Pseudorandom State Generators (PRSGs)

• PRSGs are mechanisms that expand a short seed into a state appearing random under strict statistical and computational tests.
• They underpin cryptographic and complexity applications, with classical constructions mirroring PRNGs and quantum variants mimicking Haar randomness.
• Recent methods employ techniques like Gaussian sampling and quantum tomography to achieve scalable outputs with strong pseudorandomness guarantees.

A pseudorandom state generator (PRSG) is a mathematical or algorithmic mechanism—classically or quantumly implemented—that expands a short, random (or secret) input into a “state” which appears random to a specified class of tests, adversaries, or algorithms. In the classical setting, PRSG is virtually synonymous with pseudorandom number generators (PRNGs) in the form of stateful generators and their iterates; in the quantum setting, PRSGs generalize to efficient circuits preparing quantum states whose distribution is computationally indistinguishable from the uniform (Haar) distribution over the relevant Hilbert space, or that implement function-like or isometric mappings with pseudorandomness properties. PRSGs are foundational in cryptography, computational complexity, derandomization, and quantum information—their structure, expansion, and limitations fundamentally shape what can be cryptographically or algorithmically accomplished.

1. Fundamental Definitions and Security Notions

A classical PRSG expands a short seed into a sequence of “states” (internal configurations) that pass a battery of statistical and computational tests. In the quantum domain, the canonical notion—introduced by Ji, Liu, and Song—is an ensemble of efficiently generated quantum states $|\phi_k\rangle$ indexed by a key $k \in \{0,1\}^\lambda$ such that for every polynomial-time quantum distinguisher $\mathcal{A}$ and polynomial $t(\lambda)$,

$$\left| \Pr_k\left[\mathcal{A}(|\phi_k\rangle^{\otimes t(\lambda)}) = 1\right] - \Pr_{|\psi\rangle \leftarrow \text{Haar}} \left[\mathcal{A}(|\psi\rangle^{\otimes t(\lambda)}) = 1\right] \right| \leq \text{negl}(\lambda).$$

For PRSGs producing quantum states (“pseudo‐random quantum state generators,” or “PRS generators”), and their generalizations to function-like scenarios (PRFSGs), isometries (PRIs), or unitaries (PRUs), the indistinguishability may be defined for quantum adversaries, classical adversaries, or both, and can be statistical or computational depending on assumptions.

PRSG security crucially depends on the indistinguishability from appropriate “maximally random” reference distributions (uniform bitstrings, Haar-random quantum states, etc), even when the adversary is granted polynomially many samples or (in some models) adaptive access to an oracle or circuit.

2. Classical and Quantum Instantiations

Classically, PRSGs encompass:

• Chaos-based PRNGs using iterate functions with strongly connected iteration graphs to ensure Devaney chaos and state space traversal; selection of functions is via graph-theoretic criteria and statistical deviation minimization (Bahi et al., 2011).
• Code-based PRNGs such as RankSynd, relying on the hardness of the syndrome decoding problem for rank metric codes; expansion is achieved via iterative encoding and syndrome computation, with security derived from NP-hardness and quantum search lower bounds (Gaborit et al., 2016).
• Reinforcement learning–driven PRNGs that learn update policies via environmental feedback, optimized to pass statistical test suites such as NIST (Pasqualini et al., 2019).
• Parameterized stateful constructions such as Collatz–Weyl Generators, combining generalized Collatz mappings and Weyl sequences to achieve mixing, uniformity, high throughput, and multi-stream separation (Działa, 2023).

Quantumly, PRSGs generalize to preparing states $|\phi_k\rangle$ that are computationally indistinguishable from Haar-random states with respect to quantum adversaries—even with many copies—or that output function-like or isometric mappings:

• Scalable PRSGs: Algorithms that, given a short seed and parameters $n, \lambda$, prepare $n$-qubit states with security parameter $\lambda$, where security can vastly exceed $n$; construction uses Gaussian sampling for both amplitudes and phases, and quantum rejection sampling to ensure statistical indistinguishability (Brakerski et al., 2020, Batra et al., 30 Jul 2025).
• Function-like and scrambler variants: PRFSGs and PRSSs enable pseudorandomness on arbitrary state inputs (rather than only $|0\rangle^{\otimes n}$), exhibit dispersing properties (forming $\epsilon$-nets in Hilbert space), and underpin quantum encryption and commitment (Lu et al., 2023).
• Hybrid and quantum pseudorandom generator (QPRG) constructions: PRSGs on $O(\log\lambda)$ qubits enable classical string extraction pseudodeterministically using quantum tomography, providing a bridge to classical pseudorandomness and hybrid cryptographic protocols (Ananth et al., 2023).
• Common Haar state or unitary models feature statistically secure, information-theoretic PRSGs with built-in “stretch” (output longer than the key) or function-like adaptation without computational assumptions (Ananth et al., 8 Apr 2024, Hhan et al., 5 Nov 2024).

