, Volume 7, Issue 4, pp 357–363 | Cite as

One way functions and pseudorandom generators

  • Leonid A. Levin


Pseudorandom generators transform in polynomial time a short random “seed” into a long “pseudorandom” string. This string cannot be random in the classical sense of [6], but testing that requires an unrealistic amount of time (say, exhaustive search for the seed). Such pseudorandom generators were first discovered in [2] assuming that the function (a x modb) is one-way, i.e., easy to compute, but hard to invert on a noticeable fraction of instances. In [12] this assumption was generalized to the existence of any one-way permutation. The permutation requirement is sufficient but still very strong. It is unlikely to be proven necessary, unless something crucial, like P=NP, is discovered. Below, among other observations, a weaker assumption about one-way functions is proposed, which is not only sufficient, but also necessary for the existence of pseudorandom generators.


Polynomial Time Hamiltonian Cycle Probabilistic Algorithm Pseudorandom Generator Bell System Technical Journal 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    L. Blum, M. Blum andM. Shub, A Simple Secure Pseudo-Random Number Generator,Advances in Cryptology (ed. D. Chaum, R. L. Rivest and A. T. Sherman), Plenum Press, 1983, 61–78.Google Scholar
  2. [2]
    M. Blum andS. Micali, How to generate Crytographically Strong Sequences of Pseudo Random Bits,FOCS Symp. Proc. (1982);SIAM J. on Computing,13 (1984), 850–864.zbMATHCrossRefMathSciNetGoogle Scholar
  3. [3]
    O. Goldreich, S. Goldwasser andS. Micali, How to Construct Random Functions,Proc. 25th Symp. on Foundations of Computer Science (1984);SIAM J. on Computing,13 (1984), 850–864.CrossRefGoogle Scholar
  4. [4]
    S. Goldwasser,Probabilistic Encryption: Theory and Applications, Ph. D. Dissert, University of California at Berkeley (1984), Section 4.2.3.Google Scholar
  5. [5]
    J. Justesen, A class of constructive, asymptotically-good, algebraic codes,IEEE Trans. Inform. Theory,IT-18, 5, (1972), 652–656.CrossRefMathSciNetGoogle Scholar
  6. [6]
    A. N. Kolmogorov, Three Approaches to the Concept of the Amount of Information,Probl. Inf. Transm. (1965), 1/1.Google Scholar
  7. [7]
    L. Levin, Average Case Complete Problems,SIAM J. Comput. (1986), 285–286.Google Scholar
  8. [8]
    L. Levin, Randomness Conservation Inequalities,Information and Control 61 (1984), section 1.3; In less detail in Theorem 2 of Universal Sequential Search Problems,Probl. Inf. Transm. 9 (1973).Google Scholar
  9. [9]
    C. Rackoff, Personal communication, (1985).Google Scholar
  10. [10]
    A. Shamir, On the Generation of Cryptographically Strong Pseudo-Random Sequences,ACM Trans. on Comp. Syst. 1, (1983), 38–44.CrossRefGoogle Scholar
  11. [11]
    A. D. Wyner, The wire-tap channel,Bell System Technical Journal 54, (1975), 1355–1387.MathSciNetGoogle Scholar
  12. [12]
    A. C. Yao, Theory and Applications of Trapdoor Functions,Proc. 23rd IEEE Symp. on Foundations of Computer Science (1982), 80–91.Google Scholar

Copyright information

© Akadémiai Kiadó 1987

Authors and Affiliations

  • Leonid A. Levin
    • 1
  1. 1.Massachusets Institute of TechnologyBoston UniversityUSA

Personalised recommendations