ABSTRACT
We provide a characterization of pseudoentropy in terms of hardness of sampling: Let (X,B) be jointly distributed random variables such that B takes values in a polynomial-sized set. We show that B is computationally indistinguishable from a random variable of higher Shannon entropy given X if and only if there is no probabilistic polynomial-time S such that (X,S(X)) has small KL divergence from (X,B). This can be viewed as an analogue of the Impagliazzo Hardcore Theorem (FOCS '95) for Shannon entropy (rather than min-entropy).
Using this characterization, we show that if f is a one-way function, then (f(Un),Un) has "next-bit pseudoentropy" at least n+log n, establishing a conjecture of Haitner, Reingold, and Vadhan (STOC '10). Plugging this into the construction of Haitner et al., this yields a simpler construction of pseudorandom generators from one-way functions. In particular, the construction only performs hashing once, and only needs the hash functions that are randomness extractors (e.g. universal hash functions) rather than needing them to support "local list-decoding" (as in the Goldreich--Levin hardcore predicate, STOC '89).
With an additional idea, we also show how to improve the seed length of the pseudorandom generator to ~{O}(n3), compared to O(n4) in the construction of Haitner et al.
Supplemental Material
- Boaz Barak, Moritz Hardt, and Satyen Kale. The uniform hardcore lemma via approximate bregman projections. In SODA '09: Proceedings of the Nineteenth Annual ACM -SIAM Symposium on Discrete Algorithms, pages 1193--1200, Philadelphia, PA, USA, 2009. Society for Industrial and Applied Mathematics. Google Scholar
Digital Library
- Manuel Blum and Silvio Micali. How to generate cryptographically strong sequences of pseudo random bits. pages 112--117, 1982.Google Scholar
- Boaz Barak, Ronen Shaltiel, and Avi Wigderson. Computational analogues of entropy. In RANDOM-APPROX, pages 200--215, 2003.Google Scholar
Cross Ref
- Thomas M. Cover and Joy A. Thomas. Elements of information theory (2. ed.). Wiley, 2006.Google Scholar
- Yevgeniy Dodis, Rafail Ostrovsky, Leonid Reyzin, and Adam Smith. Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. SIAM J. Comput., 38(1):97--139, 2008. Google Scholar
Digital Library
- Benjamin Fuller and Leonid Reyzin. Computational entropy and information leakage. 2011. (available at http://www.cs.bu.edu/fac/reyzin).Google Scholar
- Rosario Gennaro, Yael Gertner, Jonathan Katz, and Luca Trevisan. Bounds on the efficiency of generic cryptographic constructions. SIAM Journal on Computing, 35(1):217--246, 2005. Google Scholar
Digital Library
- Oded Goldreich and Leonid A. Levin. A hard-core predicate for all one-way functions. In Proceedings of the Twenty First Annual ACM Symposium on Theory of Computing, pages 25--32, Seattle, Washington, 15--17 May 1989. Google Scholar
Digital Library
- Oded Goldreich and Bernd Meyer. Computational indistinguishability: algorithms vs. circuits. Theoretical Computer Science, 191(1--2):215--218, 1998. Google Scholar
Digital Library
- Shafi Goldwasser and Silvio Micali. Probabilistic encryption. Journal of Computer and System Sciences, 28(2):270--299, April 1984.Google Scholar
- Oded Goldreich. Computational Complexity: A Conceptual Perspective. 2006. Google Scholar
Digital Library
- Oded Goldreich and Salil Vadhan. Comparing entropies in statistical zero knowledge with applications to the structure of szk. In In Proceedings of the Fourteenth Annual IEEE Conference on Computational Complexity, pages 54--73. IEEE Computer Society Press, 1998. Google Scholar
Digital Library
- HaitnerHoReVaWe10Iftach Haitner, Thomas Holenstein, Omer Reingold, Salil P. Vadhan, and Hoeteck Wee. Universal one-way hash functions via inaccessible entropy. In EUROCRYPT, pages 616--637, 2010. Google Scholar
Digital Library
- Johan Håstad, Russell Impagliazzo, Leonid A. Levin, and Michael Luby. A pseudorandom generator from any one-way function. SIAM Journal on Computing, 28(4):1364--1396 (electronic), 1999. Google Scholar
Digital Library
- Chun-Yuan Hsiao, Chi-Jen Lu, and Leonid Reyzin. Conditional computational entropy, or toward separating pseudoentropy from compressibility. In EUROCRYPT, pages 169--186, 2007. Google Scholar
Digital Library
