Pseudorandom Quantum States

Updated 20 August 2025

Pseudorandom quantum states are efficiently generable ensembles defined to be computationally indistinguishable from Haar-random states for quantum adversaries.
They are constructed using methods such as binary phase techniques, amplitude randomization, and scalable circuits that leverage quantum-secure primitives.
These states have practical implications in quantum cryptography, enabling secure quantum money, encryption schemes, and advances in quantum complexity theory.

A pseudorandom quantum state (PRS) is an efficiently generable quantum state ensemble that is computationally indistinguishable from Haar-random states, even when polynomially many copies are given to any quantum polynomial-time adversary. PRS have emerged as a cornerstone concept at the intersection of quantum cryptography, complexity theory, quantum information science, and the physical modeling of scrambling and entanglement. Their defining property is that, for the relevant set of adversaries (typically BQP), no efficient algorithm can distinguish samples from the PRS family and truly Haar random states up to negligible advantage, despite the fact that PRS can have structured, efficiently samplable descriptions through classical seeds or circuit keys. Recent research demonstrates the breadth of constructions, resource trade-offs, complexity-theoretic positioning, and cryptographic consequences of PRS, as well as a surprising diversity of “pseudorandomness” notions, such as PRS for shallow circuits, adaptive PRFS generators, scalable PRS, and function-like state structures. The following sections provide a structured technical overview.

1. Formal Definitions and Core Properties

Let $n$ denote the number of qubits and $\lambda$ a security parameter. A family of pseudorandom quantum states is an ensemble $\{|\phi_k\rangle\}_{k\in \{0,1\}^\lambda}$ generated by an efficient quantum circuit $G(k)$ for each key $k$ , such that for every quantum polynomial-time (QPT) adversary $A$ and for any polynomial $t(\lambda)$ ,

$\bigg| \Pr_{k}\left[A\left(|\phi_k\rangle^{\otimes t(\lambda)}\right) = 1 \right] - \Pr_{|\psi\rangle\sim\text{Haar}}\left[A\left(|\psi\rangle^{\otimes t(\lambda)}\right) = 1\right] \bigg| \leq \text{negl}(\lambda).$

The Haar-random $n$ -qubit state is the uniform measure on $\mathbb{C}^{2^n}$ with the Fubini-Study metric. The indistinguishability must hold even for polynomially many copies and any measurement implementable in quantum polynomial time.

Key cryptographic and complexity properties:

Efficient generation: PRS are produced deterministically using a classical key and quantum circuit, often leveraging a quantum-secure pseudorandom function (Ji et al., 2017, Brakerski et al., 2019, Ananth et al., 2022), a quantum one-way function (Ananth et al., 2021), or under quantum-only assumptions such as the Hamiltonian Phase State (HPS) problem (Bostanci et al., 10 Oct 2024).
Non-cloning: Even with a reflection oracle $O_{\phi} = 1-2|\phi\rangle\langle\phi|$ and polynomially many copies, no QPT adversary can clone beyond the originally issued sample count (Ji et al., 2017).
Scalability: For scalable PRS, the security parameter $\lambda$ can be set arbitrarily high independently of $n$ , yielding trace distance indistinguishability negligible in $\lambda$ for adversaries with arbitrary resources polynomial in $\lambda$ (Brakerski et al., 2020, Batra et al., 30 Jul 2025).
Extension to PRFS: PRS generalize to pseudorandom function-like state (PRFS) generators, where the adversary can make adaptive, possibly quantum, queries to an oracle $G(k,x)$ (Ananth et al., 2022, Batra et al., 30 Jul 2025).

2. Constructions: Families, $t$ -Designs, and Efficient Circuits

Historic and modern PRS constructions include both information-theoretic and computational approaches and can be specialized for trade-offs in complexity, resource requirements, or practical implementability.

Binary Phase and Random Phase PRS

The canonical PRS is constructed using random (or pseudorandom) phase oracles: $|\phi_k\rangle = \frac{1}{\sqrt{2^n}}\sum_{x\in\{0,1\}^n} \omega_{2^n}^{\mathrm{PRF}_k(x)} |x\rangle,\qquad \omega_{2^n} = e^{2\pi i/2^n}$ where $\mathrm{PRF}_k$ is a quantum-secure pseudorandom function (Ji et al., 2017). A significant refinement by Brakerski and Shmueli (Brakerski et al., 2019) confirms that it suffices to take

$|\phi_k\rangle = \frac{1}{\sqrt{2^n}} \sum_{x} (-1)^{\mathrm{PRF}_k(x)}|x\rangle,$

achieving exponentially small trace distance from the Haar average for polynomially many copies. The circuit consists of a Hadamard layer followed by a classical reversible circuit (e.g., Toffoli gates) implementing the PRF or a $2t$-wise independent function (for $t$ -designs), yielding polylogarithmic-depth circuits.

