Average case complete problems
SIAM Journal on Computing
One-way functions and Pseudorandom generators
Combinatorica - Theory of Computing
A hard-core predicate for all one-way functions
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
Small-bias probability spaces: efficient constructions and applications
SIAM Journal on Computing
On the existence of pseudorandom generators
SIAM Journal on Computing
Pseudorandomness for network algorithms
STOC '94 Proceedings of the twenty-sixth annual ACM symposium on Theory of computing
A Pseudorandom Generator from any One-way Function
SIAM Journal on Computing
Foundations of Cryptography: Basic Tools
Foundations of Cryptography: Basic Tools
Pubic Randomness in Cryptography
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Universal classes of hash functions (Extended Abstract)
STOC '77 Proceedings of the ninth annual ACM symposium on Theory of computing
Correcting errors without leaking partial information
Proceedings of the thirty-seventh annual ACM symposium on Theory of computing
Theory and application of trapdoor functions
SFCS '82 Proceedings of the 23rd Annual Symposium on Foundations of Computer Science
Security preserving amplification of hardness
SFCS '90 Proceedings of the 31st Annual Symposium on Foundations of Computer Science
Efficient pseudorandom generators from exponentially hard one-way functions
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
On the power of the randomized iterate
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
Pseudorandom generators from one-way functions: a simple construction for any hardness
TCC'06 Proceedings of the Third conference on Theory of Cryptography
On the Power of the Randomized Iterate
SIAM Journal on Computing
TCC'13 Proceedings of the 10th theory of cryptography conference on Theory of Cryptography
| Hi-index | 0.00 |
Can a one-way function f on n input bits be used with fewer than n bits while retaining comparable hardness of inversion? We show that the answer to this fundamental question is negative, if one is limited black-box reductions. Instead, we ask whether one can save on secret random bits at the expense of more public random bits. Using a shorter secret input is highly desirable, not only because it saves resources, but also because it can yield tighter reductions from higher-level primitives to one-way functions. Our first main result shows that if the number of output elements of f is at most 2k, then a simple construction using pairwise-independent hash functions results in a new one-way function that uses only k secret bits. We also demonstrate that it is not the knowledge of security of f, but rather of its structure, that enables the savings: a black-box reduction cannot, for a general f, reduce the secret-input length, even given the knowledge that security of f is only 2-k; nor can a black-box reduction use fewer than k secret input bits when f has 2k distinct outputs. Our second main result is an application of the public-randomness approach: we show a construction of a pseudorandom generator based on any regular one-way function with output range of known size 2k. The construction requires a seed of only 2n + O(k log k) bits (as opposed to O(n log n) in previous constructions); the savings come from the reusability of public randomness. The secret part of the seed is of length only k (as opposed to n in previous constructions), less than the length of the one-way function input.