Reducing The Seed Length In The Nisan-Wigderson Generator*

The Nisan–Wigderson pseudo-random generator [19] was constructed to derandomize probabilistic algorithms under the assumption that there exist explicit functions which are hard for small circuits. We give the first explicit construction of a pseudo-random generator with asymptotically optimal seed length even when given a function which is hard for relatively small circuits. Generators with optimal seed length were previously known only assuming hardness for exponential size circuits [13,26].We also give the first explicit construction of an extractor which uses asymptotically optimal seed length for random sources of arbitrary min-entropy. Our construction is the first to use the optimal seed length for sub-polynomial entropy levels. It builds on the fundamental connection between extractors and pseudo-random generators discovered by Trevisan [29], combined with the construction above.The key is a new analysis of the NW-generator [19]. We show that it fails to be pseudorandom only if a much harder function can be efficiently constructed from the given hard function. By repeatedly using this idea we get a new recursive generator, which may be viewed as a reduction from the general case of arbitrary hardness to the solved case of exponential hardness.

[1]  Manuel Blum,et al.  How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[2]  Avi Wigderson,et al.  Extractors: optimal up to constant factors , 2003, STOC '03.

[3]  Amnon Ta-Shma,et al.  Loss-less condensers, unbalanced expanders, and extractors , 2001, STOC '01.

[4]  Luca Trevisan,et al.  Pseudorandom generators without the XOR Lemma , 1999, Electron. Colloquium Comput. Complex..

[5]  Russell Impagliazzo,et al.  Hard-core distributions for somewhat hard problems , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[6]  Christopher Umans,et al.  Simple extractors for all min-entropies and a new pseudorandom generator , 2005, JACM.

[7]  Manuel Blum Independent unbiased coin flips from a correlated biased source—A finite state markov chain , 1986, Comb..

[8]  Noam Nisan,et al.  Extracting randomness: how and why. A survey , 1996, Proceedings of Computational Complexity (Formerly Structure in Complexity Theory).

[9]  Andrew C. Lee,et al.  Review of Modern cryptography, probabilistic proofs and pseudorandomness algorithms and combinatorics, vol 17 by Oded Goldreich. Springer Verlag, 1999. , 2003, SIGA.

[10]  José D. P. Rolim,et al.  Hitting Sets Derandomize BPP , 1996, ICALP.

[11]  Manuel Blum,et al.  Independent unbiased coin flips from a correlated biased source—A finite state markov chain , 1984, Comb..

[12]  José D. P. Rolim,et al.  Weak random sources, hitting sets, and BPP simulations , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[13]  Luca Trevisan,et al.  Extractors and pseudorandom generators , 2001, JACM.

[14]  Noam Nisan,et al.  Extracting Randomness: A Survey and New Constructions , 1999, J. Comput. Syst. Sci..

[15]  Miklos Santha,et al.  Generating Quasi-random Sequences from Semi-random Sources , 1986, J. Comput. Syst. Sci..

[16]  Avi Wigderson,et al.  Near-optimal conversion of hardness into pseudo-randomness , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[17]  Noam Nisan,et al.  Randomness is Linear in Space , 1996, J. Comput. Syst. Sci..

[18]  David Zuckerman Randomness-optimal oblivious sampling , 1997, Random Struct. Algorithms.

[19]  Avi Wigderson,et al.  Randomness vs Time: Derandomization under a Uniform Assumption , 2001, J. Comput. Syst. Sci..

[20]  Avi Wigderson,et al.  Extracting randomness via repeated condensing , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[21]  Oded Goldreich,et al.  On the power of two-point based sampling , 1989, J. Complex..

[22]  Andrew Chi-Chih Yao,et al.  Theory and Applications of Trapdoor Functions (Extended Abstract) , 1982, FOCS.

[23]  Ran Raz,et al.  Extracting all the randomness and reducing the error in Trevisan's extractors , 1999, STOC '99.

[24]  Christopher Umans,et al.  Simple extractors for all min-entropies and a new pseudo-random generator , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[25]  Jaikumar Radhakrishnan,et al.  Bounds for Dispersers, Extractors, and Depth-Two Superconcentrators , 2000, SIAM J. Discret. Math..

[26]  Avi Wigderson,et al.  Expanders That Beat the Eigenvalue Bound: Explicit Construction and Applications , 1993, Comb..

[27]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[28]  Noam Nisan,et al.  BPP has subexponential time simulations unlessEXPTIME has publishable proofs , 1991, [1991] Proceedings of the Sixth Annual Structure in Complexity Theory Conference.

[29]  Christopher Umans Pseudo-random generators for all hardnesses , 2002, STOC '02.

[30]  Jin-Yi Cai,et al.  Hardness and hierarchy theorems for probabilistic quasi-polynomial time , 1999, STOC '99.

[31]  Noam Nisan,et al.  Hardness vs Randomness , 1994, J. Comput. Syst. Sci..

[32]  Avi Wigderson,et al.  Extractors and pseudo-random generators with optimal seed length , 2000, STOC '00.

[33]  Dieter van Melkebeek,et al.  Graph nonisomorphism has subexponential size proofs unless the polynomial-time hierarchy collapses , 1999, STOC '99.

[34]  Avi Wigderson,et al.  P = BPP if E requires exponential circuits: derandomizing the XOR lemma , 1997, STOC '97.

[35]  Ronen Shaltiel,et al.  Recent Developments in Explicit Constructions of Extractors , 2002, Bull. EATCS.

[36]  Ran Raz,et al.  Error reduction for extractors , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[37]  Oded Goldreich,et al.  Modern Cryptography, Probabilistic Proofs and Pseudorandomness , 1998, Algorithms and Combinatorics.