Paper 2024/1820

On the Power of Oblivious State Preparation

James Bartusek, New York University
Dakshita Khurana, University of Illinois Urbana-Champaign, NTT Basic Research Laboratories
Abstract

We put forth Oblivious State Preparation (OSP) as a cryptographic primitive that unifies techniques developed in the context of a quantum server interacting with a classical client. OSP allows a classical polynomial-time sender to input a choice of one out of two public observables, and a quantum polynomial-time receiver to recover an eigenstate of the corresponding observable -- while keeping the sender's choice hidden from any malicious receiver. We obtain the following results: - The existence of (plain) trapdoor claw-free functions implies OSP, and the existence of dual-mode trapdoor claw-free functions implies round-optimal (two-round) OSP. - OSP implies the existence of proofs of quantumness, test of a qubit, blind classical delegation of quantum computation, and classical verification of quantum computation. - Two-round OSP implies quantum money with classical communication, classically-verifiable position verification, and (additionally assuming classical FHE with log-depth decryption) quantum FHE. Thus, the OSP abstraction helps separate the cryptographic layer from the information-theoretic layer when building cryptosystems across classical and quantum participants. Indeed, several of the aforementioned applications were previously only known via tailored LWE-based constructions, whereas our OSP-based constructions yield new results from a wider variety of assumptions, including hard problems on cryptographic group actions. Finally, towards understanding the minimal hardness assumptions required to realize OSP, we prove the following: - OSP implies oblivious transfer between one classical and one quantum party. - Two-round OSP implies public-key encryption with classical keys and ciphertexts. In particular, these results help to ''explain'' the use of public-key cryptography in the known approaches to establishing a ''classical leash'' on a quantum server. For example, combined with a result of Austrin et al. (CRYPTO 22), we conclude that perfectly-correct OSP cannot exist unconditionally in the (quantum) random oracle model.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Contact author(s)
bartusek james @ gmail com
dakshita @ illinois edu
History
2024-11-08: approved
2024-11-06: received
See all versions
Short URL
https://ia.cr/2024/1820
License
No rights reserved
CC0

BibTeX 

@misc{cryptoeprint:2024/1820,
      author = {James Bartusek and Dakshita Khurana},
      title = {On the Power of Oblivious State Preparation},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1820},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1820}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.