On the power of the randomized iterate

TL;DR: This paper revisits a technique that was used in to give a construction of pseudorandom generators from regular one-way functions and uses the randomized iterate to replace the basic building block of the [HILL99] construction.

Abstract: We consider two of the most fundamental theorems in Cryptography. The first, due to Hastad et al. [HILL99], is that pseudorandom generators can be constructed from any one-way function. The second due to Yao [Yao82] states that the existence of weak one-way functions (i.e. functions on which every efficient algorithm fails to invert with some noticeable probability) implies the existence of full fledged one-way functions. These powerful plausibility results shape our understanding of hardness and randomness in Cryptography. Unfortunately, the reductions given in [HILL99, Yao82] are not as security preserving as one may desire. The main reason for the security deterioration is the input blow up in both of these constructions. For example, given one-way functions on n bits one obtains by [HILL99] pseudorandom generators with seed length Ω(n8). This paper revisits a technique that we call the Randomized Iterate, introduced by Goldreich, et. al.[GKL93]. This technique was used in to give a construction of pseudorandom generators from regular one-way functions. We simplify and strengthen this technique in order to obtain a similar reduction where the seed length of the resulting generators is as short as ${\cal{O}}(n \log n)$ rather than Ω(n3) in [GKL93]. Our technique has the potential of implying seed-length ${\cal{O}}(n)$, and the only bottleneck for such a result is the parameters of current generators against space bounded computations. We give a reduction with similar parameters for security amplification of regular one-way functions. This improves upon the reduction of Goldreich et al. [GIL+90] in that the reduction does not need to know the regularity parameter of the functions (in terms of security, the two reductions are incomparable). Finally, we show that the randomized iterate may even be useful in the general context of [HILL99]. In Particular, we use the randomized iterate to replace the basic building block of the [HILL99] construction. Interestingly, this modification improves efficiency by an n3 factor and reduces the seed length to ${\cal{O}}(n^7)$ (which also implies improvement in the security of the construction).