The Complexity of Computing Hard Core Predicates

We prove that a general family of hard core predicates requires circuits of depth (l-0(1))log n/log log n or super-polynomial size to be realized. This lower bound is essentially tight. For constant depth circuits, an exponential lower bound on the size is obtained. Assuming the existence of one-way functions, we explicitly construct a one-way function f(x) such that for any circuit c from a family of circuits as above, c(x) is almost always predictable from f(x).

[1]  M. Näslund All Bits in ax + b mod p are Hard , 1996, CRYPTO 1996.

[2]  Michael Sipser,et al.  Parity, circuits, and the polynomial-time hierarchy , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[3]  Leonid A. Levin,et al.  A hard-core predicate for all one-way functions , 1989, STOC '89.

[4]  P. Beame A switching lemma primer , 1994 .

[5]  Noam Nisan,et al.  The computational complexity of universal hashing , 1990, Proceedings Fifth Annual Structure in Complexity Theory Conference.

[6]  Oded Goldreich,et al.  RSA and Rabin Functions: Certain Parts are as Hard as the Whole , 1988, SIAM J. Comput..

[7]  Manuel Blum,et al.  How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[8]  Noam Nisan,et al.  Constant depth circuits, Fourier transform, and learnability , 1989, 30th Annual Symposium on Foundations of Computer Science.

[9]  Noam Nisan,et al.  Constant depth circuits, Fourier transform, and learnability , 1993, JACM.

[10]  Andrew Chi-Chih Yao,et al.  Theory and Applications of Trapdoor Functions (Extended Abstract) , 1982, FOCS.

[11]  N. Åslund Universal Hash Functions & Hard Core Bits , 1995 .

[12]  J. Håstad Computational limitations of small-depth circuits , 1987 .

[13]  Adi Shamir,et al.  The Discrete Logarithm Modulo a Composite Hides O(n) Bits , 1993, J. Comput. Syst. Sci..

[14]  Mats Näslund Universal Hash Functions & Hard Core Bits , 1995, EUROCRYPT.

[15]  A. Yao Separating the polynomial-time hierarchy by oracles , 1985 .