Pseudo-Random Function Generators With Unbounded Inputs

Definition: (See Goldreich, section 3.6.4.2 .) A function generator F with unbounded inputs associates with each n bit key k ∈ {0, 1} a function Fk : {0, 1}∗ → {0, 1}. We insist that Fk(x) be computable in time polynomial in the lengths of k and x. By pseudo-random for such a generator, we mean the obvious thing: the Distinguisher adversary D is given a function f : {0, 1}∗ → {0, 1} and can query f on inputs of any length (although since the adversary runs in polynomial time, the queries must be of polynomial length). We define pD(n) as the probability that D accepts Fk for randomly chosen k ∈ {0, 1}. It is a bit trickier to define rD(n) because it doesn’t make sense to say, “choose a random function f : {0, 1}∗ → {0, 1}” since there are infinitely many such functions. So let us assume that D (for key length n) never makes queries longer than n, and let {0, 1}≤ne be the set of strings of length at most n. We can now define rD(n) as the probability that D accepts a randomly chosen f : {0, 1}≤n e → {0, 1}.