Permutation Superposition Oracles for Quantum Query Lower Bounds

We propose a generalization of Zhandry’s compressed oracle method to random permutations, where an algorithm can query both the permutation and its inverse. We show how to use the resulting oracle simulation to bound the success probability of an algorithm for any predicate on input-output pairs, a key feature of Zhandry’s technique that had hitherto resisted attempts at generalization to random permutations. One key technical ingredient is to use the strictly monotone factorization of a permutation, which also underlies the well-known Fisher-Yates shuffle, to represent it in the oracle’s database. As an application of our framework, we show that the one-round sponge construction is unconditionally preimage resistant in the random permutation model, for all parameter choices. This proves a conjecture by Unruh.