A Note on Output Length of One-Way State Generators and EFIs (original) (raw)

View PDF HTML (experimental)

Abstract:We study the output length of one-way state generators (OWSGs), their weaker variants, and EFIs.
- Standard OWSGs. Recently, Cavalar et al. (arXiv:2312.08363) give OWSGs with mmm-qubit outputs for any m=omega(loglambda)m=\omega(\log \lambda)m=omega(loglambda), where lambda\lambdalambda is the security parameter, and conjecture that there do not exist OWSGs with O(logloglambda)O(\log \log \lambda)O(logloglambda)-qubit outputs. We prove their conjecture in a stronger manner by showing that there do not exist OWSGs with O(loglambda)O(\log \lambda)O(loglambda)-qubit outputs. This means that their construction is optimal in terms of output length.
- Inverse-polynomial-advantage OWSGs. Let epsilon\epsilonepsilon-OWSGs be a parameterized variant of OWSGs where a quantum polynomial-time adversary's advantage is at most epsilon\epsilonepsilon. For any constant cinmathbbNc\in \mathbb{N}cinmathbbN, we construct lambda−c\lambda^{-c}lambda−c-OWSGs with ((c+1)loglambda+O(1))((c+1)\log \lambda+O(1))((c+1)loglambda+O(1))-qubit outputs assuming the existence of OWFs. We show that this is almost tight by proving that there do not exist lambda−c\lambda^{-c}lambda−c-OWSGs with at most (cloglambda−2)(c\log \lambda-2)(cloglambda−2)-qubit outputs.
- Constant-advantage OWSGs. For any constant epsilon>0\epsilon>0epsilon>0, we construct epsilon\epsilonepsilon-OWSGs with O(logloglambda)O(\log \log \lambda)O(logloglambda)-qubit outputs assuming the existence of subexponentially secure OWFs. We show that this is almost tight by proving that there do not exist O(1)O(1)O(1)-OWSGs with ((logloglambda)/2+O(1))((\log \log \lambda)/2+O(1))((logloglambda)/2+O(1))-qubit outputs.
- Weak OWSGs. We refer to (1−1/mathsfpoly(lambda))(1-1/\mathsf{poly}(\lambda))(1−1/mathsfpoly(lambda))-OWSGs as weak OWSGs. We construct weak OWSGs with mmm-qubit outputs for any m=omega(1)m=\omega(1)m=omega(1) assuming the existence of exponentially secure OWFs with linear expansion. We show that this is tight by proving that there do not exist weak OWSGs with O(1)O(1)O(1)-qubit outputs.
- EFIs. We show that there do not exist O(loglambda)O(\log \lambda)O(loglambda)-qubit EFIs. We show that this is tight by proving that there exist omega(loglambda)\omega(\log \lambda)omega(loglambda)-qubit EFIs assuming the existence of exponentially secure PRGs.

Submission history

From: Takashi Yamakawa [view email]
[v1] Tue, 26 Dec 2023 12:27:10 UTC (40 KB)
[v2] Fri, 19 Apr 2024 04:03:59 UTC (59 KB)
[v3] Mon, 22 Apr 2024 07:38:40 UTC (59 KB)
[v4] Sat, 28 Sep 2024 16:12:29 UTC (5,165 KB)