Fast Pseudorandom Functions Based on Expander Graphs

  • Benny Applebaum
  • Pavel Raykov
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9985)


We present direct constructions of pseudorandom function (PRF) families based on Goldreich’s one-way function. Roughly speaking, we assume that non-trivial local mappings \(f:\{0,1\}^n\rightarrow \{0,1\}^m\) whose input-output dependencies graph form an expander are hard to invert. We show that this one-wayness assumption yields PRFs with relatively low complexity. This includes weak PRFs which can be computed in linear time of O(n) on a RAM machine with \(O(\log n)\) word size, or by a depth-3 circuit with unbounded fan-in AND and OR gates (AC0 circuit), and standard PRFs that can be computed by a quasilinear size circuit or by a constant-depth circuit with unbounded fan-in AND, OR and Majority gates (TC0).

Our proofs are based on a new search-to-decision reduction for expander-based functions. This extends a previous reduction of the first author (STOC 2012) which was applicable for the special case of random local functions. Additionally, we present a new family of highly efficient hash functions whose output on exponentially many inputs jointly forms (with high probability) a good expander graph. These hash functions are based on the techniques of Miles and Viola (Crypto 2012). Although some of our reductions provide only relatively weak security guarantees, we believe that they yield novel approach for constructing PRFs, and therefore enrich the study of pseudorandomness.



We thank Adam Klivans and Shai Shalev-Shwartz for helpful discussions.


