On e-Biased Generators in NC0

Cryan and Miltersen [7] recently considered the question of whether there can be a pseudorandom generator in NC0, that is, a pseudorandom generator that maps n bits strings to m bits strings and such that every bit of the output depends on a constant number k of bits of the seed.They show that for k = 3, if m ? 4n + 1, there is a distinguisher; in fact, they show that in this case it is possible to break the generator with a linear test, that is, there is a subset of bits of the output whose XOR has a noticeable bias.They leave the question open for k ? 4. In fact they ask whether every NC0 generator can be broken by a statistical test that simply XORs some bits of the input. Equivalently, is it the case that no NC0 generator can sample an ?-biased space with negligible ??We give a generator for k = 5 that maps n bits into cn bits, so that every bit of the output depends on 5 bits of the seed, and the XOR of every subset of the bits of the output has bias 2^{ - \Omega ({n \mathord{\left/ {\vphantom {n {c^4 )}}} \right. \kern-\nulldelimiterspace} {c^4 )}}} . For large values of k, we construct generators that map n bits to n^{\Omega (\sqrt {k)} } bits and such that every XOR of outputs has bias 2^{ - n^{\frac{1}{{2\sqrt k }}} }.We also present a polynomial-time distinguisher for k = 4,m ? 24n having constant distinguishing probability. For large values of k we show that a linear distinguisher with a constant distinguishing probability exists once m \geqslant \Omega (2^k n^{\left\lceil {{k \mathord{\left/{\vphantom {k 2}} \right.\kern-\nulldelimiterspace} 2}} \right\rceil } ).Finally, we consider a variant of the problem where each of the output bits is a degree k polynomial in the inputs. We show there exists a degree k = 2 pseudo random generator for which the XOR of every subset of the outputs has bias 2^{ - \Omega (n)} and which map n bits to \Omega (n^2 ) bits.

[1]  Moni Naor,et al.  Small-Bias Probability Spaces: Efficient Constructions and Applications , 1993, SIAM J. Comput..

[2]  David P. Williamson,et al.  Improved approximation algorithms for maximum cut and satisfiability problems using semidefinite programming , 1995, JACM.

[3]  Richard Zippel,et al.  Probabilistic algorithms for sparse polynomials , 1979, EUROSAM.

[4]  Ron M. Roth,et al.  Author's Reply to Comments on 'Maximum-rank array codes and their application to crisscross error correction' , 1991, IEEE Trans. Inf. Theory.

[5]  Roy Meshulam,et al.  Spaces of Hankel matrices over finite fields , 1995 .

[6]  Noga Alon,et al.  Explicit unique-neighbor expanders , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[7]  Thomas Johansson,et al.  Improved Fast Correlation Attacks on Stream Ciphers via Convolutional Codes , 1999, EUROCRYPT.

[8]  Kenji Obata,et al.  A lower bound for testing 3-colorability in bounded-degree graphs , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[9]  Peter Bro Miltersen,et al.  On Pseudorandom Generators in NC , 2001, MFCS.

[10]  Elchanan Mossel,et al.  On ε‐biased generators in NC0 , 2006, Random Struct. Algorithms.

[11]  Noam Nisan,et al.  Constant depth circuits, Fourier transform, and learnability , 1993, JACM.

[12]  Michael E. Saks,et al.  On the complexity of unsatisfiability proofs for random k-CNF formulas , 1998, STOC '98.

[13]  Ryan O'Donnell,et al.  Learning juntas , 2003, STOC '03.

[14]  Noga Alon,et al.  Simple Construction of Almost k-wise Independent Random Variables , 1992, Random Struct. Algorithms.

[15]  Oded Goldreich,et al.  Three XOR-Lemmas - An Exposition , 1995, Electron. Colloquium Comput. Complex..

[16]  Eli Ben-Sasson,et al.  Short proofs are narrow—resolution made simple , 2001, JACM.

[17]  Oded Goldreich,et al.  Candidate One-Way Functions Based on Expander Graphs , 2011, Studies in Complexity and Cryptography.

[18]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[19]  Avi Wigderson,et al.  Extractors: optimal up to constant factors , 2003, STOC '03.

[20]  Michael Kharitonov,et al.  Cryptographic hardness of distribution-specific learning , 1993, STOC.

[21]  Johan Håstad,et al.  Some optimal inapproximability results , 1997, STOC '97.

[22]  Moni Naor,et al.  Efficient cryptographic schemes provably as secure as subset sum , 2004, Journal of Cryptology.

[23]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[24]  Jacob T. Schwartz,et al.  Fast Probabilistic Algorithms for Verification of Polynomial Identities , 1980, J. ACM.

[25]  J. Hirschfeld Projective Geometries Over Finite Fields , 1980 .

[26]  Michael Luby,et al.  How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract) , 1986, CRYPTO.