这篇博文记录了 read-once branching program 三种本质相同的 pseudorandom generator —— [Nisan’92]、[Impagliazzo-Nisan-Wigderson’94] 和 [Nisan-Zuckerman’96]。
分别阐述了三种 PRG 的构造方法,最后用 Leftover Hash Lemma 这一桥梁将三者联系在一起。
Seedless Extractor 定义的是,要构造一个函数 Ext : { 0 , 1 } n → { 0 , 1 } m \text{Ext} : \{0, 1\}^n \to \{0, 1\}^m Ext : { 0 , 1 } n → { 0 , 1 } m k k k Δ ( Ext ( X ) , U m ) < ε \Delta(\text{Ext}(X), U_m) < \varepsilon Δ ( Ext ( X ) , U m ) < ε
但如果我们换一个顺序,允许对于每种 k k k
Thm
我们还可以将定理的结论换一个说法:Δ ( ( H , H ( X ) ) , ( U H , U [ M ] ) ) < ε \Delta((H, H(X)), (U_H, U_{[M]})) < \varepsilon Δ ( ( H , H ( X ) ) , ( U H , U [ M ] ) ) < ε
Thm (Leftover Hash Lemma) 设 H = { h : { 0 , 1 } n → { 0 , 1 } m } \mathcal{H} = \{h : \{0, 1\}^n \to \{0, 1\}^m \} H = { h : { 0 , 1 } n → { 0 , 1 } m } m = k − 2 log ( 1 / ε ) m = k - 2 \log (1 / \varepsilon) m = k − 2 log ( 1 / ε ) Ext ( x , h ) ≜ h ( x ) \text{Ext}(x, h) \triangleq h(x) Ext ( x , h ) ≜ h ( x ) ( k , ε ) (k, \varepsilon) ( k , ε )
Proof. 由 Cauchy 不等式可得:
Δ ( ( H , H ( X ) ) , ( U d , U m ) ) = 1 2 ∥ ( H , H ( X ) ) − ( U d , U m ) ∥ 1 ≤ D M 2 ∥ ( H , H ( X ) ) − ( U d , U m ) ∥ 2 = D M 2 ( CP ( ( H , H ( X ) ) ) − 1 D M ) 1 / 2 \Delta((H, H(X)), (U_d, U_m)) = \dfrac{1}{2} \| (H, H(X)) - (U_d, U_m) \|_1 \\
\le \dfrac{\sqrt{D M}}{2} \| (H, H(X)) - (U_d, U_m) \|_2 = \dfrac{\sqrt{D M}}{2} \left( \text{CP}((H, H(X))) - \dfrac{1}{D M} \right)^{1 / 2}
Δ ( ( H , H ( X ) ) , ( U d , U m ) ) = 2 1 ∥ ( H , H ( X ) ) − ( U d , U m ) ∥ 1 ≤ 2 D M ∥ ( H , H ( X ) ) − ( U d , U m ) ∥ 2 = 2 D M ( CP ( ( H , H ( X ) ) ) − D M 1 ) 1 / 2
其中 CP ( X ) ≜ Pr [ X = X ′ ] = ∑ x Pr [ X = x ] 2 \text{CP}(X) \triangleq \Pr[X = X'] = \sum_x \Pr[X = x]^2 CP ( X ) ≜ Pr [ X = X ′ ] = ∑ x Pr [ X = x ] 2 X , X ′ X, X' X , X ′ X X X
所以我们转而去控制 CP ( ( H , H ( X ) ) ) \text{CP}((H, H(X))) CP ( ( H , H ( X ) ) )
CP ( ( H , H ( X ) ) ) = Pr [ ( H , H ( X ) ) = ( H ′ , H ′ ( X ′ ) ) ] = Pr [ H = H ′ ∧ ( X = X ′ ∨ ( X ≠ X ′ ∧ H ( X ) = H ( X ′ ) ) ) ] = Pr [ H = H ′ ] ( Pr [ X = X ′ ] + Pr [ X ≠ X ′ , H ( X ) = H ( X ′ ) ] ) ( 独立性 ) = CP ( H ) ( CP ( X ) + Pr [ X ≠ X ′ ] ⋅ Pr [ H ( X ) = H ( X ′ ) ∣ X ≠ X ′ ] ) ≤ CP ( H ) ( CP ( X ) + Pr [ H