Pseudorandom generators with optimal seed length for non-boolean poly-size circuits

Proceedings of the forty-sixth annual ACM symposium on Theory of computing Pub Date : 2014-05-31 DOI:10.1145/2591796.2591846

Sergei Artemenko, Ronen Shaltiel

{"title":"Pseudorandom generators with optimal seed length for non-boolean poly-size circuits","authors":"Sergei Artemenko, Ronen Shaltiel","doi":"10.1145/2591796.2591846","DOIUrl":null,"url":null,"abstract":"A sampling procedure for a distribution P over {0, 1}ℓ, is a function C: {0, 1}n → {0, 1}ℓ such that the distribution C(Un) (obtained by applying C on the uniform distribution Un) is the \"desired distribution\" P. Let n > r ≥ ℓ = nΩ(1). An nb-PRG (defined by Dubrov and Ishai (STOC 2006)) is a function G: {0, 1}r → {0, 1}n such that for every C: {0, 1}n → {0, 1}ℓ in some class of \"interesting sampling procedures\", C' (Ur) = C(G(Ur)) is close to C(Un) in statistical distance. We construct poly-time computable nb-PRGs with r = O(ℓ) (which is best possible) for poly-size circuits. Previous nb-PRGs of Dubrov and Ishai have r = Ω(ℓ2). We rely on the assumption that: there exists β > 0, and a problem L in E = DTIME(2O(n)) such that for every large enough n, nondeterministic circuits of size 2βn that have NP-gates cannot solve L on inputs of length n. This assumption is a scaled nonuniform analogue of (the widely believed) EXP ≠ ΣP2, and similar assumptions appear in various contexts in derandomization. The nb-PRGs of Dubrov and Ishai are based on very strong cryptographic assumptions, or alternatively, on non-standard assumptions regarding incompressibility of functions on random inputs. When restricting to poly-size circuits C: {0, 1}n → {0, 1}ℓ with Shannon entropy H(C(Un)) ≤ k, for ℓ > k = nΩ(1), our nb-PRGs have r = O(k) which is best possible. The nb-PRGs of Dubrov and Ishai use seed length r = Ω(k2) and require that the probability distribution of C(Un) is efficiently computable. Our nb-PRGs follow from a notion of \"conditional PRGs\" which may be of independent interest. These are PRGs where G(Ur) remains pseudorandom even when conditioned on a \"large\" event {A(G(Ur)) = 1}, for an arbitrary polysize circuit A. A related notion was considered by Shaltiel and Umans (CCC 2005) in a different setup, and our proofs use ideas from that paper, as well as ideas of Dubrov and Ishai. We also give an unconditional construction of a poly-time computable nb-PRGs for poly(n)-size, depth d circuits C: {0, 1}n → {0, 1}ℓ with r = O(ℓ · logd+O(1)n). This improves upon the previous work of Dubrov and Ishai that has r ≥ ℓ2. Our nb-PRGs can be implemented by a uniform family of poly-size constant depth circuits (with slightly larger, but still almost linear seed length). The nb-PRG of Dubrov and Ishai computes large parities and cannot be computed in poly-size and constant depth. This result follows by adapting a recent PRG construction of Trevisan and Xue (CCC 2013) to the case of nb-PRGs, and implementing it by constant-depth circuits.","PeriodicalId":123501,"journal":{"name":"Proceedings of the forty-sixth annual ACM symposium on Theory of computing","volume":"20 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-05-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the forty-sixth annual ACM symposium on Theory of computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2591796.2591846","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

