There has been a recent interest in proposing quantum protocols whose security relies on weaker computational assumptions than their classical counterparts. Importantly to our work, it has been recently shown that public-key encryption (PKE) from one-way functions (OWF) is possible if we consider quantum public keys. Notice that we do not expect classical PKE from OWF given the impossibility results of Impagliazzo and Rudich (STOC'89). However, the distribution of quantum public keys is a challenging task. Therefore, the main question that motivates our work is if quantum PKE from OWF is possible if we have classical public keys. Such protocols are impossible if ciphertexts are also classical, given the impossibility result of Austrin et al. (CRYPTO'22) of quantum enhanced key-agreement (KA) with classical communication. In this paper, we focus on black-box separation for PKE with classical public key and quantum ciphertext from OWF under the polynomial compatibility conjecture, first introduced in Austrin et al.. More precisely, we show the separation when the decryption algorithm of the PKE does not query the OWF. We prove our result by extending the techniques of Austrin et al. and we show an attack for KA in an extended classical communication model where the last message in the protocol can be a quantum state.

翻译：近来，人们对于提出安全性依赖于比经典协议更弱计算假设的量子协议产生了兴趣。对我们的工作而言重要的是，最近的研究表明，如果我们考虑量子公钥，那么基于单向函数（OWF）的公钥加密（PKE）是可能的。请注意，鉴于Impagliazzo和Rudich（STOC‘89）的不可能性结果，我们并不期望基于OWF的经典PKE存在。然而，量子公钥的分发是一项具有挑战性的任务。因此，激发我们工作的主要问题是：如果我们拥有经典公钥，基于OWF的量子PKE是否可能？鉴于Austrin等人（CRYPTO'22）关于经典通信下量子增强密钥协商（KA）的不可可能性结果，如果密文也是经典的，这种协议是不可能的。在本文中，我们聚焦于在由Austrin等人首次引入的多项式兼容性猜想下，基于OWF的具有经典公钥和量子密文的PKE的黑盒分离问题。更精确地，我们在PKE的解密算法不查询OWF时展示了这种分离。我们通过扩展Austrin等人的技术证明了我们的结果，并展示了一种在扩展经典通信模型中对KA的攻击，其中协议中的最后一条消息可以是量子态。