On the Security of Goldreich’s One-Way Function

  • Andrej Bogdanov
  • Youming Qiao
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5687)


Goldreich (ECCC 2000) suggested a simple construction of a candidate one-way function f: {0,1} n  → {0,1} m where each bit of output is a fixed predicate P of a constant number d of (random) input bits. We investigate the security of this construction in the regime m = Dn, where D(d) is a sufficiently large constant. We prove that for any predicate P that correlates with either one or two of its variables, f can be inverted with high probability.

We also prove an amplification claim regarding Goldreich’s construction. Suppose we are given an assignment x′ ∈ {0,1} n that has correlation ε > 0 with the hidden assignment x ∈ {0,1} n . Then, given access to x′, it is possible to invert f on x with high probability, provided D = D(d, ε) is sufficiently large.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [AIK04]
    Applebaum, B., Ishai, Y., Kushilevitz, E.: Cryptography in NC0. In: Proceedings of the 45th Annual Symposium on Foundations of Computer Science, pp. 166–175 (2004)Google Scholar
  2. [AIK06]
    Applebaum, B., Ishai, Y., Kushilevitz, E.: On pseudorandom generators with linear stretch in NC0. In: Díaz, J., Jansen, K., Rolim, J.D.P., Zwick, U. (eds.) APPROX 2006 and RANDOM 2006. LNCS, vol. 4110, pp. 260–271. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  3. [Bra09]
    Braverman, M.: Polylogarithmic independence fools AC0. Technical Report TR09-011, Electronic Colloquium on Computational Complexity (ECCC) (2009)Google Scholar
  4. [CEMT09]
    Cook, J., Etesami, O., Miller, R., Trevisan, L.: Goldreich’s one-way function candidate and myopic backtracking algorithms. In: Proceedings of the 6th Theory of Cryptography Conference (TCC), pp. 521–538 (2009)Google Scholar
  5. [Coj06]
    Coja-Oghlan, A.: An adaptive spectral heuristic for partitioning random graphs. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4051, pp. 691–702. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  6. [Fla03]
    Flaxman, A.: A spectral technique for random satisfiable 3CNF formulas. In: SODA 2003: Proceedings of the fourteenth annual ACM-SIAM symposium on Discrete algorithms, Baltimore, Maryland, pp. 357–363 (2003)Google Scholar
  7. [Gol00]
    Goldreich, O.: Candidate one-way functions based on expander graphs. Technical Report TR00-090, Electronic Colloquium on Computational Complexity (ECCC) (2000)Google Scholar
  8. [KV06]
    Krivelevich, M., Vilenchik, D.: Solving random satisfiable 3CNF formulas in expected polynomial time. In: SODA 2006: Proceedings of the seventeenth annual ACM-SIAM symposium on discrete algorithms, pp. 454–463. ACM Press, New York (2006)CrossRefGoogle Scholar
  9. [LN90]
    Linial, N., Nisan, N.: Approximate inclusion-exclusion. Combinatorica 10(4), 349–365 (1990)MathSciNetCrossRefMATHGoogle Scholar
  10. [MST03]
    Mossel, E., Shpilka, A., Trevisan, L.: On ε-biased generators in NC0. In: Proceedings of the 44th Annual Symposium on Foundations of Computer Science, pp. 136–145 (2003)Google Scholar
  11. [SS85]
    Schmidt, J.P., Shamir, E.: Component structure in the evolution of random hypergraphs. Combinatorica 5(1), 81–94 (1985)MathSciNetCrossRefMATHGoogle Scholar
  12. [Vil07]
    Vilenchik, D.: It’s all about the support: a new perspective on the satisfiability problem. Journal on Satisfiability, Boolean Modeling, and Computation 3, 125–139 (2007)MathSciNetMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Andrej Bogdanov
    • 1
  • Youming Qiao
    • 2
  1. 1.Dept. of Computer Science and EngineeringThe Chinese University of Hong KongChina
  2. 2.Institute for Theoretical Computer ScienceTsinghua UniversityChina

Personalised recommendations