In the study of cryptography in NC, it was previously known that Goldreich’s candidate pseudorandom generator (PRG) is insecure when instantiated with a predicate P in 4 or fewer variables, if one wants to achieve polynomial stretch (that is, stretching n bits to n bits for some constant > 0). The current standard candidate predicate for this setting is the “tri-sumand” predicate TSA(x) = XOR3⊕AND2(x) = x1⊕x2⊕x3⊕x4x5, yielding a candidate PRG of locality 5. Moreover, Goldreich’s PRG, when instantiated with TSA as the predicate, is known to be secure against several families of attacks, including F2-linear attacks and attacks using SDP hierarchies such as the Lasserre/Parrilo sum-of-squares hierarchy. However, it was previously unknown if TSA is an “optimal” predicate according to other complexity measures: in particular, decision tree (DT-)complexity (i.e., the smallest depth of a binary decision tree computing P ) and Q-degree (i.e., the degree of P as a polynomial over Q), which are important measures of complexity in cryptographic applications such as the construction of an indistinguishability obfuscation scheme. In this work, we ask: Can Goldreich’s PRG be instantiated with a predicate with DT-complexity or Q-degree less than 5? We show that this is indeed possible: we give a candidate predicate for Goldreich’s PRG with DT-complexity 4 and Q-degree 3; in particular, this candidate PRG therefore has the property that every output bit is a degree 3 polynomial in its input. Moreover, Goldreich’s PRG instantiated with our predicate has security properties similar to what is known for TSA, namely security against F2-linear attacks and security against attacks from SDP hierarchies such as the Lasserre/Parrilo sum-of-squares hierarchy. We also show that all predicates with either DT-complexity less than 4 or Q-degree less than 3 yield insecure PRGs, so our candidate predicate simultaneously achieves the best possible locality, DT-complexity, Q-degree, and F2-degree according to all known attacks. ∗E-mail: alexjl@mit.edu. Supported by an Akamai Presidential Fellowship. †E-mail: vinodv@mit.edu. Research supported in part by NSF Grants CNS-1350619 and CNS-1414119, Alfred P. Sloan Research Fellowship, Microsoft Faculty Fellowship, the NEC Corporation, a Steven and Renee Finn Career Development Chair from MIT. This work was also sponsored in part by the Defense Advanced Research Projects Agency (DARPA) and the U.S. Army Research Office under contracts W911NF-15-C-0226.
[1]
Ryan O'Donnell,et al.
Sum of squares lower bounds for refuting any CSP
,
2017,
STOC.
[2]
Benny Applebaum.
Cryptographic Hardness of Random Local Functions
,
2015,
computational complexity.
[3]
Andris Ambainis.
Polynomial degree vs. quantum query complexity
,
2006,
J. Comput. Syst. Sci..
[4]
Vinod Vaikuntanathan,et al.
Indistinguishability Obfuscation from DDH-Like Assumptions on Constant-Degree Graded Encodings
,
2016,
2016 IEEE 57th Annual Symposium on Foundations of Computer Science (FOCS).
[5]
Amit Sahai,et al.
Projective Arithmetic Functional Encryption and Indistinguishability Obfuscation from Degree-5 Multilinear Maps
,
2017,
EUROCRYPT.
[6]
Moni Naor,et al.
Small-Bias Probability Spaces: Efficient Constructions and Applications
,
1993,
SIAM J. Comput..
[7]
Shachar Lovett,et al.
Algebraic Attacks against Random Local Functions and Their Countermeasures
,
2015,
SIAM J. Comput..
[8]
Elchanan Mossel,et al.
On ε‐biased generators in NC0
,
2006,
Random Struct. Algorithms.
[9]
Amir Shpilka,et al.
On ε-Biased Generators in NC
,
2003
.
[10]
Huijia Lin,et al.
Indistinguishability Obfuscation from SXDH on 5-Linear Maps and Locality-5 PRGs
,
2017,
CRYPTO.
[11]
David Witmer,et al.
Goldreich's PRG: Evidence for Near-Optimal Polynomial Stretch
,
2014,
2014 IEEE 29th Conference on Computational Complexity (CCC).
[12]
Youming Qiao,et al.
On the security of Goldreich’s one-way function
,
2011,
computational complexity.
[13]
Yuval Ishai,et al.
Cryptography in NC0
,
2004,
SIAM J. Comput..
[14]
Huijia Lin,et al.
Indistinguishability Obfuscation from Constant-Degree Graded Encoding Schemes
,
2016,
EUROCRYPT.
[15]
Oded Goldreich,et al.
Candidate One-Way Functions Based on Expander Graphs
,
2011,
Studies in Complexity and Cryptography.
[16]
Noam Nisan,et al.
On the degree of boolean functions as real polynomials
,
1992,
STOC '92.
[17]
Benny Applebaum,et al.
A Dichotomy for Local Small-Bias Generators
,
2012,
TCC.
[18]
Rafail Ostrovsky,et al.
Cryptography with constant computational overhead
,
2008,
STOC.