On linear-size pseudorandom generators and hardcore functions

We consider the question of constructing pseudorandom generators that simultaneously have linear circuit complexity (in the output length), exponential security (in the seed length), and a large stretch (linear or polynomial in the seed length). We refer to such a pseudorandom generator as an asymptotically optimal PRG. We present a simple construction of an asymptotically optimal PRG from any one-way function f : { 0 , 1 } n ? { 0 , 1 } n which satisfies the following requirements:1.f can be computed by linear-size circuits;2.f is 2 β n -hard to invert, for some constant β 0 ;3.f either has high entropy, in the sense that the min-entropy of f ( x ) on a random input x is at least γn where β / 3 + γ 1 , or alternatively it is regular in the sense that the preimage size of every output of f is fixed. Known constructions of PRGs from one-way functions can do without the entropy or regularity requirements, but they achieve slightly sub-exponential security (Vadhan and Zheng (2012) 27).Our construction relies on a technical result about hardcore functions that may be of independent interest. We obtain a family of hardcore functions H = { h : { 0 , 1 } n ? { 0 , 1 } α n } that can be computed by linear-size circuits for any 2 β n -hard one-way function f : { 0 , 1 } n ? { 0 , 1 } n where β 3 α . Our construction of asymptotically optimal PRGs uses such hardcore functions, which are obtained via linear-size computable affine hash functions (Ishai et al. (2008) 24).

[1]  B. Applebaum Cryptography in NC0 , 2014 .

[2]  Elchanan Mossel,et al.  On ε‐biased generators in NC0 , 2006, Random Struct. Algorithms.

[3]  Leonid A. Levin,et al.  Pseudo-random Generation from one-way functions (Extended Abstracts) , 1989, STOC 1989.

[4]  Eyal Kushilevitz,et al.  Exposure-Resilient Functions and All-or-Nothing Transforms , 2000, EUROCRYPT.

[5]  Michael Alekhnovich,et al.  Exponential Lower Bounds for the Running Time of DPLL Algorithms on Satisfiable Formulas , 2004, SODA '04.

[6]  Oded Goldreich Foundations of Cryptography: Index , 2001 .

[7]  Mats Näslund,et al.  The Complexity of Computing Hard Core Predicates , 1997, CRYPTO.

[8]  Luca Trevisan,et al.  On the One-Way Function Candidate Proposed by Goldreich , 2014, ACM Trans. Comput. Theory.

[9]  Luca Trevisan,et al.  Lower bounds on the efficiency of generic cryptographic constructions , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[10]  Omer Reingold,et al.  Efficiency improvements in constructing pseudorandom generators from one-way functions , 2010, STOC '10.

[11]  Kristoffer Arnsfelt Hansen,et al.  Tight Bounds on Computing Error-Correcting Codes by Bounded-Depth Circuits With Arbitrary Gates , 2012, IEEE Transactions on Information Theory.

[12]  Thomas Holenstein,et al.  Pseudorandom Generators from One-Way Functions: A Simple Construction for Any Hardness , 2006, TCC.

[13]  Oded Goldreich,et al.  The bit extraction problem or t-resilient functions , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[14]  Yuval Ishai,et al.  On Pseudorandom Generators with Linear Stretch in NC0 , 2006, computational complexity.

[15]  Hugo Krawczyk,et al.  On the Existence of Pseudorandom Generators , 1988, CRYPTO.

[16]  Benny Applebaum,et al.  Pseudorandom generators with long stretch and low locality from random local one-way functions , 2012, STOC '12.

[17]  N. Linial,et al.  Expander Graphs and their Applications , 2006 .

[18]  Manuel Blum,et al.  How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[19]  Andrew Chi-Chih Yao,et al.  Theory and application of trapdoor functions , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[20]  Daniel A. Spielman,et al.  Linear-time encodable and decodable error-correcting codes , 1995, STOC '95.

[21]  Oded Goldreich,et al.  Three XOR-Lemmas - An Exposition , 1995, Electron. Colloquium Comput. Complex..

[22]  Vijay V. Vazirani,et al.  Efficient and Secure Pseudo-Random Number Generation , 1984, CRYPTO.

[23]  N. Åslund Universal Hash Functions & Hard Core Bits , 1995 .

[24]  Oded Goldreich Foundations of Cryptography: Volume 1 , 2006 .

[25]  Oded Goldreich,et al.  Foundations of Cryptography: List of Figures , 2001 .

[26]  Luca Trevisan,et al.  On epsilon-Biased Generators in NC0 , 2003, Electron. Colloquium Comput. Complex..

[27]  Leonid A. Levin,et al.  Pseudo-random generation from one-way functions , 1989, STOC '89.

[28]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[29]  Salil P. Vadhan,et al.  Characterizing pseudoentropy and simplifying pseudorandom generator constructions , 2012, STOC '12.

[30]  Peter Bro Miltersen,et al.  On Pseudorandom Generators in NC , 2001, MFCS.

[31]  Youming Qiao,et al.  On the security of Goldreich’s one-way function , 2011, computational complexity.

[32]  Yuval Ishai,et al.  Cryptography in NC0 , 2004, SIAM J. Comput..

[33]  Leonid A. Levin,et al.  A hard-core predicate for all one-way functions , 1989, STOC '89.

[34]  Omer Reingold,et al.  Efficient Pseudorandom Generators from Exponentially Hard One-Way Functions , 2006, ICALP.

[35]  Michael Alekhnovich More on Average Case vs Approximation Complexity , 2011, computational complexity.

[36]  Luca Trevisan,et al.  Goldreich's One-Way Function Candidate and Myopic Backtracking Algorithms , 2009, TCC.

[37]  Omer Reingold,et al.  On the Power of the Randomized Iterate , 2006, SIAM J. Comput..

[38]  E. Kushilevitz Foundations of Cryptography Foundations of Cryptography , 2014 .

[39]  Eike Kiltz A Primitive for Proving the Security of Every Bit and About Universal Hash Functions & Hard Core Bits , 2001, FCT.

[40]  Oded Goldreich,et al.  Candidate One-Way Functions Based on Expander Graphs , 2000, Studies in Complexity and Cryptography.

[41]  Benny Applebaum,et al.  A Dichotomy for Local Small-Bias Generators , 2012, TCC.

[42]  Rafail Ostrovsky,et al.  Cryptography with constant computational overhead , 2008, STOC.

[43]  Kumar Panjwani An Experimental Evaluation of Goldreich ' s One-Way FunctionSaurabh , 2001 .

[44]  Ueli Maurer,et al.  Complete Classification of Bilinear Hard-Core Functions , 2004, CRYPTO.