Parallel-Query Pseudorandom Unitaries
- Parallel-query pseudorandom unitaries are ensembles of efficiently implementable unitaries that mimic Haar-random behavior under batched quantum oracle queries.
- They combine random Clifford gates, pseudorandom binary phase and permutation operators to achieve strong security even against adaptive adversaries.
- These constructions bridge unitary designs, quantum query complexity, and quantum cryptography, enabling practical simulations of Haar queries in quantum protocols.
Parallel-query pseudorandom unitaries are ensembles of efficiently implementable unitaries that are intended to be indistinguishable from Haar-random unitaries to quantum distinguishers with oracle access, in regimes where access may be batched, entangled, and non-adaptive, or more generally where arbitrary polynomial-time oracle access is allowed. In the non-adaptive formulation, the distinguisher prepares an arbitrary joint input state and applies a single parallel call ; in the full oracle formulation, it may interleave polynomially many calls to with arbitrary quantum computation, and in the strong formulation it may also query . The subject therefore sits at the intersection of unitary designs, quantum query complexity, and quantum cryptography, with the main conceptual divide being between parallel-only security and full adaptive security (Metger et al., 2024, Ma et al., 2024).
1. Oracle models and definitions
The standard oracle model for pseudorandom unitaries fixes an -qubit oracle unitary acting on a query register , together with an ancilla or workspace register of qubits. A forward-only -query adversary is parameterized by inter-query unitaries on 0, and its final state is
1
In the strong setting, the adversary may alternate between forward and inverse queries. Writing 2, with 3 denoting 4 and 5 denoting 6, the final state is
7
A family 8, with 9, is a pseudorandom unitary family if it is efficiently computable and if no polynomial-time oracle adversary can distinguish 0 from Haar-random with more than negligible advantage; a strong PRU is secure even when the adversary can query both 1 and 2 (Ma et al., 2024).
The non-adaptive, or parallel-query, formulation specializes this oracle model to a single batch query. The distinguisher prepares an arbitrary state 3, applies 4 once on registers 5, and then performs an arbitrary measurement. Security is equivalently phrased as computational indistinguishability of
6
In this sense, “parallel-query PRU” originally meant indistinguishability under one use of 7, whereas later work uses the full oracle model and thereby strictly contains the parallel setting as a special case (Metger et al., 2024).
A recurring source of confusion is that the full oracle model already includes substantial parallelism. A single oracle call acts on the entire query register, so it automatically supports superpositions over all 8 basis inputs. What the formalism counts is the number of oracle uses 9, not a notion of rounds. This means that adaptivity, superposition queries, and arbitrary entanglement are unconstrained; only total oracle-gate complexity is polynomially bounded (Ma et al., 2024).
2. Non-adaptive and parallel-query constructions
The first explicit non-adaptive construction uses the composition
0
where 1 is a random Clifford unitary, 2 is a pseudorandom binary phase operator
3
and 4 is a pseudorandom permutation operator
5
Assuming quantum-secure one-way functions, and hence quantum-secure PRFs and PRPs, this ensemble is secure against non-adaptive distinguishers, meaning that no efficient quantum query algorithm allowed a single application of 6 can distinguish it from Haar randomness (Metger et al., 2024).
A closely related line of work introduced the 7 ensemble,
8
with 9 a random computational-basis permutation, 0 a random binary phase operator, and 1 a random Clifford unitary. The key information-theoretic statement is that the 2 ensemble is a diamond 3-approximate 4-design with
5
Because this error is negligible for polynomial 6, replacing the truly random classical pieces by pseudorandom function and permutation families yields non-adaptive PRUs. The same framework also gives adaptive pseudorandom isometries once the unitary model is relaxed to isometries from 7 to 8 qubits (Metger et al., 2024).
A second construction lifts random permutations on 9 to random unitaries on 0, 1, by forming products of exponentials of sparse Hermitian matrices built from phased permutations. The resulting ensemble is shown to approximate Haar moments up to 2, and substituting 3-wise independent permutations gives efficient 4-designs, while substituting quantum-secure PRPs gives a parallel-secure PRU. In that framework, the operational distinguishability of an ensemble 5 under 6 parallel queries is captured by the diamond norm between the twirling channels
7
and the Haar twirl 8 (Chen et al., 2024).
These works established a precise parallel-query notion but also exposed its limitation. The non-adaptive model captures a single global batch 9, whereas adaptive distinguishers may interleave arbitrary channels between oracle calls. The early papers therefore left open whether the same simple 0-type constructions remain secure against fully adaptive distinguishers, and that gap became the main structural question for PRUs (Metger et al., 2024, Metger et al., 2024).
3. Full existence theorems for standard and strong PRUs
The general existence question was resolved by proving that pseudorandom unitaries exist assuming any quantum-secure one-way function exists. Two variants were established. For standard PRUs, secure against forward-only oracle adversaries, the construction is
1
where 2 is a random permutation of 3, 4 is a random Boolean function on 5, 6, 7, and 8 is drawn from an exact unitary 2-design such as the random Clifford group. For every 9-query adversary,
0
Replacing the truly random permutation, function, and 2-design pieces by pseudorandom counterparts under quantum-secure one-way functions yields a computational PRU (Ma et al., 2024).
For strong PRUs, secure against adversaries that can query both 1 and 2, the construction becomes
3
where 4 is now ternary, 5 with 6, and both 7 and 8 come from a unitary 2-design. The statistical bound for every 9-query forward-and-inverse adversary is
0
This gives strong computational PRUs under the same quantum-secure one-way-function assumption (Ma et al., 2024).