Scalable and Amplitude-Randomized PRS

Brakerski, Shmueli et al. (Brakerski et al., 2020) and (Batra et al., 30 Jul 2025) show constructions where amplitudes, not just phases, are randomized: $|\psi\rangle = \frac{v}{\|v\|},\quad v_x = g(f(x))$ where $f$ is a random or quantum-secure PRF and $g$ is a discretized Gaussian sampler; normalization is ensured via quantum rejection sampling. This yields scalable PRS: indistinguishability from Haar up to any negligible function in a tunable security parameter, independent of the state size.

PRFS and Adaptive Query Security

PRFS generator $G(k,x)$ yields a quantum state $|\psi_{k,x}\rangle$ for input $x$ , and its outputs are computationally indistinguishable from Haar-random, even under adaptively chosen or quantum superposition queries (Ananth et al., 2022, Batra et al., 30 Jul 2025). Construction typically uses quantum-secure PRFs secure to quantum queries, and efficient deterministic classical samplers for auxiliary distributions (e.g., Beta, Gamma) to implement probability amplitudes of the superposition.

Circuit Complexity and t-Designs

PRSGs built as binary phase states with $2t$-wise independent functions yield explicit state t-designs, with circuit depth $O(\text{polylog}(n, t))$ (Brakerski et al., 2019). For scalable $t$ -designs, the circuit size is bounded by the complexity of $(2t)$ -wise independent function computation.

Construction	Circuit Depth	Core Resource
Binary phase (PRF)	Polylogarithmic	Hadamard + reversible
Amplitude-randomized	Poly(n,λ), logarithmic in t	Hadamard + Gaussian sampling
Hamiltonian Phase	Shallow IQP	Z-rotations, CNOT

3. Complexity Separations, Scalability, and Oracle Results

PRS occupy a unique place in quantum complexity theory, with various oracle separations and results on scalability.

Existence of PRS (and PRFS) does not require quantum-secure one-way functions; oracles relative to which one-way functions do not exist but PRS do, have been constructed (Ananth et al., 2021, Kretschmer, 2021).
It is not possible to "shrink" a PRS output from polynomial to logarithmic qubit size in a black-box way while preserving the pseudorandomness property, relative to Kretschmer's oracle (Bouaziz--Ermann et al., 20 Feb 2024). Thus, "short" PRS cannot always be derived from "long" PRS.
PRS admit security parameter "stretching": scalable PRS can achieve trace distance indistinguishability $\leq \mathrm{negl}(\lambda)$ on $t(\lambda)$ copies, for arbitrarily large $\lambda$ and any fixed $n$ (Brakerski et al., 2020, Batra et al., 30 Jul 2025).
Black-box separations exist between PRS and single-copy PRS (1PRS), with the latter attainable from an isometry oracle (i.e., a single Haar random state), while the former cannot be constructed from it in a black-box fashion (Chen et al., 4 Apr 2024).

4. Cryptographic Primitives and Applications

Pseudorandom quantum states underpin a growing taxonomy of quantum cryptographic and information-theoretic primitives:

Private-key quantum money: A banknote is a PRS $|\phi_k\rangle$ ; verification measures overlap with the keyed state. Security follows from computational non-cloning (Ji et al., 2017).
Commitment and one-time encryption: PRFS with logarithmic- or polylogarithmic-length outputs enable bit commitment and encryption with only classical communication, constructed using verifiable classical tomography (Ananth et al., 2022).
Authenticated encryption and verifiable pseudorandom density matrices: Efficient authentication schemes encrypt a quantum state by scrambling with a PRU and inserting maximally mixed qubits, resulting in encryption indistinguishable from the maximally mixed state and enabling robust verification and decryption (Haug et al., 1 Jan 2025).
Quantum pseudoentanglement: Two quantum state ensembles, each individually efficiently generable and with distinct (e.g., volume-law vs area-law) entanglement structure, can be constructed to be computationally indistinguishable (Bostanci et al., 10 Oct 2024).
Quantum resources for shallow circuits: Unconditional PRS and pseudoentanglement (i.e., low-entropy but "shallow-hard") can be realized against QNC $^0$ and AC $^0\circ$ QNC $^0$ circuits using only 2-designs or random phased subspace states with 4-wise independent phases (Ghosh et al., 24 Jul 2025).

5. Resource Theory, Pseudoresource States, and Near-Term Realizations

Recent advances characterize the minimum quantum resources required for PRS to fool various computational observers:

Resource trade-offs: For an observer with runtime-bound $T(n)$ , one can construct a $T$ -PRS ensemble $\{|\psi\rangle\}$ with expected stabilizer Rényi- $\alpha$ entropy $M_\alpha(\psi)$ (the "magic") lower-bounded by (Tanggara et al., 24 Apr 2025):

$M_\alpha(\psi) \geq -\frac{\log(\eta_{T(n)}) + \log(1 + 2^{-(\alpha-1)\tau(n)}/\eta_{T(n)})}{\alpha-1},$

where $\tau(n)=\Theta(n)$ for Haar-random states and $\eta_{T(n)}$ is a negligible function for the restricted observer. The "magic gap" between the PRS and Haar ensemble increases for weaker observers.

