We consider the question of constructing cryptographic pseudorandom generators (PRGs) in NC0, namely ones in which each bit of the output depends on just a constant number of input bits. Previous constructions of such PRGs were limited to stretching a seed of n bits to n + o(n) bits. This leaves open the existence of a PRG with a linear (let alone superlinear) stretch in NC0. In this work we study this question and obtain the following main results:

1. We show that the existence of a linear-stretch PRG in NC0 implies non-trivial hardness of approximation results without relying on PCP machinery. In particular, that Max 3SAT is hard to approximate to within some constant.

2. We construct a linear-stretch PRG in NC0 under a specific intractability assumption related to the hardness of decoding “sparsely generated” linear codes. Such an assumption was previously conjectured by Alekhnovich [1].

We note that Alekhnovich directly obtains hardness of approximation results from the latter assumption. Thus, we do not prove hardness of approximation under new concrete assumptions. However, our first result is motivated by the hope to prove hardness of approximation under more general or standard cryptographic assumptions, and the second result is independently motivated by cryptographic applications.


Linear Code Pseudorandom Generator Expansion Property Expander Graph Inapproximability Result 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Alekhnovich, M.: More on average case vs approximation complexity. In: Proc. 44th FOCS, pp. 298–307 (2003)Google Scholar
  2. 2.
    Alon, N., Roichman, Y.: Random cayley graphs and expanders. Random Struct. Algorithms 5(2), 271–285 (1994)MATHCrossRefMathSciNetGoogle Scholar
  3. 3.
    Applebaum, B., Ishai, Y., Kushilevitz, E.: Cryptography in NC0. SIAM J. Comput. (to appear); Preliminary version in FOCS 2004 Google Scholar
  4. 4.
    Arora, S., Lund, C., Motwani, R., Sudan, M., Szegedy, M.: Proof verification and hardness of approximation problems. J. of the ACM 45(3), 501–555 (1998)MATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    Arora, S., Safra, S.: Probabilistic checking of proofs: A new characterization of np. J. of the ACM 45(1), 70–122 (1998)MATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    Ben-Sasson, E., Sudan, M., Vadhan, S., Wigderson, A.: Randomness-efficient low-degree tests and short pcps via epsilon-biased sets. In: Proc. 35th STOC, pp. 612–621 (2003)Google Scholar
  7. 7.
    Blum, A., Furst, M., Kearns, M., Lipton, R.J.: Cryptographic primitives based on hard learning problems. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 278–291. Springer, Heidelberg (1994)Google Scholar
  8. 8.
    Blum, M., Micali, S.: How to generate cryptographically strong sequences of pseudo-random bits. SIAM J. Comput. 13, 850–864 (1984)MATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    Capalbo, M., Reingold, O., Vadhan, S., Wigderson, A.: Randomness conductors and constant-degree lossless expanders. In: Proc. 34th STOC, pp. 659–668 (2002)Google Scholar
  10. 10.
    Cryan, M., Miltersen, P.B.: On pseudorandom generators in NC0. In: Sgall, J., Pultr, A., Kolman, P. (eds.) MFCS 2001. LNCS, vol. 2136. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  11. 11.
    Dodis, Y., Smith, A.: Correcting errors without leaking partial information. In: Proc. 37th STOC, pp. 654–663 (2005)Google Scholar
  12. 12.
    Feige, U.: Relations between average case complexity and approximation complexity. In: Proc. of 34th STOC, pp. 534–543 (2002)Google Scholar
  13. 13.
    Goldreich, O.: Candidate one-way functions based on expander graphs. ECCC 7(090) (2000)Google Scholar
  14. 14.
    Goldreich, O.: Foundations of Cryptography: Basic Tools. Cambridge University Press, Cambridge (2001)MATHCrossRefGoogle Scholar
  15. 15.
    Goldreich, O., Krawczyk, H., Luby, M.: On the existence of pseudorandom generators. SIAM J. Comput. 22(6), 1163–1175 (1993)MATHCrossRefMathSciNetGoogle Scholar
  16. 16.
    Goldreich, O., Wigderson, A.: Tiny families of functions with random properties: A quality-size trade-off for hashing. Random Struct. Random Struct. Algorithms 11(4), 315–343 (1997)MATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    Mossel, E., Shpilka, A., Trevisan, L.: On ε-biased generators in NC0. In: Proc. 44th FOCS, pp. 136–145 (2003)Google Scholar
  18. 18.
    Naor, J., Naor, M.: Small-bias probability spaces: Efficient constructions and applications. SIAM J. Comput. 22(4), 838–856 (1993)MATHCrossRefMathSciNetGoogle Scholar
  19. 19.
    Naor, M.: Bit commitment using pseudorandomness. J. of Cryptology 4, 151–158 (1991)MATHCrossRefMathSciNetGoogle Scholar
  20. 20.
    Papadimitriou, C., Yannakakis, M.: Optimization, approximation, and complexity classes. J. of Computer and Systems Sciences 43, 425–440 (1991)MATHCrossRefMathSciNetGoogle Scholar
  21. 21.
    Radhakrishnan, J., Ta-Shma, A.: Tight bounds for depth-two superconcentrators. SIAM J. Discrete Math. 13(1), 2–24 (2000)MATHCrossRefMathSciNetGoogle Scholar
  22. 22.
    Vazirani, U.: Randomness, Adversaries and Computation. Ph.d. thesis, UC Berkeley (1986)Google Scholar
  23. 23.
    Viola, E.: On constructing parallel pseudorandom generators from one-way functions. In: Proc. 20th CCC, pp. 183–197 (2005)Google Scholar
  24. 24.
    Yao, A.C.: Theory and application of trapdoor functions. In: Proc. 23rd FOCS, pp. 80–91 (1982)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Benny Applebaum
    • 1
  • Yuval Ishai
    • 1
  • Eyal Kushilevitz
    • 1
  1. 1.Computer Science DepartmentTechnionIsrael

Personalised recommendations