\(
\newcommand{\ket}[1]{\vert#1\rangle}
\newcommand{\bra}[1]{\langle#1\vert}
\newcommand{\bigket}[1]{\bigl\vert#1\bigr\rangle}
\newcommand{\bigbra}[1]{\bigl\langle#1\bigr\vert}
\newcommand{\class}[1]{\mathrm{#1}}
\newcommand{\problem}[1]{\mathrm{#1}}
\renewcommand{\natural}{\mathbb{N}}
\newcommand{\real}{\mathbb{R}}
\newcommand{\complex}{\mathbb{C}}
\newcommand{\ip}[2]{\left\langle#1, #2 \right\rangle}
\newcommand{\Tr}{\mathop{\mathrm{Tr}}\nolimits}
\newcommand{\tr}{\mathop{\mathrm{tr}}\nolimits}
\newcommand{\abs}[1]{\left\lvert#1 \right\rvert}
\newcommand{\norm}[1]{\left\lVert#1 \right\rVert}
\newcommand{\floor}[1]{\left\lfloor#1 \right\rfloor}
\newcommand{\X}{\mathcal{X}}
\newcommand{\Y}{\mathcal{Y}}
\newcommand{\A}{\mathcal{A}}
\newcommand{\B}{\mathcal{B}}
\newcommand{\E}{\mathop{\mathbb{E}}}
\newcommand{\Var}{\mathop{\mathrm{Var}}}
\newcommand{\dif}{\mathrm{d}}
\newcommand{\eps}{\epsilon}
\newcommand{\sign}{\mathrm{sign}}
\newcommand{\poly}{\mathrm{poly}}
\newcommand{\polylog}{\mathrm{polylog}}
\newcommand{\negl}{\mathrm{negl}}
\newcommand{\church}[1]{\overline{#1}}
\newcommand{\defeq}{\stackrel{\text{def}}{=}}
\newcommand{\pair}[2]{\langle#1, #2\rangle}
\newcommand{\tuple}[1]{\langle#1\rangle}
\newcommand{\red}{\rightarrow}
\newcommand{\reds}{\twoheadrightarrow}
\newcommand{\betared}{\rightarrow_{\beta}}
\newcommand{\betareds}{\twoheadrightarrow_{\beta}}
\newcommand{\betaeq}{=_{\beta}}
\newcommand{\betaetared}{\rightarrow_{\beta\eta}}
\newcommand{\betaetareds}{\twoheadrightarrow_{\beta\eta}}
\newcommand{\parared}{\rightarrow_{\|}}
\newcommand{\parareds}{\twoheadrightarrow_{\|}}
\newcommand{\desc}[1]{\langle#1 \rangle}
\newcommand{\adv}{\mathcal{A}}
\newcommand{\dis}{\mathcal{D}}
\newcommand{\labelsty}[1]{\mathrm{#1}}
\newcommand{\Enc}{\labelsty{Enc}}
\newcommand{\Dec}{\labelsty{Dec}}
\newcommand{\plain}{\labelsty{p}}
\newcommand{\cipher}{\labelsty{c}}
\newcommand{\PRG}{\labelsty{PRG}}
\newcommand{\Commit}{\labelsty{Com}}
\newcommand{\oracle}{\mathcal{O}}
\newcommand{\Sim}{\labelsty{Sim}}
\newcommand{\comp}{\labelsty{c}}
\newcommand{\view}{\labelsty{view}}
\newcommand\TIME{\class{TIME}}
\newcommand\SPACE{\class{SPACE}}
\newcommand\SIZE{\class{SIZE}}
\newcommand\NTIME{\class{NTIME}}
\newcommand\NSPACE{\class{NSPACE}}
\newcommand\BQP{\class{BQP}}
\newcommand\BPP{\class{BPP}}
\newcommand\QMA{\class{QMA}}
\renewcommand\P{\class{P}}
\newcommand\Ppoly{\class{P{/}poly}}
\newcommand\NP{\class{NP}}
\newcommand\NPC{\class{NP}\text{-complete}}
\newcommand\coNP{\class{coNP}}
\newcommand\MA{\class{MA}}
\newcommand\AM{\class{AM}}
\newcommand\QCMA{\class{QCMA}}
\newcommand\EXP{\class{EXP}}
