This paper investigates the existence boundaries of quantum cryptographic primitives—including quantum copy-protection with classical communication (QCCC) commitments, multiparty quantum key exchange, quantum lightning, and two-round quantum key distribution—under complexity-class equality assumptions. Method: Employing quantum oracle constructions, relativized analysis, and reduction techniques, the authors systematically analyze necessary and sufficient conditions for these primitives’ existence. Contribution/Results: They show that such primitives can persist when BQP = QCMA but necessarily collapse if BQP = PP; BQP = QMA is not required. To formalize this, they introduce “CountCrypt”—the class of quantum primitives robust precisely between QCMA and PP—and identify “one-way puzzles” as its minimal foundational primitive: strictly weaker than pseudorandom state generators (PRSGs), strictly stronger than exponentially hard-to-forge injective functions (EFI), reducible from all aforementioned primitives, and impossible under BQP = PP. This work tightens the lower bound on the computational assumptions needed for quantum cryptography from QMA down to QCMA and establishes one-way puzzles as a critical intermediate primitive bridging complexity-theoretic assumptions and cryptographic realizations.

We construct a quantum oracle relative to which BQP = QCMA but quantum-computation-classical-communication (QCCC) key exchange, QCCC commitments, and two-round quantum key distribution exist. We also construct an oracle relative to which BQP = QMA, but quantum lightning (a stronger variant of quantum money) exists. This extends previous work by Kretschmer [Kretschmer, TQC22], which showed that there is a quantum oracle relative to which BQP = QMA but pseudorandom state generators (a quantum variant of pseudorandom generators) exist. We also show that QCCC key exchange, QCCC commitments, and two-round quantum key distribution can all be used to build one-way puzzles. One-way puzzles are a version of"quantum samplable"one-wayness and are an intermediate primitive between pseudorandom state generators and EFI pairs, the minimal quantum primitive. In particular, one-way puzzles cannot exist if BQP = PP. Our results together imply that aside from pseudorandom state generators, there is a large class of quantum cryptographic primitives which can exist even if BQP = QCMA, but are broken if BQP = PP. Furthermore, one-way puzzles are a minimal primitive for this class. We denote this class"CountCrypt".