Saving Private Randomness in One-Way Functions and Pseudorandom Generators
نویسندگان
چکیده
Can a one-way function f on n input bits be used with fewer than n bits while retaining comparable hardness of inversion? We show that the answer to this fundamental question is negative, if one is limited black-box reductions. Instead, we ask whether one can save on secret random bits at the expense of more public random bits. Using a shorter secret input is highly desirable, not only because it saves resources, but also because it can yield tighter reductions from higher-level primitives to one-way functions. Our first main result shows that if the number of output elements of f is at most 2, then a simple construction using pairwiseindependent hash functions results in a new one-way function that uses only k secret bits. We also demonstrate that it is not the knowledge of security of f , but rather of its structure, that enables the savings: a black-box reduction cannot, for a general f , reduce the secret-input length, even given the knowledge that security of f is only 2; nor can a black-box reduction use fewer than k secret input bits when f has 2 distinct outputs. Our second main result is an application of the public-randomness approach: we show a construction of a pseudorandom generator based on any regular one-way function with output range of known size 2. The construction requires a seed of only 2n+O(k log k) bits (as opposed to O(n logn) in previous constructions); the savings come from the reusability of public randomness. The secret part of the seed is of length only k (as opposed to n in previous constructions), less than the length of the one-way function input. Boston University, Department of Computer Science, 111 Cummington St., Boston, MA 02215. http://www.cs.bu. edu/∼reyzin. IBM Research, Haifa, Israel. [email protected]. Research conducted while at the Technion, Haifa, Israel. Google, Inc., 76 9th Ave, 6th Floor, New York, NY 1001, http://cs-people.bu.edu/nenad/ Research conducted, in part, at the Institute for Pure and Applied Mathematics at UCLA, whose hospitality the authors gratefully acknowledge.
منابع مشابه
Pseudorandom Generators from One-Way Functions: A Simple Construction for Any Hardness
In a seminal paper, H̊astad, Impagliazzo, Levin, and Luby showed that pseudorandom generators exist if and only if one-way functions exist. The construction they propose to obtain a pseudorandom generator from an n-bit one-way function uses O(n) random bits in the input (which is the most important complexity measure of such a construction). In this work we study how much this can be reduced if ...
متن کاملEfficient Pseudorandom Generators from Exponentially Hard One-Way Functions
In their seminal paper [HILL99], H̊astad, Impagliazzo, Levin and Luby show that a pseudorandom generator can be constructed from any one-way function. This plausibility result is one of the most fundamental theorems in cryptography and helps shape our understanding of hardness and randomness in the field. Unfortunately, the reduction of [HILL99] is not nearly as efficient nor as security preserv...
متن کاملPrivate Key Encryption Instructor : Rafael Pass Scribe : Ashwin Machanavajjhala
Till this point in the course we have learnt how to define secrecy and how to construct tools like one way functions, pseudorandom generators and pseudorandom functions. We will now use the concepts we learnt to construct a secure encryption scheme. In this class we propose a few intuitive definitions for the security of an encryption scheme, show their equivalence and then show a simple constr...
متن کاملOn the Power of the Randomized Iterate
We consider two of the most fundamental theorems in Cryptography. The first, due to H̊astad et al. [HILL99], is that pseudorandom generators can be constructed from any one-way function. The second due to Yao [Yao82] states that the existence of weak one-way functions (i.e. functions on which every efficient algorithm fails to invert with some noticeable probability) implies the existence of ful...
متن کاملOn the Design of LIL Tests for (Pseudo) Random Generators and Some Experimental Results
Random numbers have been one of the most useful objects in statistics, computer science, cryptography, modeling, simulation, and other applications though it is very difficult to construct true randomness. Many solutions (e.g., cryptographic pseudorandom generators) have been proposed to harness or simulate randomness and many statistical testing techniques have been proposed to determine wheth...
متن کامل