Pseudoentanglement: PRS ensembles with low intrinsic entanglement can be pseudoentangled against shallow adversaries (e.g., QNC $^0$ circuits cannot distinguish them from volume-law entangled Haar-like states) (Ghosh et al., 24 Jul 2025).
Experimental realization: Direct and KAK methods for preparing pseudo-random states with nearly maximal entanglement have been benchmarked on superconducting and ion-trap quantum devices; circuit structure and hardware connectivity strongly influence fidelity (Cenedese et al., 2023).

6. Extensions: Adaptive Security, Scramblers, Subset States, and New Hardness

Adaptive and quantum-accessible PRFS: Recent constructions admit adversaries with adaptive, possibly superposition, query access to the state generator oracle (Ananth et al., 2022, Batra et al., 30 Jul 2025).
Scramblers and dispersing properties: PRSS (Pseudorandom State Scramblers) map arbitrary input states to output distributions statistically close to Haar and can generate $\epsilon$ -nets in state space, with parallel Kac's walk and two-phase couplings yielding exponentially faster mixing (Lu et al., 2023).
Random subset states: Even equal-amplitude subset superpositions $\frac{1}{\sqrt{|S|}}\sum_{x\in S}|x\rangle$ (with random $S$ ) can achieve negligible trace distance to Haar for suitable $S$ size, and can constitute pseudorandom ensembles without the need for random phases (Giurgica-Tiron et al., 2023).
Quantum-only hardness: Hamiltonian Phase States, constructed from IQP circuits, yield PRS, PRUs, one-way state generators, and pseudoentanglement, under an assumption (HPS assumption) not known to imply OWFs and efficiently realizable in practice (Bostanci et al., 10 Oct 2024).

7. Shallow Circuit Pseudorandomness and Unconditional Security

While most PRS constructions require computational assumptions for BQP adversaries, unconditional security is achievable for restricted models:

For QNC $^0$ and AC $^0 \circ$ QNC $^0$ adversaries, any 2-design is a computationally unconditionally secure PRS, as only reduced subsystems of the circuit's "lightcone" influence the output (Ghosh et al., 24 Jul 2025).
Random phased subspace states with 4-wise independent phases suffice for shallow circuit pseudoentanglement and pseudorandomness.
Unitary 2-designs yield unconditionally parallel-query pseudorandom unitaries for geometrically local shallow quantum circuits.

Table: Landscape of PRS Constructions and Security

PRS Type / Construction	Key Assumption	Security (Adversaries)	Notable Feature
Binary phase PRS	Quantum-secure PRF	BQP	Hadamard + reversible logic
Amplitude-randomized, scalable PRS	Quantum-secure PRF or random fn	BQP, scalable to large λ	Arbitrary security parameter
Subset (real) state PRS	Pseudorandom permutation	Even information-theoretic	No phase necessary
PRFS (quantum-accessible, adaptive)	Quantum-secure PRF	BQP (adaptive quantum query)	Adaptive security
Shallow-circuit PRS/PE (e.g., 2-design)	None	QNC $^0$ , AC $^0\circ$ QNC $^0$	Unconditional security
Hamiltonian Phase States (HPS)	Quantum HPS assumption	BQP	IQP circuit-based, no classical OWF
Scramblers/PRSS	Quantum-secure PRF/permutation	BQP	Scrambles arbitrary input state

References

Pseudorandom states, non-cloning, quantum money (Ji et al., 2017)
Binary-phase PRS, t-designs, efficient circuits (Brakerski et al., 2019)
Scalable PRS and Gaussian amplitude randomization (Brakerski et al., 2020)
Hamiltonian phase states, quantum-only hardness (Bostanci et al., 10 Oct 2024)
PRFS, adaptive and quantum access (Ananth et al., 2022, Batra et al., 30 Jul 2025)
Unconditional pseudorandomness for shallow circuits (Ghosh et al., 24 Jul 2025)
Subset state pseudorandomness (Giurgica-Tiron et al., 2023)
Black-box separations and shrinking (Bouaziz--Ermann et al., 20 Feb 2024, Chen et al., 4 Apr 2024)
Authentication via PRUs, verifiable pseudorandom density matrices (Haug et al., 1 Jan 2025)
Near-term PRS and pseudoresource gaps (Tanggara et al., 24 Apr 2025)
Pseudorandom state scramblers, dispersing nets (Lu et al., 2023)

The pseudorandom quantum state framework thus encompasses a taxonomy of constructions, applications, and complexity-theoretic implications, with ongoing advances clarifying the boundaries of efficient simulation of Haar randomness, the quantum–classical dichotomy in cryptographic assumptions, and the resource requirements for practical and foundational quantum information processing.