Separating Pseudorandom Generators from Logarithmic Pseudorandom States

TL;DR

This paper proves that pseudorandom generators cannot be constructed from logarithmic or linear-size pseudorandom quantum states using black-box methods, highlighting fundamental differences in their cryptographic capabilities.

Contribution

It establishes the first black-box separation between PRGs and logarithmic-size PRSs, and further separates PRGs from bot-PRGs, clarifying their distinct cryptographic roles.

Findings

No black-box construction of PRG from logarithmic PRS exists.

PRGs are separated from bot-PRGs, impacting cryptographic applications.

Separation holds relative to a specific quantum oracle.

Abstract

Pseudorandom generators (PRGs) are a foundational primitive in classical cryptography, underpinning a wide range of constructions. In the quantum setting, pseudorandom quantum states (PRSs) were proposed as a potentially weaker assumption that might serve as a substitute for PRGs in cryptographic applications. Two primary size regimes of PRSs have been studied: logarithmic-size and linear-size. Interestingly, logarithmic PRSs have led to powerful cryptographic applications, such as digital signatures and quantum public-key encryption with tamper-resilient keys, that have not been realized from their linear counterparts. However, PRGs have only been black-box separated from linear PRSs, leaving open the fundamental question of whether PRGs are also separated from logarithmic PRSs. In this work, we resolve this open problem. We establish a quantum black-box separation between (quantum-evaluable) PRGs and PRSs of either size regime. Specifically, we construct a unitary quantum oracle with inverse access relative to which no black-box construction of PRG from (logarithmic or linear) PRS exists. This does not directly separate PRG from some of the applications of SPRS since these applications involve, as a first step, a non-black-box construction of a notion termed bot-PRGs. To address this, we present another unitary separation showing that PRG are also separated from bot-PRGs. Thus, we obtain separation from digital signatures and quantum public-key encryption.