Expanding the Length of a Pseudo-Random Number Generator

Expanding the Length of a Pseudo-Random Number Generator We now want to show how a pseudo-random number generator that only does a little bit of expansion, can be used to construct a pseudo-random generator that does a lot of expansion. The idea is that we view G(s) as consisting of “stuff” that we can spit out, together with a new seed that we feed back into the generator, etc., a polynomial number of times. This construction is often used in practice to form a generator that is continually spitting out stuff (such as floating point numbers) virtually forever; for our purposes, we view “forever” as being polynomial in the security parameter n. Let G be a number generator with length function l(n), where l(n) = e(n)+n. For every natural number i and every bit string s, define G0(s) = λ =the empty string; Gi+1(s) = αGi(β) where G(s) = αβ and |α| = e(n) and |β| = n. Let t(n) be a function computable in time polynomial in n, such that is t(n) is polynomial in the value of n. Define G′(s) = Gt(|s|)(s); note that G ′ is a number generator with length function l′(n) = e(n)t(n). (We will assume l′(n) > n.) (See Construction 3.3.2 of Goldreich.)