A dichotomy for local small-bias generators

Benny Applebaum; Andrej Bogdanov; Alon Rosen

doi:10.1007/978-3-642-28914-9_34

A dichotomy for local small-bias generators

Benny Applebaum
, Andrej Bogdanov
, Alon Rosen

School of Electrical Engineering

Tel Aviv University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

We consider pseudorandom generators in which each output bit depends on a constant number of input bits. Such generators have appealingly simple structure: they can be described by a sparse input-output dependency graph G and a small predicate P that is applied at each output. Following the works of Cryan and Miltersen (MFCS '01) and by Mossel et al (FOCS '03), we ask: which graphs and predicates yield "small-bias" generators (that fool linear distinguishers)? We identify an explicit class of degenerate predicates and prove the following. For most graphs, all non-degenerate predicates yield small-bias generators, , with output length m = n ^{1 + ε} for some constant ε > 0. Conversely, we show that for most graphs, degenerate predicates are not secure against linear distinguishers, even when the output length is linear m = n + Ω(n). Taken together, these results expose a dichotomy: every predicate is either very hard or very easy, in the sense that it either yields a small-bias generator for almost all graphs or fails to do so for almost all graphs. As a secondary contribution, we give evidence in support of the view that small bias is a good measure of pseudorandomness for local functions with large stretch. We do so by demonstrating that resilience to linear distinguishers implies resilience to a larger class of attacks for such functions.

Original language	English
Title of host publication	Theory of Cryptography - 9th Theory of Cryptography Conference, TCC 2012, Proceedings
Publisher	Springer Verlag
Pages	600-617
Number of pages	18
ISBN (Print)	9783642289132
DOIs	https://doi.org/10.1007/978-3-642-28914-9_34
State	Published - 2012
Event	9th Theory of Cryptography Conference, TCC 2012 - Taormina, Sicily, Italy Duration: 19 Mar 2012 → 21 Mar 2012

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	7194 LNCS

Conference

Conference	9th Theory of Cryptography Conference, TCC 2012
Country/Territory	Italy
City	Taormina, Sicily
Period	19/03/12 → 21/03/12

Keywords

NC0
dichotomy
local functions
small-bias generator

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/978-3-642-28914-9_34

Cite this

Applebaum, B., Bogdanov, A., & Rosen, A. (2012). A dichotomy for local small-bias generators. In Theory of Cryptography - 9th Theory of Cryptography Conference, TCC 2012, Proceedings (pp. 600-617). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7194 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-642-28914-9_34

@inproceedings{41d6165fef424ab9a91ad350ba34f3d5,

title = "A dichotomy for local small-bias generators",

abstract = "We consider pseudorandom generators in which each output bit depends on a constant number of input bits. Such generators have appealingly simple structure: they can be described by a sparse input-output dependency graph G and a small predicate P that is applied at each output. Following the works of Cryan and Miltersen (MFCS '01) and by Mossel et al (FOCS '03), we ask: which graphs and predicates yield {"}small-bias{"} generators (that fool linear distinguishers)? We identify an explicit class of degenerate predicates and prove the following. For most graphs, all non-degenerate predicates yield small-bias generators, , with output length m = n 1 + ε for some constant ε > 0. Conversely, we show that for most graphs, degenerate predicates are not secure against linear distinguishers, even when the output length is linear m = n + Ω(n). Taken together, these results expose a dichotomy: every predicate is either very hard or very easy, in the sense that it either yields a small-bias generator for almost all graphs or fails to do so for almost all graphs. As a secondary contribution, we give evidence in support of the view that small bias is a good measure of pseudorandomness for local functions with large stretch. We do so by demonstrating that resilience to linear distinguishers implies resilience to a larger class of attacks for such functions.",

keywords = "NC0, dichotomy, local functions, small-bias generator",

author = "Benny Applebaum and Andrej Bogdanov and Alon Rosen",

year = "2012",

doi = "10.1007/978-3-642-28914-9\_34",

language = "الإنجليزيّة",

isbn = "9783642289132",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "600--617",

booktitle = "Theory of Cryptography - 9th Theory of Cryptography Conference, TCC 2012, Proceedings",

address = "ألمانيا",

note = "9th Theory of Cryptography Conference, TCC 2012 ; Conference date: 19-03-2012 Through 21-03-2012",

