We introduce the notion of a quantum trapdoor function. This is an efficiently computable unitary that takes as input a "public" quantum state and a classical string $x$, and outputs a quantum state. This map is such that (i) it is hard to invert, in the sense that it is hard to recover $x$ given the output state (and many copies of the public state), and (ii) there is a classical trapdoor that allows efficient inversion. We show that a quantum trapdoor function can be constructed from any quantum-secure one-way function. A direct consequence of this result is that, assuming just the existence of quantum-secure one-way functions, there exist: (i) a public-key encryption scheme with a quantum public key, and (ii) a two-message key-exchange protocol, assuming an appropriate notion of a quantum authenticated channel.

翻译：我们引入量子陷门函数的概念。这是一种可高效计算的酉算子，它以“公开”量子态和经典字符串 $x$ 为输入，输出一个量子态。该映射满足：(i) 难以求逆，即给定输出态（以及公开态的多个副本）难以恢复 $x$； (ii) 存在一个允许高效求逆的经典陷门。我们证明，任何量子安全单向函数均可构造量子陷门函数。该结果的直接推论是：仅需假设量子安全单向函数存在，即可获得：(i) 具有量子公钥的公钥加密方案，以及(ii) 两轮密钥交换协议（需假设适当的量子认证信道概念）。