Ronen Shaltiel
Abstract
A “randomness extractor” is an algorithm that given a sample from a distribution with sufficiently high min-entropy and a short random seed produces an output that is statistically indistinguishable from uniform. (Min-entropy is a measure of the amount of randomness in a distribution.) We present a simple, self-contained extractor construction that produces good extractors for all min-entropies. Our construction is algebraic and builds on a new polynomial-based approach introduced by Ta-Shma et al. [2001b]. Using our improvements, we obtain, for example, an extractor with output length m = k/(log n)O(1/α) and seed length (1 + α)log n for an arbitrary 0 < α ≤ 1, where n is the input length, and k is the min-entropy of the input distribution.A “pseudorandom generator” is an algorithm that given a short random seed produces a long output that is computationally indistinguishable from uniform. Our technique also gives a new way to construct pseudorandom generators from functions that require large circuits. Our pseudorandom generator construction is not based on the Nisan-Wigderson generator [Nisan and Wigderson 1994], and turns worst-case hardness directly into pseudorandomness. The parameters of our generator match those in Impagliazzo and Wigderson [1997] and Sudan et al. [2001] and in particular are strong enough to obtain a new proof that P = BPP if E requires exponential size circuits.Our construction also gives the following improvements over previous work:---We construct an optimal “hitting set generator” that stretches O(log n) random bits into sΩ(1) pseudorandom bits when given a function on log n bits that requires circuits of size s. This yields a quantitatively optimal hardness versus randomness tradeoff for both RP and BPP and solves an open problem raised in Impagliazzo et al. [1999].---We give the first construction of pseudorandom generators that fool nondeterministic circuits when given a function that requires large nondeterministic circuits. This technique also give a quantitatively optimal hardness versus randomness tradeoff for AM and the first hardness amplification result for nondeterministic circuits.
- Andreev, A. E., Clementi, A. E. F., and Rolim, J. D. P. 1998. A new general derandomization method. J. Assoc. Comput. Mach. 45, 1 (Jan.), 179--213. Google Scholar
Digital Library
- Andreev, A. E., Clementi, A. E. F., Rolim, J. D. P., and Trevisan, L. 1999. Weak random sources, hitting sets, and BPP simulations. SIAM J. Comput. 28, 6. Google ScholarDigital Library
- Arvind, V., and Köbler, J. 1997. On resource-bounded measure and pseudorandomness. In Proceedings of the 17th Conference on Foundations of Software Technology and Theoretical Computer Science. 235--249. Google ScholarDigital Library
- Babai, L. 1985. Trading group theory for randomness. In Proceedings of the 17th Annual ACM Symposium on Theory of Computing. Google ScholarDigital Library
- Babai, L., Fortnow, L., Nisan, N., and Wigderson, A. 1993. BPP has subexponential time simulations unless EXPTIME has publishable proofs. Computat. Complex. 3, 4, 307--318. Google ScholarDigital Library
- Babai, L., and Moran, S. 1988. Arthur-merlin games: A randomized proof system and a hierarchy of complexity classes. J. Comput. Syst. Sci. 36, 254--276. Google ScholarDigital Library
- Bellare, M., and Rompel, J. 1994. Randomness-efficient oblivious sampling. In Proceedings of the 35th Annual IEEE Symposium on Foundations of Computer Science.Google Scholar
- Blum, M., and Micali, S. 1984. How to generate cryptographically strong sequences of pseudo-random bits. SIAM J. Comput. 13, 4, 850--864. Google ScholarDigital Library
- Buhrman, H., and Fortnow, L. 1999. One-sided versus two-sided error in probabilistic computation. In Proceedings of the 16th Annual Symposium on Theoretical Aspects of Computer Science. Google ScholarDigital Library
- Furer, M., Goldreich, O., Mansour, Y., Sipser, M., and Zachos, S. 1989. On completeness and soundness in interactive proof systems. In Randomness and Computation, S. Micali, Ed. Advances in Computing Research, vol. 5, JAI Press, Greenwich, CT, 429--442.Google Scholar
- Goldereich, O., and Levin, L. A. 1989. A hard-core predicate for all one-way functions. In Proceedings of the 21st Annual ACM Symposium on Theory of Computing. 25--32. Google ScholarDigital Library
- Goldreich, O. 1998. Modern Cryptography, Probabilistic Proofs and Pseudorandomness. Algorithms and Combinatorics Series, Springer-Verlag, Berlin, Germany. Google ScholarDigital Library
- Goldreich, O., Vadhan, S., and Wigderson, A. 2000. Simplified derandomization of BPP using a hitting set generator. Tech. Rep. TR00-004. Electronic Colloquium on Computational Complexity. Go to Web site www.eccc.uni-trier.de/eccc.Google Scholar
