skip to main content
article
Free Access

How to construct random functions

Published:10 August 1986Publication History
Skip Abstract Section

Abstract

A constructive theory of randomness for functions, based on computational complexity, is developed, and a pseudorandom function generator is presented. This generator is a deterministic polynomial-time algorithm that transforms pairs (g, r), where g is any one-way function and r is a random k-bit string, to polynomial-time computable functions ƒr: {1, … , 2k} → {1, … , 2k}. These ƒr's cannot be distinguished from random functions by any probabilistic polynomial-time algorithm that asks and receives the value of a function at arguments of its choice. The result has applications in cryptography, random constructions, and complexity theory.

References

  1. 1 ADELMAN, L. Time, Space and Randomness. Tech. Memo 131, Laboratory for Computer Science MIT, Cambridge, Mass., 1979.Google ScholarGoogle Scholar
  2. 2 ALEXI, W., CHOR, B., GOLDREICH, O., AND SCHNORR, C. P. RSA and Rabin functions: Certain parts are as hard as the whole. SIAM J. Comput., to appear. (An earlier version appeared in Proceedings of the 25th IEEE Symposium on Foundations of Computer Science. IEEE, New York, 1984, pp. 449-457.)Google ScholarGoogle Scholar
  3. 3 ANGLUIN, O., AND LICHTENSTEIN, D. Provable security of cryptosystems: A survey. Tech. Rep. 288, Dept. of Computer Science, Yale Univ. New Haven, Conn., 1983.Google ScholarGoogle Scholar
  4. 4 BENNETT, C. H., AND GILL, J. Relative to a random oracle, A, P^ ~ NP^ ~ co-NP^ with probability I. SIAM J. Comput. I 0 ( 198 l), 96-113.Google ScholarGoogle Scholar
  5. 5 BEN-OR, M., CnOR, B., AND SHAMIR, A. On the cryptographic security of single RSA bits. In Proceedings of the 15th ACM Symposium on Theory of Computing (Boston, Mass., Apr. 25-27). ACM, New~'ork, 1983, pp. 421-430. Google ScholarGoogle ScholarCross RefCross Ref
  6. 6 BEN-OR, M., GOLDREICH, O., MICALI, S., AND RIVEST, R.L. A fair protocol for signing contracts. In Automata, Languages and Programming, 12th Colloquium, W. Brauer, Ed. Lecture Notes in Computer Science, vol. 194. Springer-Vedag, New York, 1985, pp. 43-52. Google ScholarGoogle Scholar
  7. 7 BLUM, L., BLUM, M., AND SHUB, M. A simpl~ unpredictable pseudo-random number generator. SIAM J. Comput. 15 (May 1986), 364-383. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. 8 BLUM, M., AND MICALI, S. How to generate cryptographically strong sequences of pseudo-random bits. SIAM J. Comput. 13 (Nov. I984), 850-864. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. 9 BRASSARD, G. On computationally secure authentication tags requiring short secret shared keys. In Advances in Cryptology: Proceedings of Crypto-82, D. Chaum, R. L. Rivest and A. T. Sherman, Eds. Plenum Press, New York, 1983, pp. 79-86.Google ScholarGoogle ScholarCross RefCross Ref
  10. 10 CnAITIN, G.J. On the length of programs for computing finite binary sequences. J. ACM 13, 4 (Oct. 1966), 547-570. Google ScholarGoogle Scholar
  11. 11 DIFFIE, W., AND HELLMAN, M. E. New directions in cryptography. IEEE Trans. Inf. Theory IT-22 (Nov. 1976), 644-654.Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. 12 FREIZE, A. M., KANNAN, R., AND LAGARIAS, J.C. Linear congruential generators do not produce random sequences. In Proceedings of the 25th Symposium on Foundations of Computer Science. IEEE, New York, 1984, pp. 480-484'.Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. 13 GACS, P. On the symmetry of algorithmic information. Soy. Math. Dokl. 15 (1974), 1477.Google ScholarGoogle Scholar
  14. 14 GOLDREICH, O., GOLDWASSER, S., AND MICALI, S. How to construct random functions. Tech. Memo 244, Laboratory for Computer Science, MIT, Cambridge, Mass., Nov. 1983.Google ScholarGoogle Scholar
  15. 15 GOLDREICH, O., GOLDWASSER, S., AND MICALI, S. On the cryptographic applications of random functions. In Advances in Cryptology: Proceedings of Crypto-84. B. Blakely, Ed. Lecture Notes in Computer Science, vol. 196. Springer-Vedag, New York, 1985, pp. 276-288. Google ScholarGoogle Scholar
  16. 16 GOLDWASSER, S. Probabilistic encryption: Theory and applications. Ph.D. dissertation, Dept. of Computer Science, Univ. of California, Berkeley, Calif., 1984. Google ScholarGoogle Scholar
  17. 17 GOLDWASSER, S., MICALI, S., AND RIVEST, R.L. A "paradoxical" signature scheme. In Proceedings of the 25th IEEE Symposium on Foundations of Computer Science. IEEE, New York, 1984, pp. 441-448.Google ScholarGoogle Scholar
  18. 17a GOLDWASSER, A., MICALI, S., AND RIVEST, R. L. A digital signature scheme secure against adaptive chosen method attack. SIAM J. Comput. to appear. Google ScholarGoogle Scholar
