On Best-Possible One-Time Programs

TL;DR

This paper explores the fundamental limits of one-time programs (OTPs), introduces a subclass called testable OTPs, and constructs optimal security protocols for quantum functionalities, advancing quantum cryptography.

Contribution

It proves the non-existence of a universal best-possible OTP compiler, introduces testable OTPs with reflection oracles, and constructs SEQ-secure OTPs for quantum channels, also proposing stateful quantum indistinguishability obfuscation.

Findings

Best-possible OTP compiler cannot exist universally.

Testable OTPs can be constructed with reflection oracles.

Stateful quantum iO implies best-possible testable OTPs.

Abstract

One-time programs (OTPs) aim to let a user evaluate a program on a single input while revealing nothing else. Classical OTPs require hardware assumptions, and even with quantum information, OTPs for deterministic functionalities remain impossible due to gentle-measurement attacks (Broadbent, Gutoski and Stebila, 2013). While recent works achieve positive results for certain randomized functionalities, the fundamental limits and the strongest achievable security notions remain poorly understood. In this paper, we ask for a "best-possible" OTP that achieves the strongest one-time security achievable by any OTP construction. We first show that a generic best-possible one-time compiler cannot exist, even for classical randomized functionalities (assuming lossy encryption schemes exist). Given this impossibility, we introduce a natural subclass of one-time compilers called "testable one-time program" compilers, which output quantum states augmented with reflection oracles for these program states. We show that best-possible testable OTP compilers are achievable by (1) formulating a generalized Single-Effective-Query (SEQ) simulation security notion for quantum channels and show that SEQ security implies best-possible testable one-time security, and (2) constructing SEQ-secure OTPs for all quantum functionalities in the classical oracle model. This yields the first OTP for arbitrary quantum channels beyond classical randomized functionalities. Finally, we propose stateful quantum indistinguishability obfuscation (stateful quantum iO) -- quantum state obfuscation for stateful quantum programs. We show that (1) stateful quantum iO implies best-possible testable OTPs and (2) stateful quantum iO is also achievable in the classical oracle model. These results identify stateful quantum iO as a promising approach towards best-possible testable OTPs.