Lecture Notes on Pseudorandomness { Part I

A fresh view at the question of randomness was taken in the theory of computing: It has been postulated that a distribution is pseudorandom if it cannot be told apart from the uniform distribution by any e cient procedure. This paradigm, originally associating e cient procedures with polynomial-time algorithms, has been applied also with respect to a variety of other classes of distinguishing procedures. We focus on pseudorandom generators; that is, deterministic programs that stretch short (random) seeds into much longer pseudorandom sequences. The current lecture series focuses on the case where the pseudorandom generator runs in polynomial-time and withstands any polynomial-time distinguisher. In particular, the distinguisher may be more complex (i.e., have a higher polynomial running time) than the generator. This framework is natural in the context of designing general-purpose pseudorandom generators that can be used in any e cient (i.e., polynomial-time) application. Furthermore, this framework is almost mandatory in cryptographic applications, where the adversary is typically willing to invest more e ort than the legitimate users. A companion lecture series (i.e., \Pseudorandomness { Part 2" by Luca Trevisan) focuses on the case where the pseudorandom generator runs in exponential-time (w.r.t the seed length) and withstands distinguisher of running time bounded by a speci c polynomial (in the length of the generator's output). In particular, the generator may be more complex than the distinguisher. As explained in the companion lecture series, this framework is natural in the context of derandomization (i.e., converting randomized algorithms to deterministic ones).