3. Scalability, Stretch, and Expansion

Scalability for PRSGs refers to constructions where the security parameter $\lambda$ (the adversary’s distinguishing success probability) can be chosen independently and is potentially much larger than the number of qubits $n$ output. Achieving scalable PRSGs requires new techniques: previous constructions linked $n$ and $\lambda$, making it impossible to obtain, for instance, “high-security short states.” Problem-specific cryptographic, algorithmic, or tomographic tools (such as amplitude randomization—not just phase randomization—via Gaussian sampling, or isometric procedures building “tree-structured” amplitude allocations) enable arbitrary decoupling of the dimensions as long as the oracles or pseudorandom functions used are quantum-secure (Brakerski et al., 2020, Batra et al., 30 Jul 2025).

Quantum PRSGs may exhibit “stretch” where the output dimension (number of qubits) greatly exceeds the key length, particularly in models such as the common Haar state model where a short key controls a phase operator on a high-dimensional Haar state (Ananth et al., 8 Apr 2024).

Expanding the output length in a black-box manner—analogous to “seed-recycling” in classical PRGs—is not always possible quantumly. Expansion can succeed in certain families (e.g., for binary-phase PRSGs via input-shifting and block concatenation, preserving pseudorandomness via purification techniques (Levy et al., 5 Nov 2024)), but general expansion across arbitrary PRSGs faces obstacles due to the incompatibility of quantum state structure and the no-cloning theorem: classical hybrid and stretching arguments often fail in the quantum regime (Levy et al., 5 Nov 2024, Bouaziz--Ermann et al., 6 Oct 2025).

4. Black-Box Separations, Limitations, and Oracle Worlds

The landscape of quantum pseudorandomness is more fragmented than in the classical setting, where PRGs, PRFs, and pseudorandom permutations are existentially equivalent. Quantumly, many rigorous and relativized separations have been shown:

• No black-box shrinking: It is impossible to reduce the output length of a PRSG from polynomial to logarithmic qubits (i.e., “shrink” a long PRS to a short one) in a black-box way while preserving pseudorandomness; this is proved via oracle constructions using Kretschmer’s quantum oracle, where long-PRSs exist but short-PRSs do not (Bouaziz--Ermann et al., 20 Feb 2024).
• No black-box upgrade from PRFSGs to PRUs/PRIs: Pseudorandom function-like state generators do not generically yield pseudorandom unitaries (PRUs) or isometries (PRIs) via black-box constructions with small ancilla or logarithmic stretch. Oracle separation arguments using the quantum singular value transformation (QSVT) and specially designed unitary oracles prevent lifting state-level pseudorandomness to operation-level pseudorandomness solely by plug-in composition (Gulati et al., 6 Oct 2025, Bouaziz--Ermann et al., 6 Oct 2025).
• Intrinsic limitations in length extension: Certain attempts to compose short-output PRFSGs into long-output PRSGs—by applying unitaries to tensor products of short random states—are vulnerable to product tests or swap tests and can be efficiently distinguished from Haar-random states due to lack of sufficient entanglement (Bouaziz--Ermann et al., 6 Oct 2025).
• Geometry and isoperimetric conjectures: Separations often rely on conjectured properties of the Haar measure, such as isoperimetric inequalities on the measure of intermediate “uncertain” regions between sets separated by trace distance; these are used to argue that quantum-tomography-based QPRG extraction schemes must have inverse-polynomial errors (Bouaziz--Ermann et al., 6 Oct 2025).

Thus, the existential power of PRSGs for building other primitives (or vice versa) is limited; new construction paradigms or non-black-box techniques may be required.