- Goldreich, O., and Zuckerman, D. 1997. Another proof that BPP subseteq PH (and more). Tech. Rep. TR97-045. Electronic Colloquium on Computational Complexity. Go to Web site www.eccc.uni-trier.de/eccc.Google Scholar
- Goldwasser, S., Micali, S., and Rackoff, C. 1989. The knowledge complexity of interactive proof systems. SIAM J. Comput. 18, 1, 186--208. Google ScholarDigital Library
- Guruswami, V., and Sudan, M. 2000. List decoding algorithms for certain concatenated codes. In Proceedings of the 32nd Annual ACM Symposium on Theory of Computing. Google ScholarDigital Library
- Guruswami, V., and Sudan, M. 2001. Extensions to the Johnson bound. Unpublished Manuscript.Google Scholar
- Impagliazzo, R. 1995. Hard-core distributions for somewhat hard problems. In Proceedings of the 36th Annual IEEE Symposium on Foundations of Computer Science. 538--545. Google ScholarDigital Library
- Impagliazzo, R., Shaltiel, R., and Wigderson, A. 1999. Near-optimal conversion of hardness into pseudo-randomness. In Proceedings of the 40th Annual IEEE Symposium on Foundations of Computer Science. 181--190. Google ScholarDigital Library
- Impagliazzo, R., Shaltiel, R., and Wigderson, A. 2003. Reducing the seed length in the Nisan-Wigderson generator. Unpublished manuscript. A preliminary version appeared in Proceedings of the 32nd Annual ACM Symposium on Theory of Computing, pp. 1--10, under the title “Extractors and Pseudorandom Generators with Optimal Seed Length.” Google ScholarDigital Library
- Impagliazzo, R., and Wigderson, A. 1997. P = BPP if E requires exponential circuits: Derandomizing the XOR lemma. In Proceedings of the 29th Annual ACM Symposium on Theory of Computing. 220--229. Google ScholarDigital Library
- Kabanets, V. 2002. Derandomization: A brief overview. Bullet. European Assoc. Theoret. Comput. Sci. 76, 88--103.Google Scholar
- Klivans, A. R., and van Melkebeek, D. 2002. Graph nonisomorphism has subexponential size proofs unless the polynomial-time hierarchy collapses. SIAM J. Comput. 31, 1501--1526. Google ScholarDigital Library
- Lu, C. J., Reingold, O., Vadhan, S., and Wigderson, A. 2003. Extractors: Optimal up to constant factors. In Proceedings of the 35th Annual ACM Symposium on Theory of Computing. Google ScholarDigital Library
- Miltersen, P. B., and Vinodchandran, N. V. 1999. Derandomizing Arthur-Merlin games using hitting sets. In Proceedings of the 40th Annual IEEE Symposium on Foundations of Computer Science. 71--80. Google ScholarDigital Library
- Nisan, N., and Ta-Shma, A. 1999. Extracting randomness: A survey and new constructions. J. Comput. Syst. Sci. 58, 148--173. Google ScholarDigital Library
- Nisan, N., and Wigderson, A. 1994. Hardness vs randomness. J. Comput. Syst. Sci. 49, 2, 149--167. Google ScholarDigital Library
- Nisan, N., and Zuckerman, D. 1996. Randomness is linear in space. J. Comput. Syst. Sci. 52, 1, 43--52. Google ScholarDigital Library
- Radhakrishnan, J., and Ta-Shma, A. 2000. Bounds for dispersers, extractors, and depth-two superconcentrators. SIAM J. Discrete Math. 13, 1 (Feb.), 2--24. Google ScholarDigital Library
- Raz, R., Reingold, O., and Vadhan, S. 1999. Error reduction for extractors. In Proceedings of the 40th Annual IEEE Symposium on Foundations of Computer Science. Google ScholarDigital Library
- Raz, R., Reingold, O., and Vadhan, S. 2002. Extracting all the randomness and reducing the error in Trevisan's extractors. J. Comput. Syst. Sci. 65, 97--128. Google ScholarDigital Library
- Reingold, O., Shaltiel, R., and Wigderson, A. 2000. Extracting randomness via repeated condensing. In Proceedings of the 41st Annual IEEE Symposium on Foundations of Computer Science. Google ScholarDigital Library
- Russell, A., and Zuckerman, D. 2001. Perfect information leader election in log* n + O(1) rounds. J. Comput. Syst. Sci. 63, 4, 612--626. Google ScholarDigital Library
- Shaltiel, R. 2002. Recent developments in explicit constructions of extractors. Bull. EATCS 77, 67--95.Google Scholar
- Shaltiel, R., and Umans, C. 2004. Pseudorandomness for approximate counting and sampling. Tech. Rep. TR04-086. Electronic Colloquium on Computational Complexity. Go to Web site www.eccc.uni-trier.de/eccc.Google Scholar
- Shoup, V. 1990. New algorithms for finding irreducible polynomials over finite fields. Math. Computat. 54, 435--447.Google ScholarCross Ref
- Shoup, V. 1992. Searching for primitive roots in finite fields. Math. Computat. 58, 369--380.Google ScholarCross Ref
- Shparlinski, I. 1996. On finding primitive roots in finite fields. Theoret. Comput. Sci. 157, 273--275. Google ScholarDigital Library
- Sipser, M. 1988. Expanders, randomness, or time versus space. J. Comput. Syst. Sci. 36, 3, 379--383. Google ScholarDigital Library
