How could quantum cryptography help us achieve what are not achievable in classical cryptography? In this work we consider the following problem, which we call succinct RSPV for classical functions (SRC). Suppose $f$ is a function described by a polynomial time classical Turing machine, which is public; the client would like to sample a random $x$ as the function input and use a protocol to send $f(x)$ to the server. What's more, (1) when the server is malicious, what it knows in the passing space should be no more than $f(x)$; (2) the communication should be succinct (that is, independent to the running time of evaluating $f$). Solving this problem in classical cryptography seems to require strong cryptographic assumptions. We show that, perhaps surprisingly, it's possible to solve this problem with quantum techniques under much weaker assumptions. By allowing for quantum communication and computations, we give a protocol for this problem assuming only collapsing hash functions [Unr16]. Our work conveys an interesting message that quantum cryptography could outperform classical cryptography in a new type of problems, that is, to reduce communications in meaningful primitives without using heavy classical cryptographic assumptions.

翻译：量子密码学如何帮助我们实现经典密码学无法实现的目标？在本文中，我们考虑以下问题，称之为经典函数的简洁RSPV（SRC）。设$f$是由多项式时间经典图灵机描述的公开函数；客户端希望随机采样一个$x$作为函数输入，并通过协议将$f(x)$发送给服务器。此外，（1）当服务器是恶意时，其在传递空间中获取的信息不应超过$f(x)$；（2）通信应保持简洁（即与计算$f$的运行时间无关）。在经典密码学中解决此问题似乎需要强密码学假设。我们证明，令人惊讶的是，通过量子技术，在较弱假设下即可解决此问题。通过允许量子通信与计算，我们仅需碰撞散列函数[Unr16]即可为此问题设计协议。我们的工作传达了一个有趣的信息：量子密码学在一类新型问题——即无需依赖强经典密码学假设即可减少有意义原语中的通信——上可能超越经典密码学。