  1. [ABG+14]
    Akavia, A., Bogdanov, A., Guo, S., Kamath, A., Rosen, A.: Candidate weak pseudorandom functions in AC\(^{0}\) MOD\(_{2}\). In: Naor, M. (ed.) Innovations in Theoretical Computer Science, ITCS 2014, Princeton, NJ, USA, 12–14 January 2014, pp. 251–260. ACM (2014)Google Scholar
  2. [ABR12]
    Applebaum, B., Bogdanov, A., Rosen, A.: A dichotomy for local small-bias generators. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 600–617. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-28914-9_34 CrossRefGoogle Scholar
  3. [ABW10]
    Applebaum, B., Barak, B., Wigderson, A.: Public-key cryptography from different assumptions. In: Schulman, L.J. (ed.) Proceedings of the 42nd ACM Symposium on Theory of Computing, STOC 2010, Cambridge, Massachusetts, USA, 5–8 June 2010, pp. 171–180. ACM (2010)Google Scholar
  4. [AHI05]
    Alekhnovich, M., Hirsch, E.A., Itsykson, D.: Exponential lower bounds for the running time of DPLL algorithms on satisfiable formulas. J. Autom. Reasoning 35(1–3), 51–72 (2005)MathSciNetzbMATHGoogle Scholar
  5. [AKS83]
    Ajtai, M., Komlós, J., Szemerédi, E.: An o(n log n) sorting network. In: Johnson, D.S., Fagin, R., Fredman, M.L., Harel, D., Karp, R.M., Lynch, N.A., Papadimitriou, C.H., Rivest, R.L., Ruzzo, W.L., Seiferas, J.I. (eds.) Proceedings of the 15th Annual ACM Symposium on Theory of Computing, Boston, Massachusetts, USA, 25–27 April 1983, pp. 1–9. ACM (1983)Google Scholar
  6. [AL15]
    Applebaum, B., Lovett, S.: Algebraic attacks against random local functions, their countermeasures. In: Electronic Colloquium on Computational Complexity (ECCC), STOC 2016, vol. 22, p. 172 (2015, to appear)Google Scholar
  7. [Ale03]
    Alekhnovich, M.: More on average case vs approximation complexity. In: 44th Symposium on Foundations of Computer Science (FOCS 2003), Cambridge, MA, USA, Proceedings, 11–14 October 2003, pp. 298–307. IEEE Computer Society (2003)Google Scholar
  8. [App13]
    Applebaum, B.: Pseudorandom generators with long stretch, low locality from random local one-way functions. SIAM J. Comput. 42(5), 2008–2037 (2013). Preliminary version in STOC 2012MathSciNetzbMATHCrossRefGoogle Scholar
  9. [App14]
    Applebaum, B.: Bootstrapping obfuscators via fast pseudorandom functions. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 162–172. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-45608-8_9 Google Scholar
  10. [App15]
    Applebaum, B.: Cryptographic hardness of random local functions - survey. In: Electronic Colloquium on Computational Complexity (ECCC), vol. 22, p. 27 (2015)Google Scholar
  11. [AR16]
    Applebaum, B., Raykov, P.: Fast pseudorandom functions based on expander graphs. In: Electronic Colloquium on Computational Complexity (ECCC), vol. 23, p. 82 (2016). Full version of this paperGoogle Scholar
  12. [BFKL93]
    Blum, A., Furst, M., Kearns, M., Lipton, R.J.: Cryptographic primitives based on hard learning problems. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 278–291. Springer, Heidelberg (1994). doi: 10.1007/3-540-48329-2_24 Google Scholar
  13. [BH08]
    Brodsky, A., Hoory, S.: Simple permutations mix even better. Random Struct. Algorithms 32(3), 274–289 (2008)MathSciNetzbMATHCrossRefGoogle Scholar
  14. [BH15]
    Berman, I., Haitner, I.: From non-adaptive to adaptive pseudorandom functions. J. Cryptol. 28(2), 297–311 (2015)MathSciNetzbMATHCrossRefGoogle Scholar
  15. [BMR10]
    Boneh, D., Montgomery, H.W., Raghunathan, A.: Algebraic pseudorandom functions with improved efficiency from the augmented cascade. In: Al-Shaer, E., Keromytis, A.D., Shmatikov, V. (eds.) Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, Chicago, Illinois, USA, 4–8 October 2010, pp. 131–140. ACM (2010)Google Scholar
  16. [BPR12]
    Banerjee, A., Peikert, C., Rosen, A.: Pseudorandom functions and lattices. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 719–737. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-29011-4_42 CrossRefGoogle Scholar
  17. [BQ12]
    Bogdanov, A., Qiao, Y.: On the security of Goldreich’s one-way function. Comput. Complexity 21(1), 83–127 (2012)MathSciNetzbMATHCrossRefGoogle Scholar
