It is well-known that digital signatures can be constructed from one-way functions in a black-box way. While one-way functions are essentially the minimal assumption in classical cryptography, this is not the case in the quantum setting. A variety of qualitatively weaker and inherently quantum assumptions (e.g. EFI pairs, one-way state generators, and pseudorandom states) are known to be sufficient for non-trivial quantum cryptography. While it is known that commitments, zero-knowledge proofs, and even multiparty computation can be constructed from these assumptions, it has remained an open question whether the same is true for quantum digital signatures schemes (QDS). In this work, we show that there $\textit{does not}$ exist a black-box construction of a QDS scheme with classical signatures from pseudorandom states with linear, or greater, output length. Our result complements that of Morimae and Yamakawa (2022), who described a $\textit{one-time}$ secure QDS scheme with classical signatures, but left open the question of constructing a standard $\textit{multi-time}$ secure one.

翻译：论文摘要：众所周知，经典数字签名可以基于单向函数通过黑盒方式构造。虽然单向函数本质上是经典密码学中的最小假设，但在量子环境下情况并非如此。多种性质上更弱且固有的量子假设（例如EFI对、单向态生成器和伪随机态）已被证明足以实现非平凡的量子密码学。尽管已知可由这些假设构造承诺方案、零知识证明甚至多方计算方案，但量子数字签名方案（QDS）是否同样可基于这些假设构造仍属未决问题。本研究表明：对于输出长度呈线性或更强增长的伪随机态，**不存在**可构造具有经典签名的QDS方案的黑盒方法。这一结果补充了Morimae与Yamakawa（2022）的工作——他们描述了具备经典签名的**单次**安全QDS方案，但未解决构造标准**多次**安全方案的问题。