One-time programs (OTPs) aim to let a user evaluate a program on a single input while revealing nothing else. Classical OTPs require hardware assumptions, and even with quantum information, OTPs for deterministic functionalities remain impossible due to gentle-measurement attacks (Broadbent, Gutoski and Stebila, 2013). While recent works achieve positive results for certain randomized functionalities, the fundamental limits and the strongest achievable security notions remain poorly understood. In this paper, we ask for a "best-possible" OTP that achieves the strongest one-time security achievable by any OTP construction. We first show that a generic best-possible one-time compiler cannot exist, even for classical randomized functionalities (assuming lossy encryption schemes exist). Given this impossibility, we introduce a natural subclass of one-time compilers called "testable one-time program" compilers, which output quantum states augmented with reflection oracles for these program states. We show that best-possible testable OTP compilers are achievable by (1) formulating a generalized Single-Effective-Query (SEQ) simulation security notion for quantum channels and show that SEQ security implies best-possible testable one-time security, and (2) constructing SEQ-secure OTPs for all quantum functionalities in the classical oracle model. This yields the first OTP for arbitrary quantum channels beyond classical randomized functionalities. Finally, we propose stateful quantum indistinguishability obfuscation (stateful quantum iO) -- quantum state obfuscation for stateful quantum programs. We show that (1) stateful quantum iO implies best-possible testable OTPs and (2) stateful quantum iO is also achievable in the classical oracle model. These results identify stateful quantum iO as a promising approach towards best-possible testable OTPs.

翻译：一次性程序（OTP）旨在让用户在单个输入上评估程序，同时不泄露任何其他信息。经典OTP需要硬件假设，即使利用量子信息，由于温和测量攻击（Broadbent、Gutoski和Stebila，2013），确定性功能的一次性程序仍然无法实现。尽管近期研究在特定随机化功能上取得了积极成果，但基本限制和最强可达到的安全概念仍未被充分理解。本文探讨一种"最佳可能"的OTP，旨在实现任何OTP构造所能达到的最强一次性安全。我们首先证明通用最佳可能一次性编译器不可能存在，即使对于经典随机化功能（假设存在有损加密方案）。鉴于这种不可能性，我们引入一类称为"可测试一次性程序"编译器的自然子类，其输出量子态并附加这些程序态的反射预言机。我们通过以下方式证明最佳可能可测试OTP编译器是可实现的：（1）为量子信道构建广义单次有效查询（SEQ）模拟安全概念，并证明SEQ安全性蕴含最佳可能可测试一次性安全性；（2）在经典预言机模型中为所有量子功能构建SEQ安全的OTP。这产生了首个超越经典随机化功能的任意量子信道OTP。最后，我们提出有状态量子不可区分混淆（有状态量子iO）——针对有状态量子程序的量子态混淆。我们证明：（1）有状态量子iO蕴含最佳可能可测试OTP；（2）有状态量子iO在经典预言机模型中同样可实现。这些结果表明有状态量子iO是实现最佳可能可测试OTP的有效途径。