\newcommand\NEXP{\class{NEXP}}
\newcommand\PP{\class{PP}}
\newcommand\GapP{\class{GapP}}
\newcommand\IP{\class{IP}}
\newcommand\QIP{\class{QIP}}
\newcommand\PSPACE{\class{PSPACE}}
\newcommand\NPSPACE{\class{NPSPACE}}
\newcommand\MIP{\class{MIP}}
\newcommand\RE{\class{RE}}
\newcommand\QMAM{\class{QMAM}}
\newcommand\PH{\class{PH}}
\renewcommand\L{\class{L}}
\newcommand\NL{\class{NL}}
\newcommand\coNL{\class{coNL}}
\newcommand\NLC{\class{NL}\text{-complete}}
\newcommand\PPAD{\class{PPAD}}
\newcommand\SharpP{\#\class{P}}
\newcommand\HVPZK{\class{HVPZK}}
\newcommand\HVSZK{\class{HVSZK}}
\newcommand\PZK{\class{PZK}}
\newcommand\SZK{\class{SZK}}
\newcommand\CZK{\class{CZK}}
\newcommand\val{\mathrm{val}}
\newcommand\vale{\mathrm{val}^*}
\newcommand\perm{\mathop{\mathrm{perm}}\nolimits}
\newcommand\pathfunc{\mathrm{path}}
\newcommand\SELF{\problem{SELF}}
\newcommand\HALT{\problem{HALT}}
\newcommand\MINTM{\problem{MIN}_\text{TM}}
\newcommand\ACCTM{\problem{ACC}_\text{TM}}
\newcommand\TQBF{\problem{TQBF}}
\newcommand\PAL{\problem{PAL}}
\newcommand\PATH{\problem{PATH}}
\newcommand\LONGPATH{\problem{LONGEST\text{-}PATH}}
\newcommand\SHORTPATH{\problem{SHORTEST\text{-}PATH}}
\newcommand\HAMPATH{\problem{HAM\text{-}PATH}}
\newcommand\HAMCYCLE{\problem{HAM\text{-}CYCLE}}
\newcommand\INDSET{\problem{IND\text{-}SET}}
\newcommand\MINCUT{\problem{MIN\text{-}CUT}}
\newcommand\MAXFLOW{\problem{MAX\text{-}FLOW}}
\newcommand\MAXCUT{\problem{MAX\text{-}CUT}}
\newcommand\MAXCUTAPP{\problem{MAX\text{-}CUT\text{-}APPROX}}
\newcommand\SAT{\problem{SAT}}
\newcommand\PERM{\problem{PERMANENT}}
\newcommand\THREESAT{3\text{-}\problem{SAT}}
\newcommand\TWOSAT{2\text{-}\problem{SAT}}
\newcommand\TWOUNSAT{2\text{-}\problem{UNSAT}}
\newcommand\NAESAT{\problem{NAESAT}}
\newcommand\REACHABILITY{\problem{REACHABILITY}}
\newcommand\THREECOL{3\text{-}\problem{COLORING}}
\newcommand\CLIQUE{\problem{CLIQUE}}
\newcommand\COL{\problem{COLORING}}
\newcommand\COMPOSITE{\problem{COMPOSITE}}
\newcommand\PRIME{\problem{PRIME}}
\newcommand\TSP{\problem{TSP}}
\newcommand\VC{\problem{VERTEX\text{-}COVER}}
\newcommand\FACTOR{\problem{FACTOR}}
\newcommand\GI{\problem{GRAPH\text{-}ISO}}
\newcommand\GNI{\problem{GRAPH\text{-}NONISO}}
\newcommand\SHORTPROOF{\problem{SHORT\text{-}PROOF}}
\newcommand\UHALT{\problem{UNARY\text{-}HALT}}
\newcommand\GG{\problem{GENERAL\text{-}GEOGRAPHY}}
\newcommand\FG{\problem{FORMULA\text{-}GAME}}
\)
Background
In this project, you will investigate problems related to robust
combiners of quantum cryptographic primitives. Robust combiners play an
important role in reduction and universal construction of cryptographic
primitives.
