TY - GEN
T1 - Computational randomness from generalized hardcore sets
AU - Lee, Chia Jung
AU - Lu, Chi Jen
AU - Tsai, Shi-Chun
PY - 2011
Y1 - 2011
N2 - The seminal hardcore lemma of Impagliazzo states that for any mildly-hard Boolean function f, there is a subset of input, called the hardcore set, on which the function is extremely hard, almost as hard as a random Boolean function. This implies that the output distribution of f given a random input looks like a distribution with some statistical randomness. Can we have something similar for hard functions with several output bits? Can we say that the output distribution of such a general function given a random input looks like a distribution containing several bits of randomness? If so, one can simply apply any statistical extractor to extract computational randomness from the output of f. However, the conventional wisdom tells us to apply extractors with some additional reconstruction property, instead of just any extractor. Does this mean that there is no analogous hardcore lemma for general functions? We show that a general hard function does indeed have some kind of hardcore set, but it comes with the price of a security loss which is proportional to the number of output values. More precisely, consider a hard function f : {0, 1}n → [V] = {1,...,V} such that any circuit of size s can only compute f correctly on at most 1/L(1 - γ) fraction of inputs, for some L ∈ [1,V - 1] and γ ∈ (0,1). Then we show that for some I ⊆ [V] with |I| = L + 1, there exists a hardcore set HI ⊆ f -1(I) with density γ/(L+1V such that any circuit of some size s′ can only compute f correctly on at most 1+ε/L+1 fraction of inputs in HI. Here, s′ is smaller than s by some poly(V,1/ε,log(1/γ)) factor, which results in a security loss of such a factor. We show that it is basically impossible to guarantee a much larger hardcore set or a much smaller security loss. Finally, we show how our hardcore lemma can be used for extracting computational randomness from general hard functions.
AB - The seminal hardcore lemma of Impagliazzo states that for any mildly-hard Boolean function f, there is a subset of input, called the hardcore set, on which the function is extremely hard, almost as hard as a random Boolean function. This implies that the output distribution of f given a random input looks like a distribution with some statistical randomness. Can we have something similar for hard functions with several output bits? Can we say that the output distribution of such a general function given a random input looks like a distribution containing several bits of randomness? If so, one can simply apply any statistical extractor to extract computational randomness from the output of f. However, the conventional wisdom tells us to apply extractors with some additional reconstruction property, instead of just any extractor. Does this mean that there is no analogous hardcore lemma for general functions? We show that a general hard function does indeed have some kind of hardcore set, but it comes with the price of a security loss which is proportional to the number of output values. More precisely, consider a hard function f : {0, 1}n → [V] = {1,...,V} such that any circuit of size s can only compute f correctly on at most 1/L(1 - γ) fraction of inputs, for some L ∈ [1,V - 1] and γ ∈ (0,1). Then we show that for some I ⊆ [V] with |I| = L + 1, there exists a hardcore set HI ⊆ f -1(I) with density γ/(L+1V such that any circuit of some size s′ can only compute f correctly on at most 1+ε/L+1 fraction of inputs in HI. Here, s′ is smaller than s by some poly(V,1/ε,log(1/γ)) factor, which results in a security loss of such a factor. We show that it is basically impossible to guarantee a much larger hardcore set or a much smaller security loss. Finally, we show how our hardcore lemma can be used for extracting computational randomness from general hard functions.
UR - http://www.scopus.com/inward/record.url?scp=80052420854&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-22953-4_7
DO - 10.1007/978-3-642-22953-4_7
M3 - Conference contribution
AN - SCOPUS:80052420854
SN - 9783642229527
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 78
EP - 89
BT - Fundamentals of Computation Theory - 18th International Symposium, FCT 2011, Proceedings
T2 - 18th International Symposium on Fundamentals of Computation Theory, FCT 2011
Y2 - 22 August 2011 through 25 August 2011
ER -