How to construct random functions

A constructive theory of randomness for functions, based on computational complexity, is developed, and a pseudorandom function generator is presented. This generator is a deterministic polynomial-time algorithm that transforms pairs (<italic>g</italic>, <italic>r</italic>), where <italic>g</italic> is <italic>any</italic> one-way function and <italic>r</italic> is a random <italic>k</italic>-bit string, to polynomial-time computable functions ƒ<italic><subscrpt>r</subscrpt></italic>: {1, … , 2<italic><supscrpt>k</supscrpt></italic>} → {1, … , 2<italic><supscrpt>k</supscrpt></italic>}. These ƒ<italic><subscrpt>r</subscrpt></italic>'s cannot be distinguished from <italic>random</italic> functions by any probabilistic polynomial-time algorithm that asks and receives the value of a function at arguments of its choice. The result has applications in cryptography, random constructions, and complexity theory.

[1]  Oded Goldreich,et al.  RSA and Rabin Functions: Certain Parts are as Hard as the Whole , 1988, SIAM J. Comput..

[2]  Ronald L. Rivest,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen Message Attack*: Extended Abstract , 1987 .

[3]  Michael Luby,et al.  Pseudo-random permutation generators and cryptographic composition , 1986, STOC '86.

[4]  Manuel Blum,et al.  A Simple Unpredictable Pseudo-Random Number Generator , 1986, SIAM J. Comput..

[5]  David Chaum,et al.  Advances in Cryptology: Proceedings Of Crypto 83 , 2012 .

[6]  Adi Shamir,et al.  The cryptographic security of truncated linearly related variables , 1985, STOC '85.

[7]  Leonid A. Levin,et al.  One-way functions and pseudorandom generators , 1985, STOC '85.

[8]  Silvio Micali,et al.  A Fair Protocol for Signing Contracts (Extended Abstract) , 1985, ICALP.

[9]  Alan M. Frieze,et al.  Linear Congruential Generators Do Not Produce Random Sequences , 1984, FOCS.

[10]  Silvio Micali,et al.  A "Paradoxical" Solution to the Signature Problem (Extended Abstract) , 1984, FOCS.

[11]  Vijay V. Vazirani,et al.  Efficient and Secure Pseudo-Random Number Generation (Extended Abstract) , 1984, FOCS.

[12]  Vijay V. Vazirani,et al.  Efficient and Secure Pseudo-Random Number Generation , 1984, CRYPTO.

[13]  Silvio Micali,et al.  On the Cryptographic Applications of Random Functions , 1984, CRYPTO.

[14]  Leonid A. Levin,et al.  Randomness Conservation Inequalities; Information and Independence in Mathematical Theories , 1984, Inf. Control..

[15]  Shafrira Goldwasser Probabilistic encryption: theory and applications (partial information, factoring, pseudo random bit generation) , 1984 .

[16]  Umesh Vazirani,et al.  RSA bits are .732 + ε secure , 1984 .

[17]  Adi Shamir,et al.  On the cryptographic security of single RSA bits , 1983, STOC '83.

[18]  Michael Sipser,et al.  A complexity theoretic approach to randomness , 1983, STOC.

[19]  Avi Wigderson,et al.  How discreet is the discrete log? , 1983, STOC.

[20]  Juris Hartmanis,et al.  Generalized Kolmogorov complexity and the structure of feasible computations , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[21]  Robert E. Wilber Randomness and the density of hard problems , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[22]  Adi Shamir,et al.  On the generation of cryptographically strong pseudorandom sequences , 1981, TOCS.

[23]  Andrew Chi-Chih Yao,et al.  Theory and application of trapdoor functions , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[24]  Manuel Blum,et al.  How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[25]  Joan B. Plumstead Inferring a sequence generated by a linear congruence , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[26]  Silvio Micali,et al.  Why and how to establish a private code on a public network , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[27]  J. Boyar Inferring a Sequence Generated by a Linear Congruence , 1982, FOCS.

[28]  Gilles Brassard,et al.  On Computationally Secure Authentication Tags Requiring Short Secret Shared Keys , 1982, CRYPTO.

[29]  John Gill,et al.  Relative to a Random Oracle A, PA != NPA != co-NPA with Probability 1 , 1981, SIAM J. Comput..

[30]  M. Rabin DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION , 1979 .

[31]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[32]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[33]  L. Levin,et al.  THE COMPLEXITY OF FINITE OBJECTS AND THE DEVELOPMENT OF THE CONCEPTS OF INFORMATION AND RANDOMNESS BY MEANS OF THE THEORY OF ALGORITHMS , 1970 .

[34]  Donald Ervin Knuth,et al.  The Art of Computer Programming, Volume II: Seminumerical Algorithms , 1970 .

[35]  Donald Ervin Knuth,et al.  The Art of Computer Programming , 1968 .

[36]  Per Martin-Löf,et al.  The Definition of Random Sequences , 1966, Inf. Control..

[37]  Gregory J. Chaitin,et al.  On the Length of Programs for Computing Finite Binary Sequences , 1966, JACM.

[38]  Ray J. Solomonoff,et al.  A Formal Theory of Inductive Inference. Part II , 1964, Inf. Control..

[39]  Ray J. Solomonoff,et al.  A Formal Theory of Inductive Inference. Part I , 1964, Inf. Control..