  18. [BR13]
    Bogdanov, A., Rosen, A.: Input locality and hardness amplification. J. Cryptol. 26(1), 144–171 (2013)MathSciNetzbMATHCrossRefGoogle Scholar
  19. [CEMT14]
    Cook, J., Etesami, O., Miller, R., Trevisan, L.: On the one-way function candidate proposed by Goldreich. ACM Trans. Comput. Theor. 6(3), 1401–1435 (2014)MathSciNetCrossRefGoogle Scholar
  20. [CGH+85]
    Chor, B., Goldreich, O., Håstad, J., Friedman, J., Rudich, S., Smolensky, R.: The bit extraction problem of t-resilient functions (preliminary version). In: 26th Annual Symposium on Foundations of Computer Science, Portland, Oregon, USA, 21–23 October 1985, pp. 396–407. IEEE Computer Society (1985)Google Scholar
  21. [DI05]
    Damgård, I., Ishai, Y.: Constant-round multiparty computation using a black-box pseudorandom generator. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 378–394. Springer, Heidelberg (2005). doi: 10.1007/11535218_23 CrossRefGoogle Scholar
  22. [DLS14]
    Daniely, A., Linial, N., Shalev-Shwartz, S.: From average case complexity to improper learning complexity. In: Shmoys, D.B. (ed.) Symposium on Theory of Computing, STOC 2014, New York, NY, USA, 31 May – 03 June 2014, pp. 441–448. ACM (2014)Google Scholar
  23. [FPV15]
    Feldman, V., Perkins, W., Vempala, S.: On the complexity of random satisfiability problems with planted solutions. In: Servedio, R.A., Rubinfeld, R. (eds.) Proceedings of the Forty-Seventh Annual ACM on Symposium on Theory of Computing, STOC 2015, Portland, OR, USA, 14–17 June 2015, pp. 77–86. ACM (2015)Google Scholar
  24. [GGM86]
    Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. J. ACM 33(4), 792–807 (1986)MathSciNetzbMATHCrossRefGoogle Scholar
  25. [GL89]
    Goldreich, O., Levin, L.A.: A hard-core predicate for all one-way functions. In: Johnson, D.S. (ed.) Proceedings of the 21st Annual ACM Symposium on Theory of Computing, Seattle, Washigton, USA, 14–17 May 1989, pp. 25–32. ACM (1989)Google Scholar
  26. [Gol00]
    Goldreich, O.: Candidate one-way functions based on expander graphs. In: Electronic Colloquium on Computational Complexity (ECCC), vol. 7, no. 90 (2000)Google Scholar
  27. [Gow96]
    Gowers, W.T.: An almost m-wise independent random permutation of the cube. Comb. Probab. Comput. 5(2), 119–130 (1996)MathSciNetzbMATHCrossRefGoogle Scholar
  28. [GVW12]
    Gorbunov, S., Vaikuntanathan, V., Wee, H.: Functional encryption with bounded collusions via multi-party computation. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 162–179. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-32009-5_11 CrossRefGoogle Scholar
  29. [GvzGPS00]
    Gao, S., von Zur Gathen, J., Panario, D., Shoup, V.: Algorithms for exponentiation in finite fields. J. Symb. Comput. 29(6), 879–889 (2000)MathSciNetzbMATHCrossRefGoogle Scholar
  30. [HILL99]
    Håstad, J., Impagliazzo, R., Levin, L.A., Luby, M.: A pseudorandom generator from any one-way function. SIAM J. Comput. 28(4), 1364–1396 (1999). Preliminary versions in STOC 1989 and STOC 1990MathSciNetzbMATHCrossRefGoogle Scholar
  31. [HMMR05]
    Hoory, S., Magen, A., Myers, S., Rackoff, C.: Simple permutations mix well. Theor. Comput. Sci. 348(2–3), 251–261 (2005)MathSciNetzbMATHCrossRefGoogle Scholar
  32. [IKOS08]
    Ishai, Y., Kushilevitz, E., Ostrovsky, R., Sahai, A.: Cryptography with constant computational overhead. In: Dwork, C. (ed.) Proceedings of the 40th Annual ACM Symposium on Theory of Computing, Victoria, British Columbia, Canada, May 17–20, 2008, pp. 433–442. ACM (2008)Google Scholar
  33. [Kha93]
    Kharitonov, M.: Cryptographic hardness of distribution-specific learning. In: Kosaraju, S.R., Johnson, D.S., Aggarwal, A. (eds.) Proceedings of the Twenty-Fifth Annual ACM Symposium on Theory of Computing, San Diego, CA, USA, 16–18 May 1993, pp. 372–381. ACM (1993)Google Scholar
  34. [KS09]
    Klivans, A.R., Sherstov, A.A.: Cryptographic hardness for learning intersections of halfspaces. J. Comput. Syst. Sci. 75(1), 2–12 (2009)MathSciNetzbMATHCrossRefGoogle Scholar
  35. [LF80]
    Ladner, R.E., Fischer, M.J.: Parallel prefix computation. J. ACM 27(4), 831–838 (1980)MathSciNetzbMATHCrossRefGoogle Scholar
