We put forth Oblivious State Preparation (OSP) as a cryptographic primitive that unifies techniques developed in the context of a quantum server interacting with a classical client. OSP allows a classical polynomial-time sender to input a choice of one out of two public observables, and a quantum polynomial-time receiver to recover an eigenstate of the corresponding observable -- while keeping the sender's choice hidden from any malicious receiver. We obtain the following results: - The existence of (plain) trapdoor claw-free functions implies OSP, and the existence of dual-mode trapdoor claw-free functions implies round-optimal (two-round) OSP. - OSP implies the existence of proofs of quantumness, test of a qubit, blind classical delegation of quantum computation, and classical verification of quantum computation. - Two-round OSP implies quantum money with classical communication, classically-verifiable position verification, and (additionally assuming classical FHE with log-depth decryption) quantum FHE. Several of these applications were previously only known via tailored LWE-based constructions, whereas our OSP-based constructions yield new results from a wider variety of assumptions, including hard problems on cryptographic group actions. Finally, towards understanding the minimal hardness assumptions required to realize OSP, we prove the following: - OSP implies oblivious transfer between one classical and one quantum party. - Two-round OSP implies public-key encryption with classical keys and ciphertexts. In particular, these results help to ''explain'' the use of public-key cryptography in the known approaches to establishing a ''classical leash'' on a quantum server. For example, combined with a result of Austrin et al. (CRYPTO 22), we conclude that perfectly-correct OSP cannot exist unconditionally in the (quantum) random oracle model.

翻译：我们提出不经意态制备（OSP）作为一种密码学原语，它统一了在量子服务器与经典客户端交互背景下发展起来的技术。OSP允许一个经典多项式时间发送方输入两个公开可观测量之一的选择，并让一个量子多项式时间接收方恢复对应可观测量的本征态——同时使发送方的选择对任何恶意接收方保持隐藏。我们获得以下结果：-（普通）陷门无爪函数的存在性蕴含OSP，而双模式陷门无爪函数的存在性蕴含轮数最优（两轮）OSP。- OSP蕴含量子性证明、单量子比特测试、量子计算的经典盲委托以及量子计算的经典验证的存在性。- 两轮OSP蕴含支持经典通信的量子货币、经典可验证的位置验证，以及（额外假设具有对数深度解密的经典全同态加密）量子全同态加密。其中多个应用先前仅能通过基于LWE的定制构造实现，而我们基于OSP的构造从更广泛的假设（包括密码学群作用上的困难问题）中得到了新结果。最后，为理解实现OSP所需的最小硬度假设，我们证明以下结论：- OSP蕴含经典方与量子方之间的不经意传输。- 两轮OSP蕴含具有经典密钥与密文的公钥加密。特别地，这些结果有助于“解释”在已知建立量子服务器“经典约束”的方法中对公钥密码学的使用。例如，结合Austrin等人（CRYPTO 22）的结果，我们得出结论：完美正确的OSP在（量子）随机谕言机模型中不可能无条件存在。