I was thinking about the following question but did not make any progress:
Is there a function $f(x,y)$ such that given $f(x,y)$, it is possible to uniquely determine $y$ but not $x$?
Instead of unique, what if we had
Is there a function $f(x,y)$ such that given $f(x,y)$, it is easy to determine $y$ but not $x$?
where easy means there is a known polynomial time algorithm. The domain and range of this function can be anything, but most likely a possible example uses integers.
Let $n=pq,$ where $p$ is a large prime of sufficient size, say 1000 bits in size, so that the discrete logarithm problem modulo $p$ is hard. Let $q$ be much smaller, say $q$ is 100 bits in size and be made public, together with a generator $g$ of the group $Z^{\ast}_p.$
Let $X=\{0,1,\ldots,q-1\}$ be the domain of $x$ and let $Z^{\ast}_p$ be the domain of $Y.$ Let $f(x,y)=x+qg^{y}.$
Given $f(x,y)$ reduction modulo $q$ yields $x.$ But $z=(f(x,y)-x)/q$ gives $z=g^y$ and it is difficult to compute $\log_g(z)$ in $Z^{\ast}_p.$