- Srinivasan, A., and Zuckerman, D. 1999. Computing with very weak random sources. SIAM J. Comput. 28, 4 (Aug.), 1433--1459. Google ScholarDigital Library
- Sudan, M. 1997. Decoding of Reed Solomon codes beyond the error-correction bound. J. Complex. 13, 180--193. Google ScholarDigital Library
- Sudan, M., Trevisan, L., and Vadhan, S. 2001. Pseudorandom generators without the XOR lemma. J. Comput. Syst. Sci. 62, 236--266. Google ScholarDigital Library
- Ta-Shma, A. 1996. On extracting randomness from weak random sources. In Proceedings of the 28th Annual ACM Symposium on Theory of Computing. 276--285. Google ScholarDigital Library
- Ta-Shma, A., Umans, C., and Zuckerman, D. 2001a. Loss-less condensers, unbalanced expanders, and extractors. In Proceedings of the 33rd Annual ACM Symposium on Theory of Computing. 143--152. Google ScholarDigital Library
- Ta-Shma, A., and Zuckerman, D. 2004. Extractor codes. IEEE Trans. Inform. Theor. 50, 12 (Dec.), 3015--3025. Google ScholarDigital Library
- Ta-Shma, A., Zuckerman, D., and Safra, S. 2001b. Extractors from Reed-Muller codes. In Proceedings of the 42nd Annual IEEE Symposium on Foundations of Computer Science. IEEE. Google ScholarDigital Library
- Trevisan, L. 2002. Extractors and pseudorandom generators. J. Assoc. Comput. Mach. 48, 4, 860--879. Google ScholarDigital Library
- Umans, C. 1999. Hardness of approximating &Sigma2p minimization problems. In Proceedings of the 40th Annual IEEE Symposium on Foundations of Computer Science. 465--474. Google ScholarDigital Library
- Umans, C. 2002. Pseudo-random generators for all hardnesses. In Proceedings of the 34th Annual ACM Symposium on Theory of Computing. 627--634. Google ScholarDigital Library
- Wigderson, A., and Zuckerman, D. 1999. Expanders that beat the eigenvalue bound: Explicit construction and applications. Combinatorica 19, 1, 125--138.Google ScholarCross Ref
- Yao, A. C. 1982. Theory and applications of trapdoor functions. In Proceedings of the 23rd Annual IEEE Symposium on Foundations of Computer Science. 80--91.Google ScholarDigital Library
- Zuckerman, D. 1996. On unapproximable versions of NP-complete problems. SIAM J. Comput. 25, 1293--1304. Google ScholarDigital Library
- Zuckerman, D. 1997. Randomness-optimal oblivious sampling. Random Struct. Algorithms 11, 345--367. Google ScholarDigital Library
Index Terms
- Simple extractors for all min-entropies and a new pseudorandom generator
Recommendations
Extractors and pseudorandom generators
We introduce a new approach to constructing extractors. Extractors are algorithms that transform a “weakly random” distribution into an almost uniform distribution. Explicit constructions of extractors have a variety of important applications, and tend ...
Simple extractors via constructions of cryptographic pseudo-random generators
Trevisan has shown that constructions of pseudo-random generators from hard functions (the Nisan-Wigderson approach) also produce extractors. We show that constructions of pseudo-random generators from one-way permutations (the Blum-Micali-Yao approach) ...
Simple Extractors for All Min-Entropies and a New Pseudo-Random Generator
FOCS '01: Proceedings of the 42nd IEEE symposium on Foundations of Computer ScienceWe present a simple, self-contained extractor construction that produces good extractors for all min-entropies (min-entropy measures the amount of randomness contained in a weak random source). Our construction is algebraic and builds on a new ...
Reviews
Bruce E. Litow
This paper continues an investigation into constructions of extractors and pseudorandom number generators (PNGs). The authors present a simple GF ( q )[ x ] polynomial-based unified approach to producing extractors and PNGs. An extractor is a deterministic method that takes a random string of length t , and an n -bit string sampled from an arbitrary, but min- k , entropy distribution, and yields an m -bit string that is statistically close to a random string. Here, t << n and m >> t . Research focuses on quantitative asymptotic bounds for m in terms of k , t , n , and closeness. A PNG takes a random t -bit string and produces a pseudorandom string (for example, one that is suitable for use in randomized algorithms). The paper builds on GF ( q )[ x ] methods, and lists decoding results by using the multiplicative structure (rather than the additive structure) GF ( q ), and using sample points from random curves in GF ( q ). Previous related work used additive GF ( q ) structure and random lines. Results, and a detailed comparison of both methods, are presented in a somewhat long, but well-written, exposition. Online Computing Reviews Service
Access critical reviews of Computing literature here
Become a reviewer for Computing Reviews.
Comments