Functional encryption is a powerful cryptographic primitive that enables fine-grained access to encrypted data and underlies numerous applications. Although the ideal security notion for FE (simulation security) has been shown to be impossible in the classical setting, those impossibility results rely on inherently classical arguments. This leaves open the question of whether simulation-secure functional encryption can be achieved in the quantum regime. In this work, we rule out this possibility by showing that the classical impossibility results largely extend to the quantum world. In particular, when the adversary can issue an unbounded number of challenge messages, we prove an unconditional impossibility, matching the classical barrier. In the case where the adversary may obtain many functional keys, classical arguments only yield impossibility under the assumption of pseudorandom functions; we strengthen this by proving impossibility under the potentially weaker assumption of pseudorandom quantum states. In the same setting, we also establish an alternative impossibility based on public-key encryption. Since public-key encryption is not known to imply pseudorandom quantum states, this provides independent evidence of the barrier. As part of our proofs, we show a novel incompressibility property for pseudorandom states, which may be of independent interest.
翻译:功能加密是一种强大的密码学原语,它支持对加密数据的细粒度访问,并构成众多应用的基础。尽管功能加密的理想安全概念(模拟安全性)已在经典环境下被证明无法实现,但这些不可能性结果依赖于本质上的经典论证。这留下了一个开放问题:在量子领域中是否能够实现模拟安全的功能加密。在本工作中,我们通过证明经典不可能性结果在很大程度上可扩展至量子世界,从而排除了这种可能性。具体而言,当敌手能够提交无限数量的挑战消息时,我们证明了无条件的不可能性,这与经典环境中的障碍相匹配。在敌手可能获得多个功能密钥的情况下,经典论证仅能在伪随机函数的假设下得出不可能性结论;我们通过证明在可能更弱的伪随机量子态假设下仍然存在不可能性,从而强化了这一结论。在同一设定下,我们还基于公钥加密建立了另一种不可能性证明。由于公钥加密已知不能推出伪随机量子态,这为该障碍提供了独立的证据。作为我们证明的一部分,我们展示了伪随机态的一种新颖的不可压缩性质,这可能具有独立的研究价值。