## Abstract

We consider the question of constructing pseudorandom generators that simultaneously have linear circuit complexity (in the output length), exponential security (in the seed length), and a large stretch (linear or polynomial in the seed length). We refer to such a pseudorandom generator as an asymptotically optimal PRG. We present a simple construction of an asymptotically optimal PRG from any one-way function f:{0, 1}^{n}→{0, 1}^{n} which satisfies the following requirements:1.f can be computed by linear-size circuits;2.f is 2^{βn}-hard to invert, for some constant β>0;3.f either has high entropy, in the sense that the min-entropy of f(x) on a random input x is at least γn where β/3+γ>1, or alternatively it is regular in the sense that the preimage size of every output of f is fixed. Known constructions of PRGs from one-way functions can do without the entropy or regularity requirements, but they achieve slightly sub-exponential security (Vadhan and Zheng (2012) [27]). Our construction relies on a technical result about hardcore functions that may be of independent interest. We obtain a family of hardcore functions H={h:{0,1}n→{0,1}αn} that can be computed by linear-size circuits for any 2^{βn}-hard one-way function f:{0, 1}^{n}→{0, 1}^{n} where β>3α. Our construction of asymptotically optimal PRGs uses such hardcore functions, which are obtained via linear-size computable affine hash functions (Ishai et al. (2008) [24]).

Original language | English |
---|---|

Pages (from-to) | 50-63 |

Number of pages | 14 |

Journal | Theoretical Computer Science |

Volume | 554 |

Issue number | C |

DOIs | |

State | Published - 2014 |

## Keywords

- Circuit complexity
- Cryptography
- One-way functions
- Pseudorandom generators

## All Science Journal Classification (ASJC) codes

- Theoretical Computer Science
- General Computer Science