On Scalable Pseudorandom Unitaries and the Unitary Synthesis Problem

TL;DR

This paper explores the construction of scalable pseudorandom unitaries, linking their feasibility to fundamental questions in quantum complexity, and establishes bounds that challenge existing approaches.

Contribution

It formalizes ROM-PRUs, connects them to unitary design theory, and proves bounds that suggest scalable PRUs are unlikely to exist with current methods.

Findings

All known cryptographically secure PRUs are based on ROM-PRUs.

Any unitary synthesis algorithm requires a classical oracle with input length close to 2 log d bits.

Existing candidates for scalable PRUs are ruled out by the proven bounds.

Abstract

We consider the task of constructing pseudorandom unitaries (PRUs) with scalable security, i.e. families in which the security parameter may vary independently of the dimension (or input bit-length). It is not known whether scalable PRUs can be constructed. In this work we show that if scalable PRUs can be constructed via the prevailing paradigm for analyzing PRUs, then there would be a positive solution to the Aaronson-Kuperberg unitary synthesis problem, a longstanding question in quantum complexity theory about whether implementing arbitrary unitaries can be efficiently reduced to computing a Boolean function. Specifically, we formalize the notion of ROM-PRUs, which are statistically secure PRUs in the random oracle model (ROM). All prior known constructions of cryptographically secure PRUs are based on a ROM-PRU construction. We prove novel connections between ROM-PRUs, approximate unitary designs, epsilon-nets over the unitary group, and the unitary synthesis problem. In particular, we prove that any unitary synthesis algorithm (and thus any ROM-PRU) must use a classical oracle with input length (2 - o(1)) log d bits, where d is the dimension of the unitary to be implemented. This bound rules out all existing candidates for scalable PRUs in the literature. Together, these connections indicate that ROM-PRUs provide a fruitful idealized model for studying pseudorandom unitaries.