  36. [LMN93]
    Linial, N., Mansour, Y., Nisan, N.: Constant depth circuits, fourier transform, and learnability. J. ACM 40(3), 607–620 (1993)MathSciNetzbMATHCrossRefGoogle Scholar
  37. [LW09]
    Lewko, A.B., Waters, B.: Efficient pseudorandom functions from the decisional linear assumption and weaker variants. In: Al-Shaer, E., Jha, S., Keromytis, A.D. (eds.) Proceedings of the 2009 ACM Conference on Computer and Communications Security, CCS 2009, Chicago, Illinois, USA, 9–13 November 2009, pp. 112–120. ACM (2009)Google Scholar
  38. [MP75]
    Muller, D.E., Preparata, F.P.: Bounds to complexities of networks for sorting and for switching. J. ACM 22(2), 195–201 (1975)MathSciNetzbMATHCrossRefGoogle Scholar
  39. [MST03]
    Mossel, E., Shpilka, A., Trevisan, L.: On e-biased generators in NC0. In: 44th Symposium on Foundations of Computer Science (FOCS 2003), Cambridge, MA, USA, Proceedings, 11–14 October 2003, pp. 136–145. IEEE Computer Society (2003)Google Scholar
  40. [MV12]
    Miles, E., Viola, E.: Substitution-permutation networks, pseudorandom functions, and natural proofs. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 68–85. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-32009-5_5 CrossRefGoogle Scholar
  41. [NN93]
    Naor, J., Naor, M.: Small-bias probability spaces: efficient constructions and applications. SIAM J. Comput. 22(4), 838–856 (1993)MathSciNetzbMATHCrossRefGoogle Scholar
  42. [NR95]
    Naor, M., Reingold, O.: Synthesizers and their application to the parallel construction of psuedo-random functions. In: 36th Annual Symposium on Foundations of Computer Science, Milwaukee, Wisconsin, 23–25 October 1995, pp. 170–181. IEEE Computer Society (1995)Google Scholar
  43. [NR97]
    Naor, M., Reingold, O.: Number-theoretic constructions of efficient pseudo-random functions. In: 38th Annual Symposium on Foundations of Computer Science, FOCS 1997, Miami Beach, Florida, USA, 19–22 October 1997, pp. 458–467. IEEE Computer Society (1997)Google Scholar
  44. [NRR00]
    Naor, M., Reingold, O., Rosen, A.: Pseudo-random functions and factoring (extended abstract). In: Yao, F.F., Luks, E.M. (eds.) Proceedings of the Thirty-Second Annual ACM Symposium on Theory of Computing, Portland, OR, USA, 21–23 May 2000, pp. 11–20. ACM (2000)Google Scholar
  45. [OW14]
    O’Donnell, R., Witmer, D., Goldreich’s, P.R.G.: Evidence for near-optimal polynomial stretch. In: IEEE 29th Conference on Computational Complexity, CCC 2014, Vancouver, BC, Canada, June 11–13, 2014, pp. 1–12. IEEE (2014)Google Scholar
  46. [PF79]
    Pippenger, N., Fischer, M.J.: Relations among complexity measures. J. ACM 26(2), 361–381 (1979)MathSciNetzbMATHCrossRefGoogle Scholar
  47. [PW88]
    Pitt, L., Warmuth, M.K.: Reductions among prediction problems on the difficulty of predicting automata. In: Proceedings: Third Annual Structure in Complexity Theory Conference, Georgetown University, Washington, D.C., USA, 14–17 June 1988, pp. 60–69. IEEE Computer Society (1988)Google Scholar
  48. [RR97]
    Razborov, A.A., Rudich, S.: Natural proofs. J. Comput. Syst. Sci. 55(1), 24–35 (1997)MathSciNetzbMATHCrossRefGoogle Scholar
  49. [Tzu09]
    Tzur, Y.: Notions of weak pseudorandomness and \({\rm GF}(2^n)\)-polynomials. Master’s thesis, Weizmann Institute of Science (2009)Google Scholar
  50. [Val84]
    Valiant, L.G.: A theory of the learnable. In: DeMillo, R.A. (ed.) Proceedings of the 16th Annual ACM Symposium on Theory of Computing, Washington, DC, USA, 30 April–2 May1984, pp. 436–445. ACM (1984)Google Scholar
  51. [Weg87]
    Wegener, I.: The Complexity of Boolean Functions. Teubner/Wiley, Stuttgart (1987)zbMATHGoogle Scholar
  52. [Yao82]
    Yao, A.C.: Theory and applications of trapdoor functions (extended abstract). In: 23rd Annual Symposium on Foundations of Computer Science, Chicago, Illinois, USA, 3–5 November 1982, pp. 80–91. IEEE Computer Society (1982)Google Scholar

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  1. 1.School of Electrical EngineeringTel-Aviv UniversityTel AvivIsrael

Personalised recommendations