A Dichotomy for Local Small-Bias Generators

We consider pseudorandom generators in which each output bit depends on a constant number of input bits. Such generators have appealingly simple structure: They can be described by a sparse input–output dependency graph $$G$$G and a small predicate $$P$$P that is applied at each output. Following the works of Cryan and Miltersen (MFCS’01) and by Mossel et al (STOC’03), we ask: which graphs and predicates yield “small-bias” generators (that fool linear distinguishers)? We identify an explicit class of degenerate predicates and prove the following. For most graphs, all non-degenerate predicates yield small-bias generators, $$f:\{0,1\}^n \rightarrow \{0,1\}^m$$f:{0,1}n→{0,1}m, with output length $$m = n^{1 + \epsilon }$$m=n1+ϵ for some constant $$\epsilon > 0$$ϵ>0. Conversely, we show that for most graphs, degenerate predicates are not secure against linear distinguishers, even when the output length is linear $$m=n+\Omega (n)$$m=n+Ω(n). Taken together, these results expose a dichotomy: Every predicate is either very hard or very easy, in the sense that it either yields a small-bias generator for almost all graphs or fails to do so for almost all graphs. As a secondary contribution, we attempt to support the view that small-bias is a good measure of pseudorandomness for local functions with large stretch. We do so by demonstrating that resilience to linear distinguishers implies resilience to a larger class of attacks.

[1]  Luca Trevisan,et al.  Goldreich's One-Way Function Candidate and Myopic Backtracking Algorithms , 2009, TCC.

[2]  Mark Braverman Poly-logarithmic Independence Fools AC0 Circuits , 2009, Computational Complexity Conference.

[3]  Peter Bro Miltersen,et al.  On Pseudorandom Generators in NC , 2001, MFCS.

[4]  Kumar Panjwani An Experimental Evaluation of Goldreich ' s One-Way FunctionSaurabh , 2001 .

[5]  Sanjeev Arora,et al.  New Algorithms for Learning in Presence of Errors , 2011, ICALP.

[6]  Elchanan Mossel,et al.  On ε‐biased generators in NC0 , 2006, Random Struct. Algorithms.

[7]  Dmitry Itsykson Lower Bound on Average-Case Complexity of Inversion of Goldreich’s Function by Drunken Backtracking Algorithms , 2013, Theory of Computing Systems.

[8]  Oded Goldreich,et al.  Candidate One-Way Functions Based on Expander Graphs , 2000, Studies in Complexity and Cryptography.

[9]  Yuval Ishai,et al.  On Pseudorandom Generators with Linear Stretch in NC0 , 2006, computational complexity.

[10]  Peter Bro Miltersen,et al.  On pseudorandom generators in NC 0 ⋆ , 2001 .

[11]  ApplebaumBenny,et al.  Cryptography in $NC^0$ , 2006 .

[12]  Yuval Ishai,et al.  Cryptography with Constant Input Locality , 2007, Journal of Cryptology.

[13]  Noam Nisan,et al.  Pseudorandomness for network algorithms , 1994, STOC '94.

[14]  Rafail Ostrovsky,et al.  Cryptography with constant computational overhead , 2008, STOC.

[15]  Avi Wigderson,et al.  Public-key cryptography from different assumptions , 2010, STOC '10.

[16]  Luca Trevisan,et al.  On e-Biased Generators in NC0 , 2003, FOCS.

[17]  Michael Alekhnovich More on Average Case vs Approximation Complexity , 2011, computational complexity.

[18]  Elchanan Mossel,et al.  On /spl epsiv/-biased generators in NC/sup 0/ , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[19]  Oded Goldreich,et al.  Three XOR-Lemmas - An Exposition , 1995, Electron. Colloquium Comput. Complex..

[20]  Luca Trevisan,et al.  On epsilon-Biased Generators in NC0 , 2003, Electron. Colloquium Comput. Complex..

[21]  Mark Braverman,et al.  Poly-logarithmic Independence Fools AC^0 Circuits , 2009, 2009 24th Annual IEEE Conference on Computational Complexity.

[22]  Youming Qiao,et al.  On the security of Goldreich’s one-way function , 2011, computational complexity.

[23]  Rocco A. Servedio,et al.  Bounded Independence Fools Halfspaces , 2009, 2009 50th Annual IEEE Symposium on Foundations of Computer Science.

[24]  Alon Rosen,et al.  Input Locality and Hardness Amplification , 2011, Journal of Cryptology.

[25]  Rachel Miller,et al.  Goldreich ’ s One-Way Function Candidate and Drunken Backtracking Algorithms , 2010 .

[26]  Eli Ben-Sasson,et al.  Short proofs are narrow—resolution made simple , 2001, JACM.

[27]  Emanuele Viola,et al.  Pseudorandom Bits for Polynomials , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[28]  Seyed Omid Etesami Pseudorandomness against Depth-2 Circuits and Analysis of Goldreich's Candidate One-Way Function , 2010 .

[29]  Benny Applebaum,et al.  Pseudorandom generators with long stretch and low locality from random local one-way functions , 2012, STOC '12.

[30]  Thomas Siegenthaler,et al.  Correlation-immunity of nonlinear combining functions for cryptographic applications , 1984, IEEE Trans. Inf. Theory.

[31]  Periklis A. Papakonstantinou,et al.  Pseudorandomness for Read-Once Formulas , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.

[32]  Daniel M. Kane,et al.  Bounded Independence Fools Degree-2 Threshold Functions , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[33]  David P. Williamson,et al.  Improved approximation algorithms for maximum cut and satisfiability problems using semidefinite programming , 1995, JACM.

[34]  Yuval Ishai,et al.  Cryptography in NC0 , 2004, FOCS.

[35]  Rocco A. Servedio,et al.  Bounded Independence Fools Halfspaces , 2009, 2009 50th Annual IEEE Symposium on Foundations of Computer Science.

[36]  Amir Shpilka,et al.  On ε-Biased Generators in NC , 2003 .

[37]  Michael Alekhnovich,et al.  Pseudorandom Generators in Propositional Proof Complexity , 2004, SIAM J. Comput..

[38]  Moni Naor,et al.  Small-bias probability spaces: efficient constructions and applications , 1990, STOC '90.

[39]  Michael Alekhnovich,et al.  Exponential Lower Bounds for the Running Time of DPLL Algorithms on Satisfiable Formulas , 2004, SODA '04.