  19. 18 GOLDWASSER, S., MICALI, S., AND TONG, P. Why and how to establish a private code on a public network. In Proceedings of the 23rd IEEE Symposium on Foundations of Computer Science. IEEE, New York, 1982, pp. 134-144.Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. 19 HARTMANIS, J. Generalized Kolmogorov complexity and the structure of feasible computations. In Proceedings of the 24th IEEE Symposium on Foundations of Computer Science. IEEE, New York, 1983, pp. 439-445.Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. 20 HASTAD, J., AND SHAMIR, A. The cryptographic security of truncated linearly related variables. In Proceedings of the 17th ACM Symposium on Theory of Computing (Providence, R.I., May 6-8). ACM, New York, 1985, pp. 356-362. Google ScholarGoogle ScholarCross RefCross Ref
  22. 21 KNUTn, D. The Art of Computer Programming: Seminumerical Algorithms, vol. 2. 2nd ed. Addison-Wesley, Reading, Mass. 1981. Google ScholarGoogle Scholar
  23. 22 KOLMOGOROV, A. Three approaches to the concept of "The amount of information," Prob. Inf. Transm. I, l (1965).Google ScholarGoogle Scholar
  24. 23 LAGARIAS, J., AND REEDS, J. Extrapolation of nonlinear recurrences. Submitted for publication.Google ScholarGoogle Scholar
  25. 24 LEVIN, L.A. On the notion of a random sequence. Soy. Math. Dokl. 14, 5 (1973), 1413.Google ScholarGoogle Scholar
  26. 25 LEVlN, L. A. Various measures of complexity for finite objects (axiomatic descriptions). Soy. Math. Dokl. 17, 2 (1976), 522-526.Google ScholarGoogle Scholar
  27. 26 LEVIN, L.A. Randomness conservation inequalities, information and independence in mathematical theories. Inf. Control 61 (1984), 15-37. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. 27 LEVIN, L.A. One-way function and pseudorandom generators. In Proceedings of the 17th ACM Symposium on Theory of Computing (Providence, R.I., May 6-8). ACM, New York, 1985, pp. 363-365. Google ScholarGoogle ScholarCross RefCross Ref
  29. 28 LONG, D. L., AND WIGDERSON, A. How discreet is discrete log? In preparation. A preliminary version appeared in Proceedings of the 15th ACM Symposium on Theory of Computing (Boston, Mass., Apr. 25-27). ACM, New York, 1983, pp. 413-420. Google ScholarGoogle Scholar
  30. 29 Luav, M., AND RACKOFF, C. Pseudo random permutation generators and cryptographic composition. In Proceedings of the 18th ACM Symposium on Theory of Computing (Berkeley, Calif., May 28-30). ACM, New York, 1986, pp. 356-363. Google ScholarGoogle Scholar
  31. 30 MARTIN-LOF, P. The definition of random sequences. Inf. Control 9 (1966), 602-619.Google ScholarGoogle ScholarCross RefCross Ref
  32. 31 PLUMSTEAD, J. Inferring a sequence generated by a linear congruence. In Proceedings of the 23rd IEEE Symposium on Foundations of Computer Science. IEEE, New York, 1982, pp. 153-159.Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. 32 RABIN, M.O. Digitalized signatures and public key functions as intractable as factoring. Tech. Rep. 212, Laboratory for Computer Science, Cambridge, Mass., 1979. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. 33 RIVEST, R., SHAMIR, A., AND ADLEMAN, L. A method for obtaining digital signatures and public key cryptosystems. Commun. ACM, 21, 2 (Feb. 1978), 120-126. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. 34 SCHNORR, C.P. Zufaelligkeit und Wahrscheinlichkeit. Lecture Notes in Mathematics, vol. 218. Springer-Verlag, New York, 197 i.Google ScholarGoogle Scholar
  36. 35 SHAMIR, A. On the generation of cryptographically strong pseudorandom sequences. ACM Trans. Comput. Syst. 1, l (Feb. 1983), 38-44. Google ScholarGoogle Scholar
  37. 36 SIr'SER, M. A complexity theoretic approach to randomness, in Proceedings of the 15th ACM Symposium on Theory of Computing (Boston, Mass., Apr. 25-27). ACM, New York, 1983, 330-335. Google ScholarGoogle Scholar
  38. 37 SOLOMONOFF, R.J. A formal theory of inductive inference. Inf. Control, 7, l (1964), 1-22.Google ScholarGoogle Scholar
  39. 38 WILBER, R.E. Randomness and the density of hard problems. In Proceedings of 24th IEEE Symposium on Foundations of Computer Science. IEEE, New York, 1983, pp. 335-342.Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. 39 VAZIRANI, U. V., AND VAZIRANI, V.V. RSA bits are .732 + ~ secure, tn Advances in Cryptology: Proceedings ofCrypto-83, D. Chaum, Ed. Plenum Press, New York, 1984, pp. 369-375.Google ScholarGoogle Scholar
  41. 40 VAZIRANI, U. V., AND VAZIRANI, V.V. Efficient and secure pseudo-random number generation. In Proceedings of the 25th IEEE Symposium on Foundations of Computer Science. IEEE, New York, 1984, pp. 458-463.Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. 41 YAO, A.C. Theory and applications of trapdoor functions. In Proceedings of the 23rd IEEE Symposium on Foundations of Computer Science. IEEE, New York, 1982, pp 80-9 I.Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. 42 ZVONKIN, A. K., AND LEVIN, L.A. The complexity of finite objects and the algorithmic concepts of randomness and information. UMN (Russian Math. Surveys), 25, 6 (1970), 83-124.Google ScholarGoogle Scholar