A sampling procedure for a distribution P over {0, 1}ℓ, is a function C: {0, 1}n → {0, 1}ℓ such that the distribution C(Un) (obtained by applying C on the uniform distribution Un) is the "desired distribution" P. Let n > r ≥ ℓ = nΩ(1). An nb-PRG (defined by Dubrov and Ishai (STOC 2006)) is a function G: {0, 1}r → {0, 1}n such that for every C: {0, 1}n → {0, 1}ℓ in some class of "interesting sampling procedures", C' (Ur) = C(G(Ur)) is close to C(Un) in statistical distance. We construct poly-time computable nb-PRGs with r = O(ℓ) (which is best possible) for poly-size circuits. Previous nb-PRGs of Dubrov and Ishai have r = Ω(ℓ2). We rely on the assumption that: there exists β > 0, and a problem L in E = DTIME(2O(n)) such that for every large enough n, nondeterministic circuits of size 2βn that have NP-gates cannot solve L on inputs of length n. This assumption is a scaled nonuniform analogue of (the widely believed) EXP ≠ ΣP2, and similar assumptions appear in various contexts in derandomization. The nb-PRGs of Dubrov and Ishai are based on very strong cryptographic assumptions, or alternatively, on non-standard assumptions regarding incompressibility of functions on random inputs. When restricting to poly-size circuits C: {0, 1}n → {0, 1}ℓ with Shannon entropy H(C(Un)) ≤ k, for ℓ > k = nΩ(1), our nb-PRGs have r = O(k) which is best possible. The nb-PRGs of Dubrov and Ishai use seed length r = Ω(k2) and require that the probability distribution of C(Un) is efficiently computable. Our nb-PRGs follow from a notion of "conditional PRGs" which may be of independent interest. These are PRGs where G(Ur) remains pseudorandom even when conditioned on a "large" event {A(G(Ur)) = 1}, for an arbitrary polysize circuit A. A related notion was considered by Shaltiel and Umans (CCC 2005) in a different setup, and our proofs use ideas from that paper, as well as ideas of Dubrov and Ishai. We also give an unconditional construction of a poly-time computable nb-PRGs for poly(n)-size, depth d circuits C: {0, 1}n → {0, 1}ℓ with r = O(ℓ · logd+O(1)n). This improves upon the previous work of Dubrov and Ishai that has r ≥ ℓ2. Our nb-PRGs can be implemented by a uniform family of poly-size constant depth circuits (with slightly larger, but still almost linear seed length). The nb-PRG of Dubrov and Ishai computes large parities and cannot be computed in poly-size and constant depth. This result follows by adapting a recent PRG construction of Trevisan and Xue (CCC 2013) to the case of nb-PRGs, and implementing it by constant-depth circuits.

查看原文本刊更多论文

具有最优种子长度的非布尔多尺寸电路伪随机发生器

对于分布P /{0,1}，一个抽样过程是一个函数C: {0,1}n→{0,1}，使得分布C(Un)(由C作用于均匀分布Un得到)是“期望分布”P，设n > r≥r = nΩ(1)。一个nb-PRG(由Dubrov和Ishai (STOC 2006)定义)是一个函数G: {0,1}r→{0,1}n，使得在某一类“有趣的抽样过程”中，对于每一个C: {0,1}n→{0,1}n, C' (Ur) = C(G(Ur))在统计距离上接近C(Un)。我们构造了具有r = O(r)(这是最佳可能)的多时可计算nb-PRGs。Dubrov和Ishai先前的nb-PRGs的r = Ω(l2)。我们依赖于这样的假设:存在β > 0，并且E = DTIME(2O(n))中的问题L使得对于每一个足够大的n，具有np门的大小为2βn的不确定性电路不能在长度为n的输入上求解L。这个假设是(广泛认为的)EXP≠ΣP2的缩放非均匀模拟，类似的假设出现在非随机化的各种情况下。Dubrov和Ishai的nb-PRGs基于非常强的密码学假设，或者基于关于随机输入上函数不可压缩性的非标准假设。当约束于多尺度电路C: {0,1}n→{0,1}r且香农熵H(C(Un))≤k时，当r > k = nΩ(1)时，我们的nb-PRGs的r = O(k)是最优的。Dubrov和Ishai的nb-PRGs使用种子长度r = Ω(k2)，并要求C(Un)的概率分布是可有效计算的。我们的nb-PRGs遵循“有条件PRGs”的概念，这可能是独立的兴趣。这些是prg，其中G(Ur)即使在“大”事件{a (G(Ur)) = 1}的条件下仍然是伪随机的，对于任意多尺寸电路a, Shaltiel和human (CCC 2005)在不同的设置中考虑了一个相关的概念，我们的证明使用了该论文中的思想，以及Dubrov和Ishai的思想。对于poly(n)-size, depth d电路C: {0,1}n→{0,1}r, r = O(r·logd+O(1)n)，我们也给出了一个多时间可计算nb-PRGs的无条件构造。这改进了Dubrov和Ishai先前的r≥2的工作。我们的nb-PRGs可以通过一组统一的多径等深度电路(种子长度略大，但仍然几乎是线性的)来实现。Dubrov和Ishai的nb-PRG计算的是大对，不能在多聚体大小和恒定深度下计算。这一结果是通过将Trevisan和Xue (CCC 2013)最近的PRG构建适应nb-PRG的情况，并通过定深电路实现的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the forty-sixth annual ACM symposium on Theory of computing

自引率

0.00%

发文量