- Thomas Holenstein. Key agreement from weak bit agreement. In Proceedings of the 37th Annual ACM Symposium on Theory of Computing (STOC), pages 664--673, 2005. Google Scholar
Digital Library
- Thomas Holenstein. Pseudorandom generators from one-way functions: A simple construction for any hardness. In TCC, pages 443--461, 2006. Google Scholar
Digital Library
- Iftach Haitner, Omer Reingold, and Salil Vadhan. Efficiency improvements in constructing pseudorandom generators from one-way functions. In Proceedings of the 42nd Annual ACM Symposium on Theory of Computing (STOC), pages 437--446, 2010. Google Scholar
Digital Library
- Iftach Haitner, Omer Reingold, Salil Vadhan, and Hoeteck Wee. Inaccessible entropy. In Proceedings of the 41st Annual ACM Symposium on Theory of Computing (STOC '09), pages 611--620, 31 May--2 June 2009. Google Scholar
Digital Library
- Yuval Ishai, Eyal Kushilevitz, Rafail Ostrovsky, and Amit Sahai. Cryptography with constant computational overhead. In STOC, pages 433--442, 2008. Google Scholar
Digital Library
- Russell Impagliazzo and Michael Luby. One-way functions are essential for complexity based cryptography. In FOCS, pages 230--235, 1989. Google Scholar
Digital Library
- Russell Impagliazzo. Hard-core distributions for somewhat hard problems. In 36th Annual Symposium on Foundations of Computer Science, pages 538--545, Milwaukee, Wisconsin, 23--25 October 1995. IEEE. Google Scholar
Digital Library
- KearnsMRRSS94Michael J. Kearns, Yishay Mansour, Dana Ron, Ronitt Rubinfeld, Robert E. Schapire, and Linda Sellie. On the learnability of discrete distributions. In STOC, pages 273--282, 1994. Google Scholar
Digital Library
- Adam R. Klivans and Rocco A. Servedio. Boosting and hard-core sets. In In Proceedings of the Fortieth Annual Symposium on Foundations of Computer Science, pages 624--633, 1999. Google Scholar
Digital Library
- L.D. Landau and E.M. Lifshitz. Statistical physics, volume 5 of Statistical Physics. Oxford: Pergamon Press, 1980.Google Scholar
- Moni Naor. Evaluation may be easier than generation. In STOC, pages 74--83, 1996. Google Scholar
Digital Library
- Leonid Reyzin. Some notions of entropy for cryptography. In ICITS, pages 138--142, 2011. Google Scholar
Digital Library
- Claude Shannon. Communication theory of secrecy systems. Bell System Technical Journal, 28(4):656--715, 1949.Google Scholar
Digital Library
- Madhu Sudan, Luca Trevisan, and Salil Vadhan. Pseudorandom generators without the XOR lemma. Journal of Computer and System Sciences, 62:236--266, 2001. Google Scholar
Digital Library
- Salil Vadhan and Colin Jia Zheng. A uniform minmax theorem and its applications. In preparation, 2012.Google Scholar
- Salil P. Vadhan and Colin Jia Zheng. Characterizing pseudoentropy and simplifying pseudorandom generator constructions. Electronic Colloquium on Computational Complexity (ECCC), 18:141, 2011.Google Scholar
- Andrew C. Yao. Theory and applications of trapdoor functions. pages 80--91, 1982.Google Scholar
- Andrew C. Yao. Theory and applications of trapdoor functions (extended abstract). In 23rd Annual Symposium on Foundations of Computer Science, pages 80--91, Chicago, Illinois, 3--5 November 1982. IEEE. Google Scholar
Cross Ref
Index Terms
Characterizing pseudoentropy and simplifying pseudorandom generator constructions
Recommendations
Pseudorandom Generators with Optimal Seed Length for Non-Boolean Poly-Size Circuits
A sampling procedure for a distribution P over {0, 1}ℓ is a function C: {0, 1}n → {0, 1}ℓ such that the distribution C(Un) (obtained by applying C on the uniform distribution Un) is the “desired distribution” P. Let n > r ≥ ℓ = nΩ(1). An ϵ-nb-PRG (...
Average-case hardness of NP from exponential worst-case hardness assumptions
STOC 2021: Proceedings of the 53rd Annual ACM SIGACT Symposium on Theory of ComputingA long-standing and central open question in the theory of average-case complexity is to base average-case hardness of NP on worst-case hardness of NP. A frontier question along this line is to prove that PH is hard on average if UP requires (sub-)...
Extractors and pseudorandom generators
We introduce a new approach to constructing extractors. Extractors are algorithms that transform a “weakly random” distribution into an almost uniform distribution. Explicit constructions of extractors have a variety of important applications, and tend ...






Comments