do not know how they relate to PRSs. Here we answer half of the question, by showing that it is not possible to shrink the output of a PRS from polynomial to logarithmic qubit length while still preserving the pseudorandomness property, in a relativized way. More precisely, we show that relative to Kretschmer's quantum oracle (TQC 2021) short-PRSs cannot exist (while PRSs exist, as shown by Kretschmer's work).