Info-Theoretic Secure Instruction Sequence

• The paper introduces an instruction sequence that delivers one-time programmable functionality using statistical security rather than computational assumptions.
• It leverages random linear codes and quantum random access codes (QRACs) to encode messages, enabling recovery of one bitstring while protecting the other.
• The security model enforces constant-depth, geometrically-local quantum circuit restrictions, ensuring simulation-based security against advanced adversaries.

An information-theoretically secure instruction sequence is a cryptographic construct that enables the execution of one-time programmable functionalities with statistical (rather than computational) security, contingent on constraints imposed on quantum hardware. The principal instantiation—information-theoretically secure one-time memory (OTM)—realizes a mechanism that allows the retrieval of one out of two stored strings, while leaking negligible information about the other, even against adversaries with unlimited classical resources but limited quantum circuit depth and locality. By leveraging random linear codes and quantum random access codes (QRACs), and enforcing geometrically-local, non-adaptive, constant-depth quantum circuit restrictions on the adversary, this approach achieves simulation-based security without computational assumptions (Stambler, 27 Mar 2025).

1. Formal Definitions and Security Model

The OTM functionality accepts two bitstrings $(s_0,s_1) \in \{0,1\}^k$, producing a quantum token $\rho$ and auxiliary classical data $\mathsf{aux}$. A holder of $(\rho,\mathsf{aux})$ may select a bit $a \in \{0,1\}$ and reconstruct $s_a$ with negligible decoding error, while statistically learning almost nothing about $s_{1-a}$. Extension to one-time programs (OTP) provides single-use evaluation for a classical circuit $f : \{0,1\}^n \to \{0,1\}^m$—permitting output on one chosen input before self-destruction.

Security adopts a simulation-based paradigm: for any adversary $\mathcal{A}$ restricted to one invocation of a non-adaptive, constant-depth, geometrically-local quantum circuit (formally, C$_1$-GQNC$_0$), there exists a simulator $\mathsf{Sim}$ making a single ideal query such that $\mathcal{A}$'s view in the real protocol is $\varepsilon$-indistinguishable (in trace or statistical distance) from its view in the idealized execution.

The C$_1$-GQNC$_0$ adversarial model permits arbitrary classical computation but exactly one execution of a quantum circuit of depth $d$ over qubits placed on a $D$-dimensional grid, acting only on $O(1)$-neighboring qubits, with deferred measurement and fixed gate layout.

2. Cryptographic Building Blocks

2.1 Random Linear Codes

An $[n, k]$ binary linear code $C \subseteq \mathbb{F}_2^n$ is constructed from a random generator matrix $G \in \mathbb{F}_2^{k \times n}$, with codewords $C = \{ G m : m \in \mathbb{F}_2^k \}$. The parity-check matrix $H \in \mathbb{F}_2^{(n-k) \times n}$ supports error correction. Selecting $k/n \approx 0.4$ enables the code to correct a constant fraction of errors, with decoding failure probability $E_{\text{corr}}$ under the channel corresponding to QRAC noise.

2.2 Quantum Random Access Codes (QRACs)

The optimal $2 \rightarrow 1$ QRAC encoding $$\mathcal{E}: \{0,1\}^2 \rightarrow \mathcal{D}(\mathbb{C}^2)$$ maps a pair of bits to a single qubit state $\rho_{x_0,x_1}$ such that measuring in basis $M_a$ yields bit $x_a$ with probability $\cos^2(\pi/8) \approx 0.85$. The bases $M_0 = \{\ket{0}, \ket{1}\}$ and $M_1 = \{\ket{+}, \ket{-}\}$ ensure high recoverability rates.

Collision-Entropy Leakage Bounds

Defining collision (order-2 Rényi) mutual information: $I_2^{\text{coll}}(X:Y) = H_2(X) - H_2(X|Y)$ where

$$H_2(X) = -\log_2 \sum_{x} p(x)^2,\quad H_2(X|Y) = -\log_2 \mathbb{E}_y \sum_x p(x|y)^2$$

For QRAC states $\rho_{b_0, b_1}$:

• $$\sup_{a} I_2^{\text{coll}}(b_a : \rho_{b_0, b_1}) \leq 0.59$$
• $$I_2^{\text{coll}}(b_0 b_1 : \rho_{b_0, b_1}) \leq 0.65$$
• $$\sup_{a} I_2^{\text{coll}}(b_a : \rho_{b_0, b_1} | b_{1-a}) \leq 0.59$$

3. Construction of Information-Theoretically Secure OTM

Fix a large security parameter $A \gg 1$. To encode messages $m_0, m_1$:

3.1 Encoding Procedure (prepState)

1. Sample $G$ for a random $[n, k]$ code.
2. Compute codewords: $c_0 = G m_0$, $c_1 = G m_1$.
3. For each $i=1,\dots,n$, prepare $\rho_i = \mathcal{E}((c_0)_i, (c_1)_i)$.
4. Place these $n$ qubits on a $D$-dimensional grid in disjoint hypercubes (side $\approx r$), surrounded by negligible shell regions.
5. Dispatch quantum state $\rho = \bigotimes_{i=1}^n \rho_i$ with classical descriptors $(G, H)$.

