We construct a classical oracle relative to which $\mathsf{P} = \mathsf{NP}$ but quantum-computable quantum-secure trapdoor one-way functions exist. This is a substantial strengthening of the result of Kretschmer, Qian, Sinha, and Tal (STOC 2023), which only achieved single-copy pseudorandom quantum states relative to an oracle that collapses $\mathsf{NP}$ to $\mathsf{P}$. For example, our result implies multi-copy pseudorandom states and pseudorandom unitaries, but also classical-communication public-key encryption, signatures, and oblivious transfer schemes relative to an oracle on which $\mathsf{P}=\mathsf{NP}$. Hence, in our new relativized world, classical computers live in "Algorithmica" whereas quantum computers live in "Cryptomania," using the language of Impagliazzo's worlds. Our proof relies on a new distributional block-insensitivity lemma for $\mathsf{AC^0}$ circuits, wherein a single block is resampled from an arbitrary distribution.
翻译:我们构造了一个经典预言机,使得在该预言机下 $\mathsf{P} = \mathsf{NP}$ 成立,但量子可计算的量子安全陷门单向函数存在。这显著加强了 Kretschmer、Qian、Sinha 和 Tal(STOC 2023)的结果,他们仅在一个将 $\mathsf{NP}$ 坍缩到 $\mathsf{P}$ 的预言机下实现了单拷贝伪随机量子态。例如,我们的结果意味着在 $\mathsf{P}=\mathsf{NP}$ 的预言机下存在多拷贝伪随机态和伪随机酉算子,但也存在经典通信的公钥加密、签名和茫然传输方案。因此,在我们这个新的相对化世界中,使用 Impagliazzo 世界分类的语言,经典计算机生活在“算法乐园”,而量子计算机则生活在“密码狂热乐园”。我们的证明依赖于一个新的关于 $\mathsf{AC^0}$ 电路的分布性块不敏感性引理,其中单个块是从任意分布中重新采样的。