On the Existence of Pseudorandom Generators

Pseudorandom generators (suggested and developed by Blum and Micali and Yao) are efficient deterministic programs that expand a randomly selected k -bit seed into a much longer pseudorandom bit sequence which is indistinguishable in polynomial time from an (equally long) sequence of unbiased coin tosses. Pseudorandom generators are known to exist assuming the existence of functions that cannot be efficiently inverted on the distributions induced by applying the function iteratively polynomially many times. This sufficient condition is also a necessary one, but it seems difficult to check whether particular functions, assumed to be one-way, are also one-way on their iterates. This raises the fundamental question whether the mere existence of one-way functions suffices for the construction of pseudorandom generators.In this paper we present progress towards resolving this question. We consider regular functions, in which every image of a k-bit string has the same number of preimages of length k. We show that if a regular function is one-way then pseudorandom generators do exist. In particular, assuming the intractability of general factoring, we can now prove that pseudorandom generators do exist. Other applications are the construction of pseudorandom generators based on the conjectured intractability of decoding random linear codes, and on the assumed average case difficulty of combinatorial problems as subset-sum.

[1]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[2]  Shimon Even,et al.  Graph Algorithms , 1979 .

[3]  Oded Goldreich,et al.  The Bit Security of Modular Squaring Given Partial Factorization of the Modulos , 1985, CRYPTO.

[4]  Manuel Blum,et al.  A Simple Unpredictable Pseudo-Random Number Generator , 1986, SIAM J. Comput..

[5]  M. Rabin DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION , 1979 .

[6]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[7]  Leonid A. Levin,et al.  One way functions and pseudorandom generators , 1987, Comb..

[8]  F. MacWilliams,et al.  The Theory of Error-Correcting Codes , 1977 .

[9]  Leonid A. Levin,et al.  Pseudo-random generation from one-way functions , 1989, STOC '89.

[10]  Hugo Krawczyk,et al.  On the existence of pseudorandom generators , 1988, [Proceedings 1988] 29th Annual Symposium on Foundations of Computer Science.

[11]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[12]  Oded Goldreich,et al.  RSA and Rabin Functions: Certain Parts are as Hard as the Whole , 1988, SIAM J. Comput..

[13]  Larry Carter,et al.  Universal Classes of Hash Functions , 1979, J. Comput. Syst. Sci..

[14]  Oded Goldreich,et al.  On the power of two-point based sampling , 1989, J. Complex..

[15]  Andrew Chi-Chih Yao,et al.  Theory and Applications of Trapdoor Functions (Extended Abstract) , 1982, FOCS.

[16]  Leonid A. Levin,et al.  Homogeneous measures and polynomial time invariants , 1988, [Proceedings 1988] 29th Annual Symposium on Foundations of Computer Science.

[17]  Manuel Blum,et al.  How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[18]  Michael Luby,et al.  How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract) , 1986, CRYPTO.

[19]  Andrew Chi-Chih Yao,et al.  Theory and application of trapdoor functions , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[20]  Michael Luby A Simple Parallel Algorithm for the Maximal Independent Set Problem , 1986, SIAM J. Comput..

[21]  A. Joffe On a Set of Almost Deterministic $k$-Independent Random Variables , 1974 .

[22]  Leonid A. Levin,et al.  A hard-core predicate for all one-way functions , 1989, STOC '89.

[23]  Adi Shamir,et al.  On the generation of cryptographically strong pseudorandom sequences , 1981, TOCS.