Welcome to the resource topic for
**2023/161**

**Title:**

Quantum Advantage from One-Way Functions

**Authors:**
Tomoyuki Morimae, Takashi Yamakawa

**Abstract:**

Showing quantum advantage based on weaker and standard classical complexity assumptions is one of the most important goals in quantum information science. In this paper, we demonstrate quantum advantage with several basic assumptions, specifically based on only the existence of classically-secure one-way functions. We introduce inefficient-verifier proofs of quantumness (IV-PoQ), and construct it from statistically-hiding and computationally-binding classical bit commitments. IV-PoQ is an interactive protocol between a verifier and a quantum polynomial-time prover consisting of two phases. In the first phase, the verifier is classical probabilistic polynomial-time, and it interacts with the quantum polynomial-time prover over a classical channel. In the second phase, the verifier becomes inefficient, and makes its decision based on the transcript of the first phase. If the quantum prover is honest, the inefficient verifier accepts with high probability, but any classical probabilistic polynomial-time malicious prover only has a small probability of being accepted by the inefficient verifier. In our construction, the inefficient verifier can be a classical deterministic polynomial-time algorithm that queries an \mathbf{NP} oracle. Our construction demonstrates the following results based on the known constructions of statistically-hiding and computationally-binding commitments from one-way functions or distributional collision-resistant hash functions:

(1) If one-way functions exist, then IV-PoQ exist.

(2) If distributional collision-resistant hash functions exist (which exist if hard-on-average problems in \mathbf{SZK} exist), then constant-round IV-PoQ exist.

We also demonstrate quantum advantage based on worst-case-hard assumptions. We define auxiliary-input IV-PoQ (AI-IV-PoQ) that only require that for any malicious prover, there exist infinitely many auxiliary inputs under which the prover cannot cheat. We construct AI-IV-PoQ from an auxiliary-input version of commitments in a similar way, showing that

(1) If auxiliary-input one-way functions exist (which exist if \mathbf{CZK}\not\subseteq\mathbf{BPP}), then AI-IV-PoQ exist.

(2) If auxiliary-input collision-resistant hash functions exist (which is equivalent to \mathbf{PWPP}\nsubseteq \mathbf{FBPP}) or \mathbf{SZK}\nsubseteq \mathbf{BPP}, then constant-round AI-IV-PoQ exist.

Finally, we also show that some variants of PoQ can be constructed from quantum-evaluation one-way functions (QE-OWFs), which are similar to classically-secure classical one-way functions except that the evaluation algorithm is not classical but quantum. QE-OWFs appear to be weaker than classically-secure classical one-way functions.

**ePrint:**
https://eprint.iacr.org/2023/161

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

**Example resources include:**
implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .