Results 1  10
of
19
PseudoRandom Generation from OneWay Functions
 PROC. 20TH STOC
, 1988
"... Pseudorandom generators are fundamental to many theoretical and applied aspects of computing. We show howto construct a pseudorandom generator from any oneway function. Since it is easy to construct a oneway function from a pseudorandom generator, this result shows that there is a pseudorandom gene ..."
Abstract

Cited by 729 (21 self)
 Add to MetaCart
Pseudorandom generators are fundamental to many theoretical and applied aspects of computing. We show howto construct a pseudorandom generator from any oneway function. Since it is easy to construct a oneway function from a pseudorandom generator, this result shows that there is a pseudorandom generator iff there is a oneway function.
Hardness vs. randomness
 Journal of Computer and System Sciences
, 1994
"... We present a simple new construction of a pseudorandom bit generator, based on the constant depth generators of [N]. It stretches a short string of truly random bits into a long string that looks random to any algorithm from a complexity class C (eg P, NC, PSPACE,...) using an arbitrary function tha ..."
Abstract

Cited by 291 (30 self)
 Add to MetaCart
We present a simple new construction of a pseudorandom bit generator, based on the constant depth generators of [N]. It stretches a short string of truly random bits into a long string that looks random to any algorithm from a complexity class C (eg P, NC, PSPACE,...) using an arbitrary function that is hard for C. This construction reveals an equivalence between the problem of proving lower bounds and the problem of generating good pseudorandom sequences. Our construction has many consequences. The most direct one is that efficient deterministic simulation of randomized algorithms is possible under much weaker assumptions than previously known. The efficiency ofthe simulations depends on the strength of the assumptions, and may achieve P =BPP. Webelieve that our results are very strong evidence that the gap between randomized and deterministic complexity is not large. Using the known lower bounds for constant depth circuits, our construction yields an unconditionally proven pseudorandom generator for constant depth circuits. As an application of this generator we characterize the power of NP with a random oracle. 1.
BPP has Subexponential Time Simulations unless EXPTIME has Publishable Proofs (Extended Abstract)
, 1993
"... ) L'aszl'o Babai Noam Nisan y Lance Fortnow z Avi Wigderson University of Chicago Hebrew University Abstract We show that BPP can be simulated in subexponential time for infinitely many input lengths unless exponential time ffl collapses to the second level of the polynomialtime hierarchy, ..."
Abstract

Cited by 114 (9 self)
 Add to MetaCart
) L'aszl'o Babai Noam Nisan y Lance Fortnow z Avi Wigderson University of Chicago Hebrew University Abstract We show that BPP can be simulated in subexponential time for infinitely many input lengths unless exponential time ffl collapses to the second level of the polynomialtime hierarchy, ffl has polynomialsize circuits and ffl has publishable proofs (EXPTIME=MA). We also show that BPP is contained in subexponential time unless exponential time has publishable proofs for infinitely many input lengths. In addition, we show BPP can be simulated in subexponential time for infinitely many input lengths unless there exist unary languages in MA n P . The proofs are based on the recent characterization of the power of multiprover interactive protocols and on random selfreducibility via low degree polynomials. They exhibit an interplay between Boolean circuit simulation, interactive proofs and classical complexity classes. An important feature of this proof is that it does not ...
Easiness Assumptions and Hardness Tests: Trading Time for Zero Error
 Journal of Computer and System Sciences
, 2000
"... We propose a new approach towards derandomization in the uniform setting, where it is computationally hard to nd possible mistakes in the simulation of a given probabilistic algorithm. The approach consists in combining both easiness and hardness complexity assumptions: if a derandomization metho ..."
Abstract

Cited by 44 (2 self)
 Add to MetaCart
We propose a new approach towards derandomization in the uniform setting, where it is computationally hard to nd possible mistakes in the simulation of a given probabilistic algorithm. The approach consists in combining both easiness and hardness complexity assumptions: if a derandomization method based on an easiness assumption fails, then we obtain a certain hardness test that can be used to remove error in BPP algorithms. As an application, we prove that every RP algorithm can be simulated by a zeroerror probabilistic algorithm, running in expected subexponential time, that appears correct innitely often (i.o.) to every ecient adversary. A similar result by Impagliazzo and Wigderson (FOCS'98) states that BPP allows deterministic subexponentialtime simulations that appear correct with respect to any eciently sampleable distribution i.o., under the assumption that EXP 6= BPP; in contrast, our result does not rely on any unproven assumptions. As another application of our...
Pseudorandom Generators, Measure Theory, and Natural Proofs
, 1995
"... We prove that if strong pseudorandom number generators exist, then the class of languages that have polynomialsized circuits (P/poly) is not measurable within exponential time, in terms of the resourcebounded measure theory of Lutz. We prove our result by showing that if P/poly has measure zero in ..."
Abstract

Cited by 29 (4 self)
 Add to MetaCart
We prove that if strong pseudorandom number generators exist, then the class of languages that have polynomialsized circuits (P/poly) is not measurable within exponential time, in terms of the resourcebounded measure theory of Lutz. We prove our result by showing that if P/poly has measure zero in exponential time, then there is a natural proof against P/poly, in the terminology of Razborov and Rudich [25]. We also provide a partial converse of this result.
Logics for Reasoning about Cryptographic Constructions
 In Proc. 44th IEEE Symposium on Foundations of Computer Science
, 2003
"... We present two logical systems for reasoning about cryptographic constructions which are sound with respect to standard cryptographic definitions of security. Soundness of the first system is proved using techniques from nonstandard models of arithmetic. Soundness of the second system is proved by ..."
Abstract

Cited by 25 (1 self)
 Add to MetaCart
We present two logical systems for reasoning about cryptographic constructions which are sound with respect to standard cryptographic definitions of security. Soundness of the first system is proved using techniques from nonstandard models of arithmetic. Soundness of the second system is proved by an interpretation into the first system. We also present examples of how these systems may be used to formally prove the correctness of some elementary cryptographic constructions.
On Deterministic Approximation of DNF
 In Proceedings of STOC'91
, 1993
"... We develop efficient deterministic algorithms for approximating the fraction of truth assignments that satisfy a disjunctive normal form formula. Although the algorithms themselves are deterministic, their analysis is probabilistic and uses the notion of limited independence between random variables ..."
Abstract

Cited by 24 (3 self)
 Add to MetaCart
We develop efficient deterministic algorithms for approximating the fraction of truth assignments that satisfy a disjunctive normal form formula. Although the algorithms themselves are deterministic, their analysis is probabilistic and uses the notion of limited independence between random variables. International Computer Science Institute, 1947 Center Street, Berkeley, California 94704 and Computer Science Department, UC Berkeley, research partially supported by NSF operating grant CCR9016468 and by grant No. 8900312 from the United StatesIsrael Binational Science Foundation (BSF), Jerusalem, Israel. y Department of Mathematics, U.C. Berkeley, research partially supported by NSF, research partially done while visiting the International Computer Science Institute ii 1 Introduction Throughout this paper, let F denote a formula in disjunctive normal form (DNF) on n variables with m clauses of length at most t, and let Pr[F ] denote the probability that a random, independent and...
An efficient discrete log pseudo random generator
 Proc. of Crypto '98
, 1998
"... Abstract. The exponentiation function in a finite field of order p (a prime number) is believed to be a oneway function. It is well known that O(log log p) bits are simultaneously hard for this function. We consider a special case of this problem, the discrete logarithm with short exponents, which ..."
Abstract

Cited by 21 (1 self)
 Add to MetaCart
Abstract. The exponentiation function in a finite field of order p (a prime number) is believed to be a oneway function. It is well known that O(log log p) bits are simultaneously hard for this function. We consider a special case of this problem, the discrete logarithm with short exponents, which is also believed to be hard to compute. Under this intractibility assumption we show that discrete exponentiation modulo a prime p can hide n−ω(log n) bits(n=⌈log p ⌉ and p =2q+1, where q is also a prime). We prove simultaneous security by showing that any information about the n − ω(log n) bits can be used to discover the discrete log of g s mod p where s has ω(log n) bits. For all practical purposes, the size of s can be a constant c bits. This leads to a very efficient pseudorandom number generator which produces n − c bits per iteration. For example, when n = 1024 bits and c = 128 bits our pseudorandom number generator produces a little less than 900 bits per exponentiation. 1
Applications of TimeBounded Kolmogorov Complexity in Complexity Theory
 Kolmogorov complexity and computational complexity
, 1992
"... This paper presents one method of using timebounded Kolmogorov complexity as a measure of the complexity of sets, and outlines anumber of applications of this approach to di#erent questions in complexity theory. Connections will be drawn among the following topics: NE predicates, ranking functi ..."
Abstract

Cited by 18 (4 self)
 Add to MetaCart
This paper presents one method of using timebounded Kolmogorov complexity as a measure of the complexity of sets, and outlines anumber of applications of this approach to di#erent questions in complexity theory. Connections will be drawn among the following topics: NE predicates, ranking functions, pseudorandom generators, and hierarchy theorems in circuit complexity.