On linear-size pseudorandom generators and hardcore functions

Abstract

We consider the question of constructing pseudorandom generators that simultaneously have linear circuit complexity (in the output length), exponential security (in the seed length), and a large stretch (linear or polynomial in the seed length). We refer to such a pseudorandom generator as an asymptotically optimal PRG. We present a simple construction of an asymptotically optimal PRG from any one-way function $f:{\{0,1\}}^n\to {\{0,1\}}^n$ which satisfies the following requirements:

• f can be computed by linear-size circuits;

• f is $2^{\beta n}$-hard to invert, for some constant $\beta >0$;

• f either has high entropy, in the sense that the min-entropy of $f(x)$ on a random input x is at least γn where $\beta /3+\gamma >1$, or alternatively it is regular in the sense that the preimage size of every output of f is fixed.

Known constructions of PRGs from one-way functions can do without the entropy or regularity requirements, but they achieve slightly sub-exponential security (Vadhan and Zheng (2012) [27]).

Our construction relies on a technical result about hardcore functions that may be of independent interest. We obtain a family of hardcore functions $\mathcal{H}=\{h:{\{0,1\}}^n\to {\{0,1\}}^{\alpha n}\}$ that can be computed by linear-size circuits for any $2^{\beta n}$-hard one-way function $f:{\{0,1\}}^n\to {\{0,1\}}^n$ where $\beta >3\alpha$. Our construction of asymptotically optimal PRGs uses such hardcore functions, which are obtained via linear-size computable affine hash functions (Ishai et al. (2008) [24]).