Complexity Bounds on General Hard-Core Predicates

Abstract. A Boolean function b is a hard-core predicate for a one-way function f if b is polynomial-time computable but b(x) is difficult to predict from f(x) . A general family of hard-core predicates is a family of functions containing a hard-core predicate for any one-way function. A seminal result of Goldreich and Levin asserts that the family of parity functions is a general family of hard-core predicates. We show that no general family of hard-core predicates can consist of functions with O(n1-ε) average sensitivity, for any ε > 0 . As a result, such families cannot consist of • functions in AC0 , • monotone functions, • functions computed by generalized threshold gates, or • symmetric d -threshold functions, for d = O(n1/2 - ε) and ε > 0 .

[1]  J. Håstad Computational limitations of small-depth circuits , 1987 .

[2]  Adi Shamir,et al.  The Discrete Logarithm Modulo a Composite Hides O(n) Bits , 1993, J. Comput. Syst. Sci..

[3]  Nathan Linial,et al.  The Influence of Variables on Boolean Functions (Extended Abstract) , 1988, FOCS 1988.

[4]  Manuel Blum,et al.  How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[5]  Harry Dym,et al.  Fourier series and integrals , 1972 .

[6]  Andrew Chi-Chih Yao,et al.  Theory and application of trapdoor functions , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[7]  Leonid A. Levin,et al.  Pseudo-random Generation from one-way functions (Extended Abstracts) , 1989, STOC 1989.

[8]  Oded Goldreich,et al.  RSA and Rabin Functions: Certain Parts are as Hard as the Whole , 1988, SIAM J. Comput..

[9]  Mats Näslund,et al.  The Complexity of Computing Hard Core Predicates , 1997, CRYPTO.

[10]  N. S. Barnett,et al.  Private communication , 1969 .

[11]  Dudley,et al.  Real Analysis and Probability: Measurability: Borel Isomorphism and Analytic Sets , 2002 .

[12]  Mats Niislund All Bits in ax + b mod p are Hard (Extended Abstract) , 1996 .

[13]  Manuel Blum,et al.  Coin flipping by telephone a protocol for solving impossible problems , 1983, SIGA.

[14]  Leonid A. Levin,et al.  A hard-core predicate for all one-way functions , 1989, STOC '89.

[15]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[16]  Leonid A. Levin,et al.  Pseudo-random generation from one-way functions , 1989, STOC '89.

[17]  Johan Håstad,et al.  The security of individual RSA bits , 1998, Proceedings 39th Annual Symposium on Foundations of Computer Science (Cat. No.98CB36280).

[18]  Alexander Russell,et al.  Spectral Bounds on General Hard Core Predicates , 2000, STACS.

[19]  Noam Nisan,et al.  Constant depth circuits, Fourier transform, and learnability , 1993, JACM.

[20]  Mats Näslund Universal Hash Functions & Hard Core Bits , 1995, EUROCRYPT.

[21]  Andrew V. Goldberg,et al.  Lower bounds for pseudorandom number generators , 1989, 30th Annual Symposium on Foundations of Computer Science.

[22]  Oded Goldreich,et al.  Modern Cryptography, Probabilistic Proofs and Pseudorandomness , 1998, Algorithms and Combinatorics.

[23]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[24]  Noam Nisan,et al.  The computational complexity of universal hashing , 1990, Proceedings Fifth Annual Structure in Complexity Theory Conference.

[25]  Johan Håstad,et al.  Pseudo-random generators under uniform assumptions , 1990, STOC '90.

[26]  Nathan Linial,et al.  Spectral properties of threshold functions , 1994, Comb..

[27]  Nathan Linial,et al.  The influence of variables on Boolean functions , 1988, [Proceedings 1988] 29th Annual Symposium on Foundations of Computer Science.

[28]  Andrew Chi-Chih Yao,et al.  Theory and Applications of Trapdoor Functions (Extended Abstract) , 1982, FOCS.

[29]  Michael Luby,et al.  Pseudorandomness and cryptographic applications , 1996, Princeton computer science notes.