Abstract:We prove the first meta-complexity characterization of a quantum cryptographic primitive. We show that one-way puzzles exist if and only if there is some quantum samplable distribution of binary strings over which it is hard to approximate Kolmogorov complexity. Therefore, we characterize one-way puzzles by the average-case hardness of a uncomputable problem. This brings to the quantum setting a recent line of work that characterizes classical cryptography with the average-case hardness of a meta-complexity problem, initiated by Liu and Pass. Moreover, since the average-case hardness of Kolmogorov complexity over classically polynomial-time samplable distributions characterizes one-way functions, this result poses one-way puzzles as a natural generalization of one-way functions to the quantum setting. Furthermore, our equivalence goes through probability estimation, giving us the additional equivalence that one-way puzzles exist if and only if there is a quantum samplable distribution over which probability estimation is hard. We also observe that the oracle worlds of defined by Kretschmer et. al. rule out any relativizing characterization of one-way puzzles by the hardness of a problem in NP or QMA, which means that it may not be possible with current techniques to characterize one-way puzzles with another meta-complexity problem.

What problem does this paper attempt to address?

### What problem does this paper attempt to solve? This paper aims to solve a fundamental problem in quantum cryptography: **What are the minimum complexity - theory assumptions required for quantum cryptography?** Specifically, the authors focus on how to characterize a quantum - cryptographic primitive called "one - way puzzles" in a quantum - computing environment. They provide an answer to this problem by relating one - way puzzles to the average - case difficulty of certain meta - complexity problems. #### Main research content 1. **Existence of one - way puzzles**: - One - way puzzles are a fundamental construct in quantum cryptography, similar to one - time functions (OWFs) in classical cryptography. The authors prove that the necessary and sufficient condition for the existence of one - way puzzles is the existence of a quantum - samplable distribution such that estimating Kolmogorov complexity is difficult on this distribution. 2. **Average - case difficulty of meta - complexity problems**: - Meta - complexity problems are those computational problems regarding computational complexity. The authors show that the existence of one - way puzzles is equivalent to the average - case difficulty of probability estimation on quantum - samplable distributions. In addition, they also prove that the existence of one - way puzzles is equivalent to the weak average - case difficulty of GapK (i.e., distinguishing strings with different Kolmogorov complexities) on quantum - samplable distributions. 3. **Comparison between classical and quantum environments**: - The authors point out that in the classical environment, the existence of one - time functions is equivalent to the average - case difficulty of certain meta - complexity problems. In the quantum environment, the existence of one - way puzzles also has similar properties, indicating that one - way puzzles are a natural generalization of classical one - time functions in the quantum environment. 4. **Other related work and challenges**: - The paper discusses other related meta - complexity problems and points out the problem that current techniques cannot use the relativization method to characterize one - way puzzles. In addition, the authors also explore the characterization problems of quantum state generators (OWSGs) and other quantum - cryptographic primitives. #### Key formulas and concepts - **Kolmogorov complexity** \( K(x) \): Defined as the length of the shortest Turing machine description that generates the string \( x \). - **GapK[s, t] problem**: The problem of distinguishing binary strings with Kolmogorov complexity not exceeding \( s \) and at least \( t \). - **Average - case difficulty**: For a distribution \( D \), if for all sufficiently large \( n \), every quantum polynomial - time algorithm has a probability of giving a wrong answer of at least \( n^{-O(1)} \), then the problem is said to be weakly average - case difficult on the distribution \( D \). Through these studies, the authors not only reveal the importance of one - way puzzles in quantum cryptography but also lay the foundation for further understanding complexity and cryptography in the quantum - computing environment.

A Meta-Complexity Characterization of Quantum Cryptography

Quantum Cryptography and Meta-Complexity

Cryptographic Characterization of Quantum Advantage

Founding Quantum Cryptography on Quantum Advantage, or, Towards Cryptography from $\mathsf{\#P}$-Hardness

Commitments from Quantum One-Wayness

CountCrypt: Quantum Cryptography between QCMA and PP

On Central Primitives for Quantum Cryptography with Classical Communication

Complexity Theory for Quantum Promise Problems

On the Computational Hardness of Quantum One-Wayness

How (not) to Build Quantum PKE in Minicrypt

Quantum Pseudorandomness and Classical Complexity

Quantum Combinatorial Games: Structures and Computational Complexity

On Basing One-way Permutations on NP-hard Problems under Quantum Reductions

Complexity of Quantum Circuits via Sensitivity, Magic, and Coherence

Character Complexity: A Novel Measure for Quantum Circuit Analysis

Verifiable Quantum Advantage without Structure

Generalized one-way function and its application

A Full Characterization of Quantum Advice

One-Wayness in Quantum Cryptography

An in-principle super-polynomial quantum advantage for approximating combinatorial optimization problems via computational learning theory