On linear-size pseudorandom generators and hardcore functions

Joshua Baron, Yuval Ishai, Rafail Ostrovsky

Research output: Contribution to journalArticlepeer-review


We consider the question of constructing pseudorandom generators that simultaneously have linear circuit complexity (in the output length), exponential security (in the seed length), and a large stretch (linear or polynomial in the seed length). We refer to such a pseudorandom generator as an asymptotically optimal PRG. We present a simple construction of an asymptotically optimal PRG from any one-way function f:{0, 1}n→{0, 1}n which satisfies the following requirements:1.f can be computed by linear-size circuits;2.f is 2βn-hard to invert, for some constant β>0;3.f either has high entropy, in the sense that the min-entropy of f(x) on a random input x is at least γn where β/3+γ>1, or alternatively it is regular in the sense that the preimage size of every output of f is fixed. Known constructions of PRGs from one-way functions can do without the entropy or regularity requirements, but they achieve slightly sub-exponential security (Vadhan and Zheng (2012) [27]). Our construction relies on a technical result about hardcore functions that may be of independent interest. We obtain a family of hardcore functions H={h:{0,1}n→{0,1}αn} that can be computed by linear-size circuits for any 2βn-hard one-way function f:{0, 1}n→{0, 1}n where β>3α. Our construction of asymptotically optimal PRGs uses such hardcore functions, which are obtained via linear-size computable affine hash functions (Ishai et al. (2008) [24]).

Original languageEnglish
Pages (from-to)50-63
Number of pages14
JournalTheoretical Computer Science
Issue numberC
StatePublished - 2014


  • Circuit complexity
  • Cryptography
  • One-way functions
  • Pseudorandom generators

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'On linear-size pseudorandom generators and hardcore functions'. Together they form a unique fingerprint.

Cite this