}

Applebaum, B, Bogdanov, A & Rosen, A 2012, A dichotomy for local small-bias generators. in Theory of Cryptography - 9th Theory of Cryptography Conference, TCC 2012, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 7194 LNCS, Springer Verlag, pp. 600-617, 9th Theory of Cryptography Conference, TCC 2012, Taormina, Sicily, Italy, 19/03/12. https://doi.org/10.1007/978-3-642-28914-9_34

A dichotomy for local small-bias generators. / Applebaum, Benny; Bogdanov, Andrej; Rosen, Alon.
Theory of Cryptography - 9th Theory of Cryptography Conference, TCC 2012, Proceedings. Springer Verlag, 2012. p. 600-617 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7194 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A dichotomy for local small-bias generators

AU - Applebaum, Benny

AU - Bogdanov, Andrej

AU - Rosen, Alon

PY - 2012

Y1 - 2012

N2 - We consider pseudorandom generators in which each output bit depends on a constant number of input bits. Such generators have appealingly simple structure: they can be described by a sparse input-output dependency graph G and a small predicate P that is applied at each output. Following the works of Cryan and Miltersen (MFCS '01) and by Mossel et al (FOCS '03), we ask: which graphs and predicates yield "small-bias" generators (that fool linear distinguishers)? We identify an explicit class of degenerate predicates and prove the following. For most graphs, all non-degenerate predicates yield small-bias generators, , with output length m = n 1 + ε for some constant ε > 0. Conversely, we show that for most graphs, degenerate predicates are not secure against linear distinguishers, even when the output length is linear m = n + Ω(n). Taken together, these results expose a dichotomy: every predicate is either very hard or very easy, in the sense that it either yields a small-bias generator for almost all graphs or fails to do so for almost all graphs. As a secondary contribution, we give evidence in support of the view that small bias is a good measure of pseudorandomness for local functions with large stretch. We do so by demonstrating that resilience to linear distinguishers implies resilience to a larger class of attacks for such functions.

AB - We consider pseudorandom generators in which each output bit depends on a constant number of input bits. Such generators have appealingly simple structure: they can be described by a sparse input-output dependency graph G and a small predicate P that is applied at each output. Following the works of Cryan and Miltersen (MFCS '01) and by Mossel et al (FOCS '03), we ask: which graphs and predicates yield "small-bias" generators (that fool linear distinguishers)? We identify an explicit class of degenerate predicates and prove the following. For most graphs, all non-degenerate predicates yield small-bias generators, , with output length m = n 1 + ε for some constant ε > 0. Conversely, we show that for most graphs, degenerate predicates are not secure against linear distinguishers, even when the output length is linear m = n + Ω(n). Taken together, these results expose a dichotomy: every predicate is either very hard or very easy, in the sense that it either yields a small-bias generator for almost all graphs or fails to do so for almost all graphs. As a secondary contribution, we give evidence in support of the view that small bias is a good measure of pseudorandomness for local functions with large stretch. We do so by demonstrating that resilience to linear distinguishers implies resilience to a larger class of attacks for such functions.

KW - NC0

KW - dichotomy

KW - local functions

KW - small-bias generator

UR - https://www.scopus.com/pages/publications/84858331162

U2 - 10.1007/978-3-642-28914-9_34

DO - 10.1007/978-3-642-28914-9_34

M3 - منشور من مؤتمر

SN - 9783642289132

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 600

EP - 617

BT - Theory of Cryptography - 9th Theory of Cryptography Conference, TCC 2012, Proceedings

PB - Springer Verlag

T2 - 9th Theory of Cryptography Conference, TCC 2012

Y2 - 19 March 2012 through 21 March 2012

ER -

Applebaum B, Bogdanov A, Rosen A. A dichotomy for local small-bias generators. In Theory of Cryptography - 9th Theory of Cryptography Conference, TCC 2012, Proceedings. Springer Verlag. 2012. p. 600-617. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-642-28914-9_34

A dichotomy for local small-bias generators

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this