Abstract
A constructive theory of randomness for functions, based on computational complexity, is developed, and a pseudorandom function generator is presented. This generator is a deterministic polynomial-time algorithm that transforms pairs (g, r), where g is any one-way function and r is a random k-bit string, to polynomial-time computable functions ƒr: {1, … , 2k} → {1, … , 2k}. These ƒr's cannot be distinguished from random functions by any probabilistic polynomial-time algorithm that asks and receives the value of a function at arguments of its choice. The result has applications in cryptography, random constructions, and complexity theory.
- 1 ADELMAN, L. Time, Space and Randomness. Tech. Memo 131, Laboratory for Computer Science MIT, Cambridge, Mass., 1979.Google Scholar
- 2 ALEXI, W., CHOR, B., GOLDREICH, O., AND SCHNORR, C. P. RSA and Rabin functions: Certain parts are as hard as the whole. SIAM J. Comput., to appear. (An earlier version appeared in Proceedings of the 25th IEEE Symposium on Foundations of Computer Science. IEEE, New York, 1984, pp. 449-457.)Google Scholar
- 3 ANGLUIN, O., AND LICHTENSTEIN, D. Provable security of cryptosystems: A survey. Tech. Rep. 288, Dept. of Computer Science, Yale Univ. New Haven, Conn., 1983.Google Scholar
- 4 BENNETT, C. H., AND GILL, J. Relative to a random oracle, A, P^ ~ NP^ ~ co-NP^ with probability I. SIAM J. Comput. I 0 ( 198 l), 96-113.Google Scholar
- 5 BEN-OR, M., CnOR, B., AND SHAMIR, A. On the cryptographic security of single RSA bits. In Proceedings of the 15th ACM Symposium on Theory of Computing (Boston, Mass., Apr. 25-27). ACM, New~'ork, 1983, pp. 421-430. Google Scholar
Cross Ref
- 6 BEN-OR, M., GOLDREICH, O., MICALI, S., AND RIVEST, R.L. A fair protocol for signing contracts. In Automata, Languages and Programming, 12th Colloquium, W. Brauer, Ed. Lecture Notes in Computer Science, vol. 194. Springer-Vedag, New York, 1985, pp. 43-52. Google Scholar
- 7 BLUM, L., BLUM, M., AND SHUB, M. A simpl~ unpredictable pseudo-random number generator. SIAM J. Comput. 15 (May 1986), 364-383. Google Scholar
Digital Library
- 8 BLUM, M., AND MICALI, S. How to generate cryptographically strong sequences of pseudo-random bits. SIAM J. Comput. 13 (Nov. I984), 850-864. Google Scholar
Digital Library
- 9 BRASSARD, G. On computationally secure authentication tags requiring short secret shared keys. In Advances in Cryptology: Proceedings of Crypto-82, D. Chaum, R. L. Rivest and A. T. Sherman, Eds. Plenum Press, New York, 1983, pp. 79-86.Google Scholar
Cross Ref
- 10 CnAITIN, G.J. On the length of programs for computing finite binary sequences. J. ACM 13, 4 (Oct. 1966), 547-570. Google Scholar
- 11 DIFFIE, W., AND HELLMAN, M. E. New directions in cryptography. IEEE Trans. Inf. Theory IT-22 (Nov. 1976), 644-654.Google Scholar
Digital Library
- 12 FREIZE, A. M., KANNAN, R., AND LAGARIAS, J.C. Linear congruential generators do not produce random sequences. In Proceedings of the 25th Symposium on Foundations of Computer Science. IEEE, New York, 1984, pp. 480-484'.Google Scholar
Digital Library
- 13 GACS, P. On the symmetry of algorithmic information. Soy. Math. Dokl. 15 (1974), 1477.Google Scholar
- 14 GOLDREICH, O., GOLDWASSER, S., AND MICALI, S. How to construct random functions. Tech. Memo 244, Laboratory for Computer Science, MIT, Cambridge, Mass., Nov. 1983.Google Scholar
- 15 GOLDREICH, O., GOLDWASSER, S., AND MICALI, S. On the cryptographic applications of random functions. In Advances in Cryptology: Proceedings of Crypto-84. B. Blakely, Ed. Lecture Notes in Computer Science, vol. 196. Springer-Vedag, New York, 1985, pp. 276-288. Google Scholar
- 16 GOLDWASSER, S. Probabilistic encryption: Theory and applications. Ph.D. dissertation, Dept. of Computer Science, Univ. of California, Berkeley, Calif., 1984. Google Scholar
- 17 GOLDWASSER, S., MICALI, S., AND RIVEST, R.L. A "paradoxical" signature scheme. In Proceedings of the 25th IEEE Symposium on Foundations of Computer Science. IEEE, New York, 1984, pp. 441-448.Google Scholar
- 17a GOLDWASSER, A., MICALI, S., AND RIVEST, R. L. A digital signature scheme secure against adaptive chosen method attack. SIAM J. Comput. to appear. Google Scholar
- 18 GOLDWASSER, S., MICALI, S., AND TONG, P. Why and how to establish a private code on a public network. In Proceedings of the 23rd IEEE Symposium on Foundations of Computer Science. IEEE, New York, 1982, pp. 134-144.Google Scholar
Digital Library
- 19 HARTMANIS, J. Generalized Kolmogorov complexity and the structure of feasible computations. In Proceedings of the 24th IEEE Symposium on Foundations of Computer Science. IEEE, New York, 1983, pp. 439-445.Google Scholar
Digital Library
- 20 HASTAD, J., AND SHAMIR, A. The cryptographic security of truncated linearly related variables. In Proceedings of the 17th ACM Symposium on Theory of Computing (Providence, R.I., May 6-8). ACM, New York, 1985, pp. 356-362. Google Scholar
Cross Ref
