How could quantum cryptography help us achieve what are not achievable in classical cryptography? In this work we consider the following problem, which we call succinct RSPV for classical functions (sRCF). Suppose $f$ is a function described by a polynomial time classical Turing machine, which is public; the client would like to sample a random $x$ as the function input and use a protocol to send $f(x)$ to the server. What's more, (1) when the server is malicious, what it knows in the passing space should be no more than $f(x)$; (2) the communication should be succinct (that is, independent to the running time of evaluating $f$). Solving this problem in classical cryptography seems to require strong cryptographic primitives. We show that, perhaps surprisingly, it's possible to solve this problem with quantum techniques under much weaker assumptions. By allowing for quantum communication and computations, we give a protocol for this problem assuming only collapsing hash functions [Unr16]. Our work conveys an interesting message that quantum cryptography could outperform classical cryptography in a new type of problems, that is, to reduce communications in meaningful primitives without using heavy classical cryptographic primitives.

翻译：量子密码学如何帮助我们实现经典密码学无法实现的目标？本文考虑如下问题，即经典函数的简洁RSPV（sRCF）。设$f$为由多项式时间经典图灵机描述的公开函数：客户端需随机采样函数输入$x$，并通过协议将$f(x)$发送至服务器。此外还需满足：(1) 当服务器为恶意时，其在传输空间中获取的信息不得超过$f(x)$；(2) 通信需具备简洁性（即与计算$f$的运行时间无关）。在经典密码学中解决该问题似乎需要强密码学原语。令人惊讶的是，我们证明在弱得多的假设下，量子技术即可解决该问题。通过引入量子通信与量子计算，我们在仅依赖坍缩哈希函数[Unr16]的前提下给出了该问题的协议。本文传达了一个有趣的观点：量子密码学能在新型问题中超越经典密码学——即在无需使用强经典密码原语的前提下，实现有意义原语中的通信降低。