Index Terms

  1. How to construct random functions

          Recommendations

          Reviews

          In this paper, the authors have answered a frequently raised question: What is meant by saying that certain functions “behave randomly”__?__ They have presented an efficient way to construct functions that behave randomly, if one-way functions exist. These constructed functions then demonstrated their randomness by various applications. The authors have developed a constructive theory of randomness for functions and presented a pseudorandom function generator. The derivation of these theories was based upon the computational complexity of the functions. This pseudorandom function generator is considered to be a deterministic polynomial-time algorithm that transforms pair ( g,r), where g is any one-way function and r is a random k-bit string, to polynomial-time computable functions: f r: {1, . . . , 2 k}:2WZ{1, . . . ,- 2 k}. These f r's cannot be distinguished from random functions by any probabilistic polynomial-time algorithm that asks and receives the value of a function at arguments of its choice. The applications of the result of these functions are shown in the field of cryptography, random constructions, and complexity theory.

          Access critical reviews of Computing literature here

          Become a reviewer for Computing Reviews.

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in

          Full Access

          • Published in

            cover image Journal of the ACM
            Journal of the ACM  Volume 33, Issue 4
            Oct. 1986
            189 pages
            ISSN:0004-5411
            EISSN:1557-735X
            DOI:10.1145/6490
            Issue’s Table of Contents

            Copyright © 1986 ACM

            Publisher

            Association for Computing Machinery

            New York, NY, United States

            Publication History

            • Published: 10 August 1986
            Published in jacm Volume 33, Issue 4

            Permissions

            Request permissions about this article.

            Request Permissions

            Check for updates

            Qualifiers

            • article

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader
          About Cookies On This Site

          We use cookies to ensure that we give you the best experience on our website.

          Learn more

          Got it!