 I'll be talking about the impossibility of key agreements from quantum random oracles. This is a joint work with Pearl Ostrich, Kaiming Chong, Hao Chong, Shen Fu, and Mohamad Mahmoudi. I'm Yao Ting Ling. In a classical world, we can do lots of things with random oracles. It is collision resistant and one way. And you will give us private key cryptography. But there is an interesting question. Can we get key agreements from random oracles? A key agreement is a two-party interactive protocol. And Alice and Bob's goal is to share a secret key against eavesdropper. They'll start with private local randomness. And they can talk to each other. And finally, they'll output their own keys. And we say, a key agreement protocol is with perfect complainance if Alice and Bob always output the same key. In the 70s, Merkel proposed the first non-trivial key agreement protocol from random oracles. So suppose Alice and Bob make the queries to a random oracle. Then every eavesdropper needs Alice d-square queries to break the key. The similar work of Impar Gliazo and Rudic answered the question. They showed that we cannot use random oracles to get key agreements. And they proved it by constructing a query-efficient attack for every key agreement protocol. Their result has the following implications to black-back separations. It says that using one-way functions will not suffice for a key agreement in a black-backed way. Later, Barack and Mahmoudi shows that Merkel's puzzle is indeed optimal. But why do we allow the parties to use quantum computation? If we allow quantum communication, then you will give us unconditional security agreements due to the BB84 protocol. But why if the communication is still classical? So we would like to ask the following question. Can quantum computation, a random oracle, and the classical communication together give us key agreements? The quantum random oracle model was proposed by Bonnet et al. Is a regular random oracle? That can be queried in superposition. And if the random oracle model is the only assumption, the attack's efficiency is measured by the number of queries. And such an attack is sufficient for obtaining black-backed separations. So here is our main question. Can we have the quantum Impar Gliazo-Rudic result? Jose Armada and Yamakawa proposed the following question in their best paper award winning work. Does there exist a key agreement where Alice and Bob can only do classical communication, but perform local quantum computation and make quantum queries to a random oracle? But every if-dropper needs a super polynomial number of queries to find a key. So here is our first result. It's a symmetric setting where Alice is classical and Bob is quantum. And we show that we can break every key agreement with perfect complainants in this setting. And the query complexity of if will be d squared. Next, we show that we can conditionally break every key agreement with perfect complainants where Alice and Bob are both quantum. We propose a parametrized structure about low-degree low-influence polynomials, which would imply a polyquery attack. And then we are able to prove the structure with exponentially small influences. This will imply that we can break every key agreement with perfect complainants between quantum Alice and quantum Bob, who both make a constant number of queries. Since our attack only makes classical queries, we want to study whether we can extend our attack into the imperfect complainant setting. But we have the following barrier result. It says that if the famous Aaron's abundance structure is false, then there exists a key agreement with imperfect complainants against classical if-dropper. So if we want to obtain separations for key agreements with imperfect complainants, then we have to either prove a structure or construct an attack that makes quantum queries. And our attack was inspired by the ideas from the compressor oracle technique by Zendry. And we extend the learning epsilon-heavy query attack by Barak and Mahmoudi to the quantum setting.