In the framework of Impagliazzo's five worlds, a distinction is often made between two worlds, one where public-key encryption exists (Cryptomania), and one in which only one-way functions exist (MiniCrypt). However, the boundaries between these worlds can change when quantum information is taken into account. Recent work has shown that quantum variants of oblivious transfer and multi-party computation, both primitives that are classically in Cryptomania, can be constructed from one-way functions, placing them in the realm of quantum MiniCrypt (the so-called MiniQCrypt). This naturally raises the following question: Is it possible to construct a quantum variant of public-key encryption, which is at the heart of Cryptomania, from one-way functions or potentially weaker assumptions? In this work, we initiate the formal study of the notion of quantum public-key encryption (qPKE), i.e., public-key encryption where keys are allowed to be quantum states. We propose new definitions of security and several constructions of qPKE based on the existence of one-way functions (OWF), or even weaker assumptions, such as pseudorandom function-like states (PRFS) and pseudorandom function-like states with proof of destruction (PRFSPD). Finally, to give a tight characterization of this primitive, we show that computational assumptions are necessary to build quantum public-key encryption. That is, we give a self-contained proof that no quantum public-key encryption scheme can provide information-theoretic security.

翻译：在Impagliazzo五世界框架中，通常区分两个世界：存在公钥加密的密码狂人世界（Cryptomania），以及仅存在单向函数的迷你密码世界（MiniCrypt）。然而，当考虑量子信息时，这些世界之间的界限可能发生改变。近期研究表明，经典领域属于密码狂人世界的茫然传输与多方计算这两种原语的量子变体，可以通过单向函数构造，从而使其归入量子迷你密码世界（即所谓的MiniQCrypt）。这自然引发以下问题：能否从单向函数或更弱的假设出发，构造位于密码狂人世界核心的量子公钥加密变体？本文首次启动对量子公钥加密（qPKE）概念的正式研究——即密钥允许为量子态的公钥加密。我们提出了新的安全性定义，并基于单向函数（OWF）甚至更弱假设（如伪随机函数类量子态PRFS、带销毁证据的伪随机函数类量子态PRFSPD）构建了若干qPKE方案。最后，为严格刻画这一原语，我们证明计算假设是构建量子公钥加密的必要条件——即通过自包含论证表明：不存在任何量子公钥加密方案能提供信息论安全性。