In the framework of Impagliazzo's five worlds, a distinction is often made between two worlds, one where public-key encryption exists (Cryptomania), and one in which only one-way functions exist (MiniCrypt). However, the boundaries between these worlds can change when quantum information is taken into account. Recent work has shown that quantum variants of oblivious transfer and multi-party computation, both primitives that are classically in Cryptomania, can be constructed from one-way functions, placing them in the realm of quantum MiniCrypt (the so-called MiniQCrypt). This naturally raises the following question: Is it possible to construct a quantum variant of public-key encryption, which is at the heart of Cryptomania, from one-way functions or potentially weaker assumptions? In this work, we initiate the formal study of the notion of quantum public-key encryption (qPKE), i.e., public-key encryption where keys are allowed to be quantum states. We propose new definitions of security and several constructions of qPKE based on the existence of one-way functions (OWF), or even weaker assumptions, such as pseudorandom function-like states (PRFS) and pseudorandom function-like states with proof of destruction (PRFSPD). Finally, to give a tight characterization of this primitive, we show that computational assumptions are necessary to build quantum public-key encryption. That is, we give a self-contained proof that no quantum public-key encryption scheme can provide information-theoretic security.

翻译：在Impagliazzo五世界框架中，通常区分两个世界：一个存在公钥加密（密码狂人世界），另一个仅存在单向函数（微型密码世界）。然而，当考虑量子信息时，这些世界之间的界限可能发生改变。近期研究表明，经典上属于密码狂人世界的茫然传输与多方计算这两种原语的量子变体可由单向函数构造，从而将它们置于量子微型密码世界（即所谓的MiniQCrypt）。这自然引出以下问题：能否基于单向函数或更弱的假设，构造处于密码狂人世界核心地位的公钥加密的量子变体？在本工作中，我们首次正式研究了量子公钥加密（qPKE）的概念——即密钥允许为量子态的公钥加密。我们提出了新的安全性定义，并基于单向函数（OWF）甚至更弱假设（如伪随机函数态（PRFS）和可验证销毁的伪随机函数态（PRFSPD））给出了qPKE的多种构造。最后，为给出该原语的紧致刻画，我们证明构建量子公钥加密必然需要计算假设：即通过自包含证明表明，任何量子公钥加密方案都无法提供信息论安全性。