3.2 Reading and Decoding (readState)

Upon selection of $a \in \{0,1\}$:

1. Measure each $\rho_i$ in basis $M_a$, obtaining noisy bits $\tilde{c}_i$.
2. Classically decode $\tilde{c}$ to recover $\hat{m}_a$.
3. Output $\hat{m}_a$; successful recovery with probability $1 - E_{\text{corr}}$.

3.3 Security Rationale

Security against C$_1$-GQNC$_0$ adversaries is underpinned by quantum and statistical limitations:

• Adversarial measurements decompose into disjoint block operations (by non-adaptivity) plus shell qubits.
• Blockwise independence ensures per-block information leakage is bounded by $\ell \cdot 0.65$ via QRAC properties.
• With sufficiently large $n$ (block size constant, $k \approx 0.4 n$), a progress bound leverages the chain rule for $H_2$ and the leftover-hash lemma for collision entropy, guaranteeing that learning $c_a$ does not significantly reduce uncertainty about $c_{1-a}$: collision entropy remains $\Omega(n)$, precluding practical recovery of both messages.

3.4 Technical Lemmas

• Collision entropy chain rule (Stambler Lemma 3.1): Conditioned mutual information increment is capped.
• Progress bound: Each hypercube operation increases adversary's knowledge by at most $\ell \cdot 0.65$.
• Leftover-hash lemma (collision entropy): If residual collision entropy exceeds block length, unread codeword bits remain statistically hidden.

3.5 Simulator Construction

For any C$_1$-GQNC$_0$ adversary $\mathcal{A}$, the simulator $\mathsf{Sim}$ runs $\mathcal{A}$ on dummy codewords, detects the basis measurement choice $a$, queries the ideal functionality for $m_a$, relabels accordingly, and outputs. Indistinguishability derives from the adversary’s inability to distinguish unsampled branches.

4. Extension to One-Time Programs

The OTM construction generalizes to OTPs via Yao-garbling with OTM-based one-time oblivious transfers. Each input wire to the garbled circuit receives two OTM tokens; evaluation requires one token per wire. Upon completion, only one input can be executed successfully, enforcing single-use semantics.

Correctness and security compile from Yao's composition theorems and the information-theoretic properties of the underlying OTM. The complete OTP construction yields total quantum token size polynomial in the circuit gate count ($O(S \cdot n)$ for a circuit of size $S$), while each OTM employs $n$ physical qubits with exponential-time decoding.

5. Main Theorem and Security Guarantees

For any constant $d, D$, parameters $n, k, r$ can be chosen to establish the following for the OTM protocol:

• Correctness: The intended recipient recovers $m_a$ except with probability $E_{\text{corr}}$ ($E_{\text{corr}} \ll 1$).
• Simulation-Based Security: For all C$_1$-GQNC$_0(d, D)$ adversaries, the real versus ideal execution views are within trace distance $\varepsilon \simeq 2^{-\Omega(n)}$.

Augmenting Yao garbling with these OTMs achieves OTPs for any Boolean circuit, with the combined token size $O(S \cdot n)$ and negligible insecurity $\varepsilon$.

6. Limitations and Open Problems

Current implementation demands exponential-time decoding for random linear codes; potential directions include identifying polynomial-time decodable codes compatible with the protocol's information-theoretic security. Removing adversary constraints (non-adaptivity, geometric locality) remains open. Optimization of constants may affect practical feasibility. The fundamental security relies on the quantified and bounded leakage inherent in QRACs and the collision entropy framework; alterations to the adversarial or noise model could significantly impact protocol soundness (Stambler, 27 Mar 2025).

Component	Primitive Used	Notable Parameter
Memory encoding	QRAC + linear code	$n \gg 1$, $k \approx 0.4 n$
Adversary model	C$_1$-GQNC$_0(d,D)$	depth $d$, grid dim. $D$
Security metric	Collision entropy, $\varepsilon$	$\varepsilon \simeq 2^{-\Omega(n)}$

References to all technical lemmas, entropy facts, and further mathematical details can be found in Sections 3–6 of "Information Theoretic One-Time Programs from Geometrically Local QNC₀ Adversaries" (Stambler, 2024) (Stambler, 27 Mar 2025).