How to Construct Random Unitaries

TL;DR

This paper proves the existence of pseudorandom unitaries (PRUs) under the assumption of quantum-secure one-way functions, with implications for cryptography and quantum complexity.

Contribution

It establishes the existence of PRUs for both standard and stronger security notions, assuming quantum-secure one-way functions.

Findings

PRUs exist under certain cryptographic assumptions.

Any algorithm querying Haar-random unitaries can be efficiently simulated.

The work bridges quantum cryptography and complexity theory.

Abstract

The existence of pseudorandom unitaries (PRUs) -- efficient quantum circuits that are computationally indistinguishable from Haar-random unitaries -- has been a central open question, with significant implications for cryptography, complexity theory, and fundamental physics. In this work, we close this question by proving that PRUs exist, assuming that any quantum-secure one-way function exists. We establish this result for both (1) the standard notion of PRUs, which are secure against any efficient adversary that makes queries to the unitary $U$, and (2) a stronger notion of PRUs, which are secure even against adversaries that can query both the unitary $U$ and its inverse $U^\dagger$. In the process, we prove that any algorithm that makes queries to a Haar-random unitary can be efficiently simulated on a quantum computer, up to inverse-exponential trace distance.