Lossy functions do not amplify well

Krzysztof Pietrzak*, Alon Rosen, Gil Segev

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

4 Scopus citations


We consider the problem of amplifying the "lossiness" of functions. We say that an oracle circuit C*: {0,1}m → {0,1}* amplifies relative lossiness from ℓ/n to L/m if for every function f:{0,1}n → {0,1}n it holds that 1 If f is injective then so is Cf. 2 If f has image size of at most 2 n-ℓ, then Cf has image size at most 2m-L. The question is whether such C* exists for L/m ≫ ℓ/n. This problem arises naturally in the context of cryptographic "lossy functions," where the relative lossiness is the key parameter. We show that for every circuit C* that makes at most t queries to f, the relative lossiness of Cf is at most L/m ≤ ℓ/n + O(log t)/n. In particular, no black-box method making a polynomial t = poly(n) number of queries can amplify relative lossiness by more than an O(logn)/n additive term. We show that this is tight by giving a simple construction (cascading with some randomization) that achieves such amplification.

Original languageAmerican English
Title of host publicationTheory of Cryptography - 9th Theory of Cryptography Conference, TCC 2012, Proceedings
Number of pages18
StatePublished - 2012
Externally publishedYes
Event9th Theory of Cryptography Conference, TCC 2012 - Taormina, Sicily, Italy
Duration: 19 Mar 201221 Mar 2012

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7194 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference9th Theory of Cryptography Conference, TCC 2012
CityTaormina, Sicily


Dive into the research topics of 'Lossy functions do not amplify well'. Together they form a unique fingerprint.

Cite this