Adaptive security of the PRU construction

Establish adaptive security for the pseudorandom unitary ensemble U_k = P_{k_1} F_{k_2} C_{k_3}, where P_{k_1} is a pseudorandom permutation, F_{k_2} is a pseudorandom binary phase operator, and C_{k_3} is a random Clifford unitary, by proving that for any polynomial-time quantum distinguisher with sequential adaptive query access, U_k is computationally indistinguishable from a Haar-random unitary.

Background

The paper constructs non-adaptive pseudorandom unitaries by derandomizing the PFC ensemble (product of permutation, phase, and Clifford). While they prove non-adaptive security, adaptive security—where the distinguisher may query the unitary sequentially based on past outcomes—remains beyond their current proof techniques.

They can prove adaptive security for related pseudorandom isometries (PRIs) with a small number of additional output qubits, but not for full PRUs. The authors explicitly conjecture that their PRU construction is adaptively secure, indicating a concrete unresolved question regarding full adaptive security.

References

We conjecture that our PRU construction is also adaptively secure, but so far we are not able to prove adaptive security for the case of unitaries.

Simple constructions of linear-depth t-designs and pseudorandom unitaries (2404.12647 - Metger et al., 19 Apr 2024) in Section 6.1 (Pseudorandom isometries with adaptive security)