Post-Quantum One-Way Functions

• Post-quantum one-way functions are efficiently computable functions that remain hard to invert even for quantum adversaries, forming the foundation of many quantum-secure cryptosystems.
• They leverage diverse constructions, including lattice-based and hash-based methods, to achieve quantum resistance through complexity-theoretic and physical principles.
• These functions facilitate advanced primitives such as commitments, oblivious transfer, and pseudorandom generators, driving both theoretical insights and practical implementations.

Post-quantum one-way functions (OWFs) are efficiently computable functions that are conjectured to remain hard to invert even in the presence of quantum adversaries. As the minimal primitive underlying much of classical and quantum cryptography, post-quantum OWFs take center stage in the search for cryptosystems robust against quantum attacks. The field encompasses a diverse range of constructions based on quantum-hard algorithmic problems, deep structural complexity theory, and physical phenomena, as well as foundational results mapping the landscape of quantum-secure notions and equivalences.

1. Definitions and Security Notions

A quantum-hard one-way function is a family of classical or quantum algorithms $$F = \{f_\kappa : \{0,1\}^{n(\kappa)} \to \{0,1\}^{m(\kappa)} \}$$ such that for any non-uniform quantum polynomial-time (QPT) adversary $A$, the probability of inversion is negligible: $$\Pr_{x \leftarrow \{0,1\}^{n(\kappa)}} \left[ f_\kappa(y) = f_\kappa(x) : y \leftarrow A(1^\kappa, f_\kappa(x), |\psi_\kappa\rangle) \right] \leq \text{negl}(\kappa).$$ This definition is realized within simulation-based frameworks where the adversary may be given quantum advice (Bartusek et al., 2020).

Quantum one-way state generators (OWSGs) generalize this concept to quantum outputs: a QPT algorithm outputs a state $\rho_k$, and it is computationally infeasible, even for quantum computing adversaries with multiple copies of $\rho_k$, to find a key $k'$ such that a verification predicate accepts $(k', \rho_k)$ (Malavolta et al., 2024). Other foundational quantum primitives include exponentially-unforgeable indistinguishability (EFI) pairs (quantum analogs of statistical vs. computational indistinguishability), serving as a decisional counterpart to OWSGs.

Quantum-secure OWFs can also be instantiated as physical processes or probabilistic quantum-classical maps that are provably information-theoretically one-way, maintaining security even against computationally unbounded adversaries (Yin, 2024).

2. Constructions and Candidate Families

2.1 Lattice and Structured OWFs

Lattice-based OWFs, such as the Learning With Errors (LWE) family, underpin many post-quantum cryptographic protocols. Notably, the extended noisy trapdoor claw-free function (NTCF) constructions generalize the 2-to-1 Regev protocol to $\kappa$-to-1 mappings, achieving strong one-way and claw-freeness properties provably based on the quantum hardness of LWE:

• Each map $f_{k,b}(x) = A x + e_0 + b t$ (with trapdoor inversion, efficient superposition sampling, and exact preimage multiplicity).
• Security reductions tie breaking preimage or claw-finding to solving LWE and the extrapolated dihedral coset problem (EDCP) (Yan et al., 2022).

2.2 Hash-Based and Permutation-Based OWFs

Hash-based OWFs remain a practical cornerstone. A principal example is the single-round sponge with invertible permutations (e.g., SHA-3's Keccak core) where the one-wayness against quantum adversaries has been recently established:

• Inverting the map $Sp^F(x) = F(x\|0^c)_r$, where $F$ is a random permutation, requires $\Omega(2^{r/2})$ queries (Grover-type optimal) in the quantum random oracle model (QROM) (Carolan et al., 2024). Security proofs employ symmetrization under Young subgroups and reductions to the double-sided zero-search problem.

2.3 Group-Theoretic and Physical OWFs

OWFs can be constructed from group-theoretic problems conjectured to be outside BQP. For example:

• Exponentiation in large, high-order subgroups of the symmetric group $S_{381}$: $f_{\mathrm{CDL}}(a) = p^a$, with inversion (generalized discrete log) assumed hard for quantum algorithms due to the absence of efficient non-abelian Fourier transforms (Hecht, 2017).
• Physical primitives based on boson sampling are founded on the #P-hardness of the permanent and the conjectured classical and quantum intractability of approximate boson sampling. The output combines empirical binning statistics and sampling bootstraps to yield a function exhibiting exponential separation between forward and inversion cost (Nikolopoulos, 2019).

2.4 Quantum-Information–Theoretic OWFs

Some OWFs achieve provable information-theoretic one-wayness by encoding classical data as phases of random quantum states, such that even unbounded adversaries see maximally mixed states and gain no information on the input. Virtual measurement maps these to classical functions with Bayes-Neyman mutual information zero, underpinning unconditionally secure protocols (Yin, 2024).

3. Security Reductions, Equivalences, and Limitations

3.1 Reductions and Black-Box Constructions

Quantum-hard OWFs admit black-box reductions to statistically-binding, computationally-hiding commitments, which can be further compiled (via quantum rewinding and BB84/commitment hybrids) into extractable and equivocal commitments. The celebrated Crépeau–Kilian framework then upgrades these to simulation-secure quantum oblivious transfer (QOT), which suffices for general-purpose secure quantum computation (Bartusek et al., 2020). In contrast to the hierarchy in classical cryptography, where OT is strictly stronger than OWF, in the quantum domain OWFs suffice to build QOT.