A robust combiner of cryptographic primitive \(A\) is an algorithm that takes two
constructions of the \(A\), \(\mathsf{Gen}_1, \mathsf{Gen}_2\), and
outputs a construction of the primitive \(\widetilde{\mathsf{Gen}}\), such that
assuming \(\mathsf{Gen}_1,
\mathsf{Gen}_2\) is a pair of non-uniform \(A\), then \(\widetilde{\mathsf{Gen}}\) is a secure
\(A\). Non-uniform \(A\) means that if for any security
parameter \(\lambda\), there exists an
index \(i(\lambda) \in \{1,2\}\)
satisfying the security requirement of \(A\). See [HKNY23] for more details and
examples for definition of robust combiner.
Problems
You are asked to work on two problems: the first is relatively
straightforward, while the second is research-level.
Can you construct a robust combiner for pseudoentanglment states?
Pseudoentanglment states mean two families of pure states \(\ket{\Psi_k}_{AB}\) and \(\ket{\Phi_k}_{AB}\), \(k \in \{0,1\}^{\lambda}\) is the secret
key. \(\ket{\Psi_k}\) is efficiently
preparable (\(\ket{\Phi_\lambda}\) is
not necessarily efficiently computable). Entanglement of \(\ket{\Psi_k}\) is \(O(f(\lambda))\) while entanglement of \(\ket{\Phi_k}\) is \(\omega(f(\lambda))\) for some computable
function \(f(\lambda)\). Given
polynomial copies, any quantum polynomial-time adversary cannot
distinguish whether the state is sampled from \(\ket{\Psi_k}\) or \(\ket{\Phi_k}\) with inverse polynomial
probability. See Section 1.2 of [ABF+23] for detailed definitions but
notice that we’re considering a variant different from theirs: \(\ket{\Phi_k}\) is not necessarily
efficiently preparable and we don’t specify the entropy gap
here.
Can you construct a robust combiner for single-copy pseudorandom
states? Single-copy pseudorandom states mean a family of \(n(\lambda)\) pure states \(\ket{\phi_k}, k \in \{0,1\}^\lambda\) where
\(n(\lambda)\) is a computable function
satisfying \(n(\lambda) > \lambda\).
For any quantum polynomial time adversary, it cannot distinguish \(\ket{\phi_k}\) from totally mixed state
assuming that it takes only a single copy of the state (equivalently,
the adversary cannot distinguish \(\mathbb{E}_k\ket{\phi_k}\bra{\phi_k}\) from
totally mixed state). See Definition 2.2 of [MY22] for more
details.
Boyang Chen (by-chen24@mails.tsinghua.edu.cn)
References
[HKNY23] Hiroka, Taiga, Fuyuki Kitagawa, Ryo Nishimaki, and Takashi
Yamakawa. “Robust combiners and universal constructions for quantum
cryptography.” In Theory of Cryptography Conference, pp. 126-158. Cham:
Springer Nature Switzerland, 2024. (for definition and examples of
robust combiner)
[ABF+22] Aaronson, Scott, Adam Bouland, Bill Fefferman, Soumik Ghosh,
Umesh Vazirani, Chenyi Zhang, and Zixin Zhou. “Quantum
pseudoentanglement.” arXiv preprint arXiv:2211.00747 (2022). (for
definition of pseudoentanglement states)
[MY22] Morimae, Tomoyuki, and Takashi Yamakawa. “Quantum commitments
and signatures without one-way functions.” In Annual International
Cryptology Conference, pp. 269-295. Cham: Springer Nature Switzerland,
2022. (for definition of single-copy pseudorandom states)