Provable constructions of decomposable perfect 2-to-1 trapdoor functions

Construct, under standard or plausible assumptions, a provably secure family of perfect 2-to-1 trapdoor functions with exponentially-secure collision-resistance that are decomposable (compatible with the security proof using permutable PRPs), or provide a formal proof of security for the conjectured PRP-based obfuscation construction outlined by the authors.

Background

To achieve quasi-linear or linear secret key sizes in the standard model without relying on LWE for the 2-to-1 component, the authors propose assuming perfect 2-to-1 trapdoor functions with exponentially-secure collision-resistance that are decomposable. Such functions would be compatible with their permutable PRP framework and unlock improved results.

They provide a natural conjectured candidate based on obfuscating two PRPs but explicitly acknowledge the absence of provable security for any construction satisfying this assumption. Establishing such a primitive would have significant implications for achieving short quantum keys under broader assumptions.

References

We do not know any provably secure constructions satisfying (4), but a simple conjectured such function is the following.

— Unclonable Cryptography in Linear Quantum Memory (2511.04633 - Shmueli et al., 6 Nov 2025) in Standard Model Construction, following Theorem \ref{theorem:standard_model_2}

Provable constructions of decomposable perfect 2-to-1 trapdoor functions

Background

References

Related Problems