3.2 Equivalence of Search and Decisional Quantum One-Wayness

Recent work establishes that inefficiently-verifiable OWSGs (where the verification may be unbounded) are equivalent to EFI pairs, up to exponential losses in security. That is, any efficient search-like one-wayness (OWSG) implies decisional one-wayness (EFI) with exponential parameter loss, and vice versa (Malavolta et al., 2024). For pure states, this correspondence can sometimes be achieved with only polynomial loss, but for mixed states the reduction necessarily incurs exponential degradation. This underlies the subtlety of quantum one-wayness: search- and decisional-type primitives coalesce only with substantial quantitative penalty.

3.3 Physical and Information-Theoretic Barriers

The existence of post-quantum OWFs in quantum information theory is sometimes decoupled from computational complexity. Information-theoretic OWFs exploit properties of quantum randomness and the density matrix formalism, achieving security levels unattainable by classical means (e.g., output indistinguishability even for unbounded adversaries) (Yin, 2024).

4. Applications and Cryptographic Consequences

4.1 Core Primitives

Post-quantum OWFs serve as:

• Foundations of hash functions, symmetric cryptography, and randomized signature schemes.
• Building blocks for bit commitment, extractable/equivocal commitment, oblivious transfer, and secure multiparty computation under quantum security models (Bartusek et al., 2020).
• Sources for quantum pseudorandomness, e.g., quantum-secure pseudorandom generators and functions (Castro, 2016), and for multi-preimage primitives (claw-free functions supporting proof of quantumness, commitment, zero-knowledge, and OT) (Yan et al., 2022).

4.2 Alternative Quantum Constructions

Quantum pseudorandom states (PRS) enable commitments and digital signatures even in the absence of classical one-way functions, breaking standard classical cryptographic equivalence results. PRS-based commitments achieve computational hiding and statistical binding; quantum public-key signatures become possible using only PRS, showing that one-wayness is not always necessary for quantum primitives (Morimae et al., 2021).

4.3 Unconditional Security and Physical Key Distribution

Information-theoretic quantum OWFs (e.g., based on phase encoding and maximally mixed outputs) can directly yield key distribution, encryption, and authentication schemes with provable unconditional security, filling a gap unbridgeable in classical cryptography (Yin, 2024).

5. Open Problems and Future Directions

• Equivalence Gaps: Can the exponential gap in the OWSG⇔EFI equivalence be closed? Is there a polynomial-time, efficient-verification reduction in the general mixed-state case (Malavolta et al., 2024)?
• Quantum Commitments and PRS: What is the minimal assumption for pseudorandom quantum states in the standard model, and can many-time quantum public-key signatures be built from these (Morimae et al., 2021)?
• Trapdoorless Hashing: Development of non-trapdoor, collision-admitting post-quantum OWFs unrelated to algebraic problems, such as those from boson sampling (Nikolopoulos, 2019).
• Hardness under Quantum Attacks: Tighten the underpinning complexity-theoretic reductions for candidate post-quantum OWFs, especially those based on physical or non-standard mathematical phenomena (Hecht, 2017, Nikolopoulos, 2019).
• Efficiency and Applicability: Reduce round complexity in quantum OT constructions, optimize overheads, and experiment with hardware-friendly implementations (Bartusek et al., 2020, Hecht, 2017).

6. Table of Selected Post-Quantum OWF Constructions

Construction/Family	Security Assumption	Key Features / Hardness Source
LWE-based NTCF ($\kappa$-to-1)	Quantum LWE	Trapdoor invertible, many-preimage, bridges EDCP (Yan et al., 2022)
Single-round sponge (SHA-3 core)	QROM, random/invertible perm	Proven quantum Grover-bound one-wayness, symmetric (Carolan et al., 2024)
Boson sampling OWF	#P-hard permanents, quantum optics	Empirical, not trapdoor, collision-admitting (Nikolopoulos, 2019)
S_{381} cyclic subgroup OWFs	GDLP/DCP in S_n non-Abelian	Combinatorial, arithmetic-free, no known quantum attack (Hecht, 2017)
Quantum one-way permutation (Levin)	Existence of classical OWF	Universal, unitary quantum circuit, Goldreich-Levin HC bit (Castro, 2016)
Phase-encoded quantum OWF	Information-theoretic, quantum randomness	Unconditional adversary resistance, classical or quantum (Yin, 2024)

7. Fundamental Insights and Theoretical Impact

Post-quantum one-way functions not only underpin cryptography in the presence of quantum computers, but also reveal deep connections between quantum algorithms, physical complexity, and information theory. The paradigm shift includes both a strengthening (information-theoretic one-way functions) and a nuanced weakening (equivalence collapses between search versus decisional variants, and between OWFs and commitments). The field remains in active flux, with increasing unification of algebraic, probabilistic, and physical approaches shaping the ongoing search for quantum-robust cryptographic foundations.