This paper studies identity testing: given an explicit distribution 𝒟 and an unknown sampling distribution 𝒢, how to efficiently verify whether 𝒢 ≡ 𝒟. Classical methods require Θ(√N) samples when 𝒟’s support has size N, but degrade exponentially for distributions with exponentially large yet efficiently samplable supports—e.g., quantum distributions. Departing from the strong “adversarial against all distributions” assumption, the paper instead considers adversaries restricted to efficient sampling. It establishes, for the first time, tight cryptographic equivalences: 𝒢 is efficiently verifiable by a P^PP algorithm if and only if one-way functions exist; if no one-way puzzles exist, then all classically samplable distributions are efficiently verifiable; and it provides tight sample complexity bounds for verifying quantum-samplable distributions, revealing an intrinsic connection between verifiable quantum advantage and distributional verification.

One of the most fundamental problems in the field of hypothesis testing is the identity testing problem: whether samples from some unknown distribution $mathcal{G}$ are actually from some explicit distribution $mathcal{D}$. It is known that when the distribution $mathcal{D}$ has support $[N]$, the optimal sample complexity for the identity testing problem is roughly $O(sqrt{N})$. However, many distributions of interest, including those which can be sampled efficiently, have exponential support size, and therefore the optimal identity tester also requires exponential samples. In this paper, we bypass this lower bound by considering restricted settings. The above $O(sqrt{N})$ sample complexity identity tester is constructed so that it is not fooled by any (even inefficiently-sampled) distributions. However, in most applications, the distributions under consideration are efficiently sampleable, and therefore it is enough to consider only identity testers that are not fooled by efficiently-sampled distributions. In that case, we can focus on efficient verification with efficient identity testers. We investigate relations between efficient verifications of classical/quantum distributions and classical/quantum cryptography, and show the following results: (i) Every quantumly samplable distribution is verifiable with a $mathbf{P^{PP}}$ algorithm. (ii) If one-way functions exist, then no sufficiently random classically samplable distribution is efficiently verifiable. (iii) If one-way functions do not exist, then every classically samplable distribution is efficiently verifiable. (iv) If QEFID pairs exist, then there exists a quantumly samplable distribution which is not efficiently verifiable. (v) If one-way puzzles do not exist, then it is possible to verify sampling-based quantum advantage with a efficient quantum computer.