Saving Private Randomness in One-Way Functions and Pseudorandom Generators

Can a one-way function f on n input bits be used with fewer than n bits while retaining comparable hardness of inversion? We show that the answer to this fundamental question is negative, if one is limited black-box reductions. Instead, we ask whether one can save on secret random bits at the expense of more public random bits. Using a shorter secret input is highly desirable, not only because it saves resources, but also because it can yield tighter reductions from higher-level primitives to one-way functions. Our first main result shows that if the number of output elements of f is at most 2k, then a simple construction using pairwise-independent hash functions results in a new one-way function that uses only k secret bits. We also demonstrate that it is not the knowledge of security of f, but rather of its structure, that enables the savings: a black-box reduction cannot, for a general f, reduce the secret-input length, even given the knowledge that security of f is only 2-k; nor can a black-box reduction use fewer than k secret input bits when f has 2k distinct outputs. Our second main result is an application of the public-randomness approach: we show a construction of a pseudorandom generator based on any regular one-way function with output range of known size 2k. The construction requires a seed of only 2n + O(k log k) bits (as opposed to O(n log n) in previous constructions); the savings come from the reusability of public randomness. The secret part of the seed is of length only k (as opposed to n in previous constructions), less than the length of the one-way function input.

[1]  Amir Herzberg,et al.  Pubic Randomness in Cryptography , 1992, CRYPTO.

[2]  Oded Goldreich,et al.  Foundations of Cryptography: List of Figures , 2001 .

[3]  Leonid A. Levin,et al.  One-way functions and pseudorandom generators , 1985, STOC '85.

[4]  Larry Carter,et al.  Universal classes of hash functions (Extended Abstract) , 1977, STOC '77.

[5]  Yevgeniy Dodis,et al.  Correcting errors without leaking partial information , 2005, STOC '05.

[6]  Omer Reingold,et al.  On the Power of the Randomized Iterate , 2006, SIAM J. Comput..

[7]  Thomas Holenstein,et al.  Pseudorandom Generators from One-Way Functions: A Simple Construction for Any Hardness , 2006, TCC.

[8]  Hugo Krawczyk,et al.  On the Existence of Pseudorandom Generators , 1993, SIAM J. Comput..

[9]  Oded Goldreich,et al.  Foundations of Cryptography: Basic Tools , 2000 .

[10]  Moni Naor,et al.  Small-bias probability spaces: efficient constructions and applications , 1990, STOC '90.

[11]  Larry Carter,et al.  New Hash Functions and Their Use in Authentication and Set Equality , 1981, J. Comput. Syst. Sci..

[12]  Oded Goldreich Foundations of Cryptography: Index , 2001 .

[13]  Larry Carter,et al.  Universal Classes of Hash Functions , 1979, J. Comput. Syst. Sci..

[14]  Manuel Blum,et al.  How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[15]  Andrew Chi-Chih Yao,et al.  Theory and application of trapdoor functions , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[16]  Noam Nisan,et al.  Pseudorandomness for network algorithms , 1994, STOC '94.

[17]  Noam Nisan,et al.  Pseudorandom generators for space-bounded computation , 1992, Comb..

[18]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[19]  Leonid A. Levin,et al.  A hard-core predicate for all one-way functions , 1989, STOC '89.

[20]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[21]  Omer Reingold,et al.  Efficient Pseudorandom Generators from Exponentially Hard One-Way Functions , 2006, ICALP.

[22]  Noam Nisan,et al.  Pseudorandom generators for space-bounded computations , 1990, STOC '90.

[23]  Leonid A. Levin,et al.  Average Case Complete Problems , 1986, SIAM J. Comput..

[24]  Leonid A. Levin,et al.  Security preserving amplification of hardness , 1990, Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.

[25]  Leonid A. Levin,et al.  Randomness and Nondeterminism , 1995 .