- 21 KNUTn, D. The Art of Computer Programming: Seminumerical Algorithms, vol. 2. 2nd ed. Addison-Wesley, Reading, Mass. 1981. Google Scholar
- 22 KOLMOGOROV, A. Three approaches to the concept of "The amount of information," Prob. Inf. Transm. I, l (1965).Google Scholar
- 23 LAGARIAS, J., AND REEDS, J. Extrapolation of nonlinear recurrences. Submitted for publication.Google Scholar
- 24 LEVIN, L.A. On the notion of a random sequence. Soy. Math. Dokl. 14, 5 (1973), 1413.Google Scholar
- 25 LEVlN, L. A. Various measures of complexity for finite objects (axiomatic descriptions). Soy. Math. Dokl. 17, 2 (1976), 522-526.Google Scholar
- 26 LEVIN, L.A. Randomness conservation inequalities, information and independence in mathematical theories. Inf. Control 61 (1984), 15-37. Google Scholar
Digital Library
- 27 LEVIN, L.A. One-way function and pseudorandom generators. In Proceedings of the 17th ACM Symposium on Theory of Computing (Providence, R.I., May 6-8). ACM, New York, 1985, pp. 363-365. Google Scholar
Cross Ref
- 28 LONG, D. L., AND WIGDERSON, A. How discreet is discrete log? In preparation. A preliminary version appeared in Proceedings of the 15th ACM Symposium on Theory of Computing (Boston, Mass., Apr. 25-27). ACM, New York, 1983, pp. 413-420. Google Scholar
- 29 Luav, M., AND RACKOFF, C. Pseudo random permutation generators and cryptographic composition. In Proceedings of the 18th ACM Symposium on Theory of Computing (Berkeley, Calif., May 28-30). ACM, New York, 1986, pp. 356-363. Google Scholar
- 30 MARTIN-LOF, P. The definition of random sequences. Inf. Control 9 (1966), 602-619.Google Scholar
Cross Ref
- 31 PLUMSTEAD, J. Inferring a sequence generated by a linear congruence. In Proceedings of the 23rd IEEE Symposium on Foundations of Computer Science. IEEE, New York, 1982, pp. 153-159.Google Scholar
Digital Library
- 32 RABIN, M.O. Digitalized signatures and public key functions as intractable as factoring. Tech. Rep. 212, Laboratory for Computer Science, Cambridge, Mass., 1979. Google Scholar
Digital Library
- 33 RIVEST, R., SHAMIR, A., AND ADLEMAN, L. A method for obtaining digital signatures and public key cryptosystems. Commun. ACM, 21, 2 (Feb. 1978), 120-126. Google Scholar
Digital Library
- 34 SCHNORR, C.P. Zufaelligkeit und Wahrscheinlichkeit. Lecture Notes in Mathematics, vol. 218. Springer-Verlag, New York, 197 i.Google Scholar
- 35 SHAMIR, A. On the generation of cryptographically strong pseudorandom sequences. ACM Trans. Comput. Syst. 1, l (Feb. 1983), 38-44. Google Scholar
- 36 SIr'SER, M. A complexity theoretic approach to randomness, in Proceedings of the 15th ACM Symposium on Theory of Computing (Boston, Mass., Apr. 25-27). ACM, New York, 1983, 330-335. Google Scholar
- 37 SOLOMONOFF, R.J. A formal theory of inductive inference. Inf. Control, 7, l (1964), 1-22.Google Scholar
- 38 WILBER, R.E. Randomness and the density of hard problems. In Proceedings of 24th IEEE Symposium on Foundations of Computer Science. IEEE, New York, 1983, pp. 335-342.Google Scholar
Digital Library
- 39 VAZIRANI, U. V., AND VAZIRANI, V.V. RSA bits are .732 + ~ secure, tn Advances in Cryptology: Proceedings ofCrypto-83, D. Chaum, Ed. Plenum Press, New York, 1984, pp. 369-375.Google Scholar
- 40 VAZIRANI, U. V., AND VAZIRANI, V.V. Efficient and secure pseudo-random number generation. In Proceedings of the 25th IEEE Symposium on Foundations of Computer Science. IEEE, New York, 1984, pp. 458-463.Google Scholar
Digital Library
- 41 YAO, A.C. Theory and applications of trapdoor functions. In Proceedings of the 23rd IEEE Symposium on Foundations of Computer Science. IEEE, New York, 1982, pp 80-9 I.Google Scholar
Digital Library
- 42 ZVONKIN, A. K., AND LEVIN, L.A. The complexity of finite objects and the algorithmic concepts of randomness and information. UMN (Russian Math. Surveys), 25, 6 (1970), 83-124.Google Scholar
Index Terms
How to construct random functions
Recommendations
How to Construct Quantum Random Functions
FOCS '12: Proceedings of the 2012 IEEE 53rd Annual Symposium on Foundations of Computer ScienceIn the presence of a quantum adversary, there are two possible definitions of security for a pseudorandom function. The first, which we call standard-security, allows the adversary to be quantum, but requires queries to the function to be classical. The ...
Random Continuous Functions
We investigate notions of algorithmic randomness in the space C(2^N) of continuous functions on 2^N. A probability measure is given and a version of the Martin-Lof test for randomness is defined which allows us to define a class of (Martin-Lof) random ...
How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract)
CRYPTO '85: Advances in CryptologyLet F n be the set of all functions from n bits to n bits. Let f n specify for each key k of a given length a function f k n F n . We say f n is pseudo-random if the following two properties hold: (1) Given a key k and an input a of ...








Comments