These theorems are stronger than the earlier parallel-only results in two ways. First, the security definition is not restricted to a single batch call 1, but quantifies over arbitrary polynomial-time oracle circuits. Second, the strong notion explicitly allows inverse access. A non-adaptive parallel distinguisher is therefore just one special case of the general theorem. This suggests that the conceptual distinction is not “parallel versus non-parallel” in isolation, but rather “single-batch non-adaptive access versus unrestricted oracle access” (Ma et al., 2024).
4. Path-recording simulation of Haar queries
The conceptual core of the adaptive theory is the path-recording oracle. In the forward-only case, for an 2-qubit Haar-random unitary 3, one defines an efficiently implementable linear map 4 acting on the query register together with a relation register 5 that stores pairs 6. In simplified form,
7
It maps an input 8 to a uniform superposition over currently unused outputs 9, while recording the pair in 0. For every 1-query algorithm,
2
Thus any algorithm making up to 3 queries to a Haar-random unitary can be simulated by an explicit efficient quantum circuit up to trace distance 4 (Ma et al., 2024).
When inverse queries are allowed, the bookkeeping is richer. The strong-security analysis introduces forward and inverse relation registers, partial path-recording isometries, and a symmetrized fully defined oracle 5 that reproduces the purified dynamics of the ternary permutation-function construction. The corresponding simulation theorem states that for any 6-query forward-and-inverse algorithm,
7
The paper’s abstract summarizes the upshot more broadly: any algorithm that makes queries to a Haar-random unitary can be efficiently simulated on a quantum computer, up to inverse-exponential trace distance (Ma et al., 2024).
The importance for parallel-query security is that these simulation bounds depend only on 8 and 9, not on the temporal organization of queries. The proofs reason about the full joint adversary state after 00 oracle uses, together with projectors onto “distinct” subspaces and variable-length relation registers encoding full coherent histories. This removes any need for a sequential Markovian interpretation of the oracle interaction (Ma et al., 2024).
5. How parallel access fits into the modern theory
In the single-oracle setting, the standard quantum oracle model already subsumes parallel-query strategies. A single call 01 acts on the full 02-dimensional query register and therefore supports superpositions over all classical inputs. A non-adaptive batch adversary that applies 03 once is just a special case of a more general oracle algorithm, and the full PRU and strong-PRU definitions strictly contain such models (Ma et al., 2024).
Earlier non-adaptive papers made this distinction explicit. In the non-adaptive model, the relevant object is one global twirl channel on 04 copies, and the proof strategy reduces everything to the comparison of
05
That analysis is sufficient for batch security but does not automatically address arbitrary adaptive compositions
06
which explains why adaptive security remained open in the unitary case even after non-adaptive PRUs had been constructed (Metger et al., 2024).
A second misconception concerns “many independent parallel oracle instances.” The single-oracle theory does not explicitly formalize a multi-instance model in which the adversary receives independent oracles 07 and can query them all in parallel. The full adaptive PRU proofs are stated for repeated uses of one oracle instance. The paper notes that if one wants 08 independent parallel queries to an 09-qubit unitary, that corresponds to a different oracle model, and it is not explicitly treated. A plausible implication is that many applications can still be reduced to a larger single-instance Hilbert space, but this extension is not part of the formal theorem (Ma et al., 2024).
The gluing perspective reinforces the same point. Low-depth constructions built from overlapping local Haar blocks are analyzed through the adversary’s joint state and overall query count rather than any syntactic notion of rounds, which is why the resulting indistinguishability statements are naturally compatible with wide, low-depth, highly parallel oracle use (Ma et al., 2024, Metger et al., 2024).
6. Stronger oracle models, idealized variants, and later extensions
The inverseless Haar random oracle model provides an idealized benchmark for parallel-query pseudorandomness. In that model, all parties share access to a common Haar-random unitary 10, but not to 11. It was shown that unbounded-query secure PRUs exist with a construction that makes two calls to the Haar oracle, while any construction making only a single call to the Haar oracle cannot achieve unbounded-query security. The single-call regime nevertheless admits bounded-query secure PRUs, with a threshold around 12 queries in the parallel or non-adaptive setting (Ananth et al., 2024).
A distinct idealized model, the invertible quantum Haar random oracle model, gives all parties access to a common Haar-random unitary and its inverse. In that setting, classically-accessible adaptive secure pseudorandom function-like state generators were constructed, but simple keyed-unitary templates such as
13
were shown not to be quantum-accessible PRFSGs and in particular not to be PRUs. The attack uses a Simon-type quantum procedure and exploits coherent access to both the public Haar unitary and the keyed construction. This demonstrates that not every apparently natural “mask a Haar unitary by simple conjugation” template survives quantum parallel access (Hhan et al., 2024).
The strongest post-2024 extension enlarges the oracle model beyond 14 and 15 to include 16 and 17. This work introduces strong unitary designs and strong PRUs that remain robust under all such queries, including parallel and adaptive access patterns, and proves constructions of depth 18 for strong designs and 19 for ancilla-free strong PRUs. Its motivation is that butterfly-effect experiments, Hayden–Preskill decoding, and related scrambling diagnostics use precisely these richer oracle interfaces, which conventional designs and strong PRUs do not cover (Schuster et al., 30 Sep 2025).
Taken together, these results give a layered picture of parallel-query pseudorandomness. Non-adaptive PRUs address one batch 20; standard and strong PRUs address arbitrary polynomial-time oracle use of 21 and possibly 22; and later strong-design notions extend further to 23 and 24. This suggests that “parallel-query pseudorandom unitary” is best understood not as one single definition, but as a family of oracle indistinguishability notions ordered by the richness of the allowed query interface and the extent of adaptivity they permit.