5. Methodologies and Core Techniques

Modern PRSGs, both classical and quantum, combine ideas from invariance principles, small-space derandomization, amplitude and phase randomization, hash-based bucketing, and learning theory:

• Classical PRSGs/PRGs for PTFs: Utilize invariance principles (Berry–Esséen, Mossel–O’Donnell), bounded independence, and monotone read-once branching programs to control low moments and minimize seed length while fooling low-degree polynomial threshold functions (0910.4122).
• Graph-theoretic and chaos-based constructions: Employ strongly connected iteration graphs to maximize mixing and satisfy chaos properties in the sense of Devaney, with statistical validation via NIST or Dieharder test suites (Bahi et al., 2011).
• Quantum PRSGs:
  • Amplitude and phase randomization: Randomized (Gaussian or Beta-distributed) branch amplitudes, phase shifting by oracles encoding pseudorandom or truly random seeds, discretization error control, and quantum rejection sampling ensure that the prepared state closely mimics Haar measure statistics (Brakerski et al., 2020, Batra et al., 30 Jul 2025).
  • Scrambling and parallel mixing: State-agnostic scramblers apply blocks of random (or pseudorandom) rotations, permutations, or SU(2) rotations in parallel (“parallel Kac’s walk”) on computational-basis pairs; this rapidly disperses any input state to an $\epsilon$-net over the state space (Lu et al., 2023).
  • Tomography-based pseudodeterministic extractions: Extraction of uniformly random classical output from logarithmic-size PRSGs using quantum tomography and concentration-of-measure principles for high-dimensional states (Ananth et al., 2023).

6. Applications and Impact

PRSGs are central to:

Application Domain	Role of PRSGs	Example Systems
Quantum Cryptography	Building quantum money, commitments, secret-key encryption, MACs with unclonable tags	(Ananth et al., 2021, Morimae et al., 7 May 2024)
Derandomization	Fooling low-space/randomized sliding window algorithms, streaming models, PACA automata	(Modanese, 2023)
Physical Simulation/Quantum Info	Simulating thermal/chaotic quantum systems, randomized benchmarking, t-design constructions	(Brakerski et al., 2020)
Parallel/Distributed Computation	Multi-stream high-quality state generation for simulation and cryptographic protocols	(Działa, 2023)
Hybrid Quantum-Classical Protocols	Classical output extraction from quantum sources for commitments, encryption, PRNGs	(Ananth et al., 2023)

Quantum PRSGs enable cryptographic protocols under assumptions strictly weaker than those needed for classical one-way functions; certain constructions are possible even in relativized worlds where one-way functions do not exist (Ananth et al., 2021, Bouaziz--Ermann et al., 20 Feb 2024, Gulati et al., 6 Oct 2025). Many cryptographic functionalities—including IND-CPA encryption and unclonable MACs—require only unpredictability rather than full pseudorandomness (Morimae et al., 7 May 2024). This suggests that quantum unpredictability is sufficient for a wide class of cryptographic primitives, and that PRSGs occupy a central, but not maximal, position in the "microcrypt zoo."

7. Open Problems and Future Directions

Notable open questions include:

• Characterizing Expansion and Shrinking: While some PRSG families (e.g., binary-phase constructions (Levy et al., 5 Nov 2024)) support black-box expansion, no general expansion or output-length boosting is known; conversely, oracle separations preclude universal shrinking from long output to short (Bouaziz--Ermann et al., 20 Feb 2024, Bouaziz--Ermann et al., 6 Oct 2025). Necessary and sufficient conditions (such as the “Generalization Condition”) for expandability are unidentified.
• Equivalence of Quantum PRF-Analogues: The formal relationship between PRSGs, PRFSGs, PRUs, and PRIs remains unresolved. Black-box separations demonstrate strict gaps under resource constraints, but the possibility of equivalence with resource relaxation or non-black-box access is open (Gulati et al., 6 Oct 2025).
• Isoperimetric and concentration conjectures: Unproven geometric measure assumptions underlie separation results; formal proof or refutation could clarify the ultimate relationships.
• Practical, cryptographically robust quantum PRSGs: While construction archetypes exist, cryptanalytic evaluation, composability analysis, and standardization are immature areas.
• Functional capacity in quantum unpredictability vs pseudorandomness: Classical equivalence breaks down quantumly. The spectrum of practical tasks achievable with mere unpredictability, but not full pseudorandomness, continues to widen (Morimae et al., 7 May 2024).

The paper and construction of PRSGs—classical and quantum—thus remain at the heart of derandomization, cryptographic foundation, quantum information protocols, and complexity-theoretic analysis. Advances in the theory and realization of PRSGs have far-reaching consequences for secure computation, algorithmic derandomization, and our understanding of randomness in the computational universe.