# Efficient Parallel Pseudo-Random Number Generation

## 0. Abstract

We present a parallel algorithm for pseudo-random number generation. Given a seed of *n* ^{ε} truly random bits for any *ε* > 0, our algorithm generates *n* ^{ c } pseudo-random bits for any *c* > 1. This takes poly-log time using *n* ^{ε′} processors where *ε′* = *κε* for some fixed small constant *κ* > 1. We show that the pseudo-random bits output by our algorithm can not be distinguished from truly random bits in parallel poly-log time using a polynomial number of processors with probability 1/2 + 1/*n* ^{O(1)} if the multiplicative inverse problem almost always can not be solved in RNC. The proof is interesting and is quite different from previous proofs for sequential pseudo-random number generators.

Our generator is fast and its output is provably as effective for RNC algorithms as truly random bits. Our generator passes all the statistical tests in Knuth[14].

Moreover, the existence of our generator has a number of central consequences for complexity theory. Given a randomized parallel algorithm *A* (over a wide class of machine models such as parallel RAMs and fixed connection networks) with time bound *T*(*n*) and processor bound *P*(*n*), we show *A* can be simulated by a parallel algorithm with time bound *T*(*n*) + *O*((log *n*)(log log *n*)), processor bound *P*(*n*)*n* ^{ε′}, and only using *n* ^{ε} truly random bits for any *ε* > 0.

Also, we show that if the multiplicative inverse problem is almost always not in RNC, then RNC is within the class of languages accepted by uniform poly-log depth circuits with unbounded fan-in and strictly sub-exponential size \( \bigcap\limits_{\varepsilon > 0} {2^{n^\varepsilon } } \).

## 7. Bibliography

- [1]L. Adleman
*Two Theorems on Random Polynomial Time*, Proc. 19th IEEE Symposium on Foundations of Computer Science, Ann Arbor, MI, October 1978, pp. 75–83.Google Scholar - [2]R. Anderson,
*A Parallel Algorithm for the Maximal Path Problem*, Proc. 17th ACM Symposium on Theory of Computing, Providence, RI, May 1985, pp. 33–37.Google Scholar - [3]W. Alexi, B. Chor, O. Goldreich, and C. Schnorr,
*RSA/Rabin Bits Are 1/2 + 1/poly(log N) Secure*, Proc. 25th IEEE Symposium on Foundations of Computer Science, Singer Island, FL, October 1984, pp. 449–457.Google Scholar - [4]P. Beame, S. Cook, and H. Hoover,
*Small Depth Circuits for Integer Products, Powers, and Division*, Proc. 25th IEEE Symposium on Foundations of Computer Science, Singer Island, FL, October 1984, pp. 1–6.Google Scholar - [5]L. Blum, M. Blum, and M. Shub,
*A Simple Secure Pseudo-Random Number Generator*, Proc. of CRYPTO-82, Santa Barbra, CA, September 1982, pp. 112–117.Google Scholar - [6]M. Blum and S. Micali,
*How to Generate Cryptographically Strong Sequences of Pseudo-Random Bits*, SIAM J. Comp., 13 (1984), pp. 850–864.zbMATHCrossRefMathSciNetGoogle Scholar - [7]H. Chernoff,
*A Measure of Asymptotic Efficiency for Tests of a Hypothesis Based on the Sum of Observations*, Ann. Math. Statist., 23 (1952), pp. 493–507.MathSciNetzbMATHCrossRefGoogle Scholar - [8]S. Cook,
*Towards a Complexity Theory of Synchronous Parallel Computation*, (Presented at) Inter. Symp. Logic. Alg. (1980).Google Scholar - [9]O. Goldreich, S. Goldwasser, and S. Micali,
*How to Construct Random Functions*, Proc. 25th Symposium IEEE Symposium Foundations of Computer Science, Singer Island, FL, October 1984, pp. 464–479.Google Scholar - [10]S. Goldwasser, S. Micali, and P. Tong,
*Why and How to Establish a Private Code on a Public Network*, Proc. 23rd IEEE Symposium Foundations of Computer Science, Chicago, IL, October 1982, pp. 134–144.Google Scholar - [11]R. Kannan, G. Miller, and L. Rudolf
*Sublinear Parallel Algorithms for the Greatest Common Divisor of Two Integers*, Proc. 25th IEEE Symposium Foundations of Computer Science, Singer Island, FL, October 1984, pp. 7–11.Google Scholar - [12]R. Karp and A. Wigderson,
*A Fast Parallel Algorithm for the Maximal Independent Set Problem*, Proc. 16th ACM Symposium on Theory of Computation, Washington, DC, May 1984, pp. 266–272.Google Scholar - [13]R. Karp, E. Upfal, and A. Wigderson,
*Constructing a Perfect Graph Matching in RNC*, Proc. 17th ACM Symposium on Theory of Computing, Providence, RI, May 1985, pp. 22–32.Google Scholar - [14]D. Knuth,
*The Art of Computer Programming, vol. 2: Seminumerical Algorithms*,*2nd ed.*, Addison-Wesley, Reading, MA, 1981.zbMATHGoogle Scholar - [15]J. Reif,
*Logarithmic Depth Circuits for Algebraic Functions*, Proc. 24th Symposium IEEE Foundations of Computer Science, Tuscon, AZ October 1983, pp. 138–145. Revised in Technical Report TR-84-18, Center for Research in Computing Technology, Harvard University. To appear in SIAM J. Comp.Google Scholar - [16]
- [17]A. Shamir,
*On the Generation of Cryptographically Strong Pseudo-Random Sequences*, ACM Trans. on Comp. Sys., 1, (1983), pp. 38–44.CrossRefGoogle Scholar - [18]A. Shonhage and V. Strassen,
*Schnelle Multiplication grosser Zahlen*, Computing, 7 (1974), pp. 281–292.CrossRefGoogle Scholar - [19]L. Valiant, S. Sykum, S. Berkowitz, and C. Rackoff,
*Fast Parallel Computation of Polynomials Using Few Processors*, SIAM J. Comp., 12 (1983), pp. 641–644.zbMATHCrossRefGoogle Scholar - [20]U. Vazirani and V. Vazirani,
*Trapdoor Pseudo-Random Number Generators with Applications to Protocol Design*, Proc. 24th IEEE Symposium Foundations of Computer Science, Tuscon, AZ, October 1983, pp. 23–30.Google Scholar - [21]Von Zur Gathen, Private communication.Google Scholar
- [22]A. Yao,
*Theory and Applications of Trapdoor Functions*, Proc. 23rd IEEE Symposium Foundations of Computer Science, Chicago, IL, October 1982, pp. 80–91.Google Scholar