Abstract
A simple construction for a pseudorandom bit generator is presented. It stretches a short string of truly random bits into a long string that looks random to any algorithm from a complexity class C (e.g., P, NC, PSPACE, etc.), using an arbitrary function that is hard for C. This generator reveals an equivalence between the problems of proving lower bounds and the problem of generating good pseudorandom sequences. Combining this construction with other arguments, a number of consequences are obtained.
Original language | English |
---|---|
Title of host publication | Annual Symposium on Foundations of Computer Science (Proceedings) |
Publisher | Publ by IEEE |
Pages | 2-11 |
Number of pages | 10 |
ISBN (Print) | 0818608773, 9780818608773 |
DOIs | |
State | Published - 1988 |
Externally published | Yes |
Publication series
Name | Annual Symposium on Foundations of Computer Science (Proceedings) |
---|---|
ISSN (Print) | 0272-5428 |
Bibliographical note
Funding Information:The fundamental idea of trading hardness for randomness is due to Shamir \[Sh\], who suggested that the RSA function can be used to construct good pseudorandom sequences. The first secure pseudorandom bit-generator was built by Blum and Micali \[B1M\], who used the intractabiliy of the discrete logarithm function. These ideas were generalized by Yao \[Ya\], who showed that any one-way permutation can be used to construct generators that foor every polynomial time computation. This result gave the first explicit hardness-randomness trade-off: if no poly-size circuit can invert the one-way permutation, then RP ~ (~ > o DTIME(2n") • Yao's result was recently generalized by Impagliazzo, Levin, and Luby JILL\] who succeeded in constructing a pseudorandom generator based on an arbitrary one-way function. In all these papers, the generator uses the one-way function f essentially as follows: From a random string X0 (the seed), it computes a sequence {Xi} by Xi+l =f(Xi). The output bits bi depend on this sequence. The heart of the argument is then showing that a small circuit that is not fooled by the bit sequence {b~ } • Presented at the 29th IEEE Conference on Foundations of Computer Science, October 24-26, 1988. t This work was done while the first author was a student in the University of California at Berkeley. Supported by Israel National Academy of Science Grant No. 328071, by the Alon Fellowship, and by NSF Grant CCR8612563.