ScholarlyCommons

Title

On ε-biased generators in NC⁰

Author(s)

Elchanan Mossel, University of Pennsylvania
Amir Shpilka
Luca Trevisan

Document Type

Journal Article

Date of this Version

8-2006

Publication Source

Random Structures & Algorithms

Volume

29

Issue

1

Start Page

56

Last Page

81

DOI

10.1002/rsa.20112

Abstract

Cryan and Miltersen (Proceedings of the 26th Mathematical Foundations of Computer Science, 2001, pp. 272–284) recently considered the question of whether there can be a pseudorandom generator in NC⁰, that is, a pseudorandom generator that maps n-bit strings to m-bit strings such that every bit of the output depends on a constant number k of bits of the seed.

They show that for k = 3, if m ≥ 4n + 1, there is a distinguisher; in fact, they show that in this case it is possible to break the generator with a linear test, that is, there is a subset of bits of the output whose XOR has a noticeable bias.

They leave the question open for k ≥ 4. In fact, they ask whether every NC⁰ generator can be broken by a statistical test that simply XORs some bits of the input. Equivalently, is it the case that no NC⁰ generator can sample an ε-biased space with negligible ε?

We give a generator for k = 5 that maps n bits into cn bits, so that every bit of the output depends on 5 bits of the seed, and the XOR of every subset of the bits of the output has bias 2. For large values of k, we construct generators that map n bits to bits such that every XOR of outputs has bias .

We also present a polynomial-time distinguisher for k = 4,m ≥ 24n having constant distinguishing probability. For large values of k we show that a linear distinguisher with a constant distinguishing probability exists once m ≥ Ω(2^kn^⌈k/2⌉).

Finally, we consider a variant of the problem where each of the output bits is a degree k polynomial in the inputs. We show there exists a degree k = 2 pseudorandom generator for which the XOR of every subset of the outputs has bias 2^−Ω(n) and which maps n bits to Ω(n²) bits.

Copyright/Permission Statement

This is the peer reviewed version of the following article: Mossel, E., Shpilka, A. and Trevisan, L. (2006), On ε-biased generators in NC⁰. Random Struct. Alg., 29: 56–81., which has been published in final form at doi: 10.1002/rsa.20112. This article may be used for non-commercial purposes in accordance with Wiley Terms and Conditions for Self-Archiving http://olabout.wiley.com/WileyCDA/Section/id-820227.html#terms.

Recommended Citation

Mossel, E., Shpilka, A., & Trevisan, L. (2006). On ε-biased generators in NC⁰. Random Structures & Algorithms, 29 (1), 56-81. http://dx.doi.org/10.1002/rsa.20112