ABSTRACT
We provide a characterization of pseudoentropy in terms of hardness of sampling: Let (X,B) be jointly distributed random variables such that B takes values in a polynomial-sized set. We show that B is computationally indistinguishable from a random variable of higher Shannon entropy given X if and only if there is no probabilistic polynomial-time S such that (X,S(X)) has small KL divergence from (X,B). This can be viewed as an analogue of the Impagliazzo Hardcore Theorem (FOCS '95) for Shannon entropy (rather than min-entropy).
Using this characterization, we show that if f is a one-way function, then (f(Un),Un) has "next-bit pseudoentropy" at least n+log n, establishing a conjecture of Haitner, Reingold, and Vadhan (STOC '10). Plugging this into the construction of Haitner et al., this yields a simpler construction of pseudorandom generators from one-way functions. In particular, the construction only performs hashing once, and only needs the hash functions that are randomness extractors (e.g. universal hash functions) rather than needing them to support "local list-decoding" (as in the Goldreich--Levin hardcore predicate, STOC '89).
With an additional idea, we also show how to improve the seed length of the pseudorandom generator to ~{O}(n3), compared to O(n4) in the construction of Haitner et al.
Supplemental Material
- Boaz Barak, Moritz Hardt, and Satyen Kale. The uniform hardcore lemma via approximate bregman projections. In SODA '09: Proceedings of the Nineteenth Annual ACM -SIAM Symposium on Discrete Algorithms, pages 1193--1200, Philadelphia, PA, USA, 2009. Society for Industrial and Applied Mathematics. Google ScholarDigital Library
- Manuel Blum and Silvio Micali. How to generate cryptographically strong sequences of pseudo random bits. pages 112--117, 1982.Google Scholar
- Boaz Barak, Ronen Shaltiel, and Avi Wigderson. Computational analogues of entropy. In RANDOM-APPROX, pages 200--215, 2003.Google ScholarCross Ref
- Thomas M. Cover and Joy A. Thomas. Elements of information theory (2. ed.). Wiley, 2006.Google Scholar
- Yevgeniy Dodis, Rafail Ostrovsky, Leonid Reyzin, and Adam Smith. Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. SIAM J. Comput., 38(1):97--139, 2008. Google ScholarDigital Library
- Benjamin Fuller and Leonid Reyzin. Computational entropy and information leakage. 2011. (available at http://www.cs.bu.edu/fac/reyzin).Google Scholar
- Rosario Gennaro, Yael Gertner, Jonathan Katz, and Luca Trevisan. Bounds on the efficiency of generic cryptographic constructions. SIAM Journal on Computing, 35(1):217--246, 2005. Google ScholarDigital Library
- Oded Goldreich and Leonid A. Levin. A hard-core predicate for all one-way functions. In Proceedings of the Twenty First Annual ACM Symposium on Theory of Computing, pages 25--32, Seattle, Washington, 15--17 May 1989. Google ScholarDigital Library
- Oded Goldreich and Bernd Meyer. Computational indistinguishability: algorithms vs. circuits. Theoretical Computer Science, 191(1--2):215--218, 1998. Google ScholarDigital Library
- Shafi Goldwasser and Silvio Micali. Probabilistic encryption. Journal of Computer and System Sciences, 28(2):270--299, April 1984.Google ScholarCross Ref
- Oded Goldreich. Computational Complexity: A Conceptual Perspective. 2006. Google ScholarDigital Library
- Oded Goldreich and Salil Vadhan. Comparing entropies in statistical zero knowledge with applications to the structure of szk. In In Proceedings of the Fourteenth Annual IEEE Conference on Computational Complexity, pages 54--73. IEEE Computer Society Press, 1998. Google ScholarDigital Library
- HaitnerHoReVaWe10Iftach Haitner, Thomas Holenstein, Omer Reingold, Salil P. Vadhan, and Hoeteck Wee. Universal one-way hash functions via inaccessible entropy. In EUROCRYPT, pages 616--637, 2010. Google ScholarDigital Library
- Johan Håstad, Russell Impagliazzo, Leonid A. Levin, and Michael Luby. A pseudorandom generator from any one-way function. SIAM Journal on Computing, 28(4):1364--1396 (electronic), 1999. Google ScholarDigital Library
- Chun-Yuan Hsiao, Chi-Jen Lu, and Leonid Reyzin. Conditional computational entropy, or toward separating pseudoentropy from compressibility. In EUROCRYPT, pages 169--186, 2007. Google ScholarDigital Library
- Thomas Holenstein. Key agreement from weak bit agreement. In Proceedings of the 37th Annual ACM Symposium on Theory of Computing (STOC), pages 664--673, 2005. Google ScholarDigital Library
- Thomas Holenstein. Pseudorandom generators from one-way functions: A simple construction for any hardness. In TCC, pages 443--461, 2006. Google ScholarDigital Library
- Iftach Haitner, Omer Reingold, and Salil Vadhan. Efficiency improvements in constructing pseudorandom generators from one-way functions. In Proceedings of the 42nd Annual ACM Symposium on Theory of Computing (STOC), pages 437--446, 2010. Google ScholarDigital Library
- Iftach Haitner, Omer Reingold, Salil Vadhan, and Hoeteck Wee. Inaccessible entropy. In Proceedings of the 41st Annual ACM Symposium on Theory of Computing (STOC '09), pages 611--620, 31 May--2 June 2009. Google ScholarDigital Library
- Yuval Ishai, Eyal Kushilevitz, Rafail Ostrovsky, and Amit Sahai. Cryptography with constant computational overhead. In STOC, pages 433--442, 2008. Google ScholarDigital Library
- Russell Impagliazzo and Michael Luby. One-way functions are essential for complexity based cryptography. In FOCS, pages 230--235, 1989. Google ScholarDigital Library
- Russell Impagliazzo. Hard-core distributions for somewhat hard problems. In 36th Annual Symposium on Foundations of Computer Science, pages 538--545, Milwaukee, Wisconsin, 23--25 October 1995. IEEE. Google ScholarDigital Library
- KearnsMRRSS94Michael J. Kearns, Yishay Mansour, Dana Ron, Ronitt Rubinfeld, Robert E. Schapire, and Linda Sellie. On the learnability of discrete distributions. In STOC, pages 273--282, 1994. Google ScholarDigital Library
- Adam R. Klivans and Rocco A. Servedio. Boosting and hard-core sets. In In Proceedings of the Fortieth Annual Symposium on Foundations of Computer Science, pages 624--633, 1999. Google ScholarDigital Library
- L.D. Landau and E.M. Lifshitz. Statistical physics, volume 5 of Statistical Physics. Oxford: Pergamon Press, 1980.Google Scholar
- Moni Naor. Evaluation may be easier than generation. In STOC, pages 74--83, 1996. Google ScholarDigital Library
- Leonid Reyzin. Some notions of entropy for cryptography. In ICITS, pages 138--142, 2011. Google ScholarDigital Library
- Claude Shannon. Communication theory of secrecy systems. Bell System Technical Journal, 28(4):656--715, 1949.Google ScholarCross Ref
- Madhu Sudan, Luca Trevisan, and Salil Vadhan. Pseudorandom generators without the XOR lemma. Journal of Computer and System Sciences, 62:236--266, 2001. Google ScholarDigital Library
- Salil Vadhan and Colin Jia Zheng. A uniform minmax theorem and its applications. In preparation, 2012.Google Scholar
- Salil P. Vadhan and Colin Jia Zheng. Characterizing pseudoentropy and simplifying pseudorandom generator constructions. Electronic Colloquium on Computational Complexity (ECCC), 18:141, 2011.Google Scholar
- Andrew C. Yao. Theory and applications of trapdoor functions. pages 80--91, 1982.Google Scholar
- Andrew C. Yao. Theory and applications of trapdoor functions (extended abstract). In 23rd Annual Symposium on Foundations of Computer Science, pages 80--91, Chicago, Illinois, 3--5 November 1982. IEEE. Google ScholarCross Ref
Index Terms
- Characterizing pseudoentropy and simplifying pseudorandom generator constructions
Recommendations
Average-case hardness of NP from exponential worst-case hardness assumptions
STOC 2021: Proceedings of the 53rd Annual ACM SIGACT Symposium on Theory of ComputingA long-standing and central open question in the theory of average-case complexity is to base average-case hardness of NP on worst-case hardness of NP. A frontier question along this line is to prove that PH is hard on average if UP requires (sub-)...
Pseudorandom Generators with Optimal Seed Length for Non-Boolean Poly-Size Circuits
A sampling procedure for a distribution P over {0, 1}ℓ is a function C: {0, 1}n → {0, 1}ℓ such that the distribution C(Un) (obtained by applying C on the uniform distribution Un) is the “desired distribution” P. Let n > r ≥ ℓ = nΩ(1). An ϵ-nb-PRG (...
Pseudorandom generators with long stretch and low locality from random local one-way functions
STOC '12: Proceedings of the forty-fourth annual ACM symposium on Theory of computingWe continue the study of locally-computable pseudorandom generators (PRG) G:{0,1}n -> {0,1}m that each of their outputs depend on a small number of d input bits. While it is known that such generators are likely to exist for the case of small sub-linear ...
Comments