TY - GEN

T1 - A dichotomy for local small-bias generators

AU - Applebaum, Benny

AU - Bogdanov, Andrej

AU - Rosen, Alon

PY - 2012

Y1 - 2012

N2 - We consider pseudorandom generators in which each output bit depends on a constant number of input bits. Such generators have appealingly simple structure: they can be described by a sparse input-output dependency graph G and a small predicate P that is applied at each output. Following the works of Cryan and Miltersen (MFCS '01) and by Mossel et al (FOCS '03), we ask: which graphs and predicates yield "small-bias" generators (that fool linear distinguishers)? We identify an explicit class of degenerate predicates and prove the following. For most graphs, all non-degenerate predicates yield small-bias generators, , with output length m = n 1 + ε for some constant ε > 0. Conversely, we show that for most graphs, degenerate predicates are not secure against linear distinguishers, even when the output length is linear m = n + Ω(n). Taken together, these results expose a dichotomy: every predicate is either very hard or very easy, in the sense that it either yields a small-bias generator for almost all graphs or fails to do so for almost all graphs. As a secondary contribution, we give evidence in support of the view that small bias is a good measure of pseudorandomness for local functions with large stretch. We do so by demonstrating that resilience to linear distinguishers implies resilience to a larger class of attacks for such functions.

AB - We consider pseudorandom generators in which each output bit depends on a constant number of input bits. Such generators have appealingly simple structure: they can be described by a sparse input-output dependency graph G and a small predicate P that is applied at each output. Following the works of Cryan and Miltersen (MFCS '01) and by Mossel et al (FOCS '03), we ask: which graphs and predicates yield "small-bias" generators (that fool linear distinguishers)? We identify an explicit class of degenerate predicates and prove the following. For most graphs, all non-degenerate predicates yield small-bias generators, , with output length m = n 1 + ε for some constant ε > 0. Conversely, we show that for most graphs, degenerate predicates are not secure against linear distinguishers, even when the output length is linear m = n + Ω(n). Taken together, these results expose a dichotomy: every predicate is either very hard or very easy, in the sense that it either yields a small-bias generator for almost all graphs or fails to do so for almost all graphs. As a secondary contribution, we give evidence in support of the view that small bias is a good measure of pseudorandomness for local functions with large stretch. We do so by demonstrating that resilience to linear distinguishers implies resilience to a larger class of attacks for such functions.

KW - NC0

KW - dichotomy

KW - local functions

KW - small-bias generator

UR - http://www.scopus.com/inward/record.url?scp=84858331162&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-28914-9_34

DO - 10.1007/978-3-642-28914-9_34

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:84858331162

SN - 9783642289132

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 600

EP - 617

BT - Theory of Cryptography - 9th Theory of Cryptography Conference, TCC 2012, Proceedings

Y2 - 19 March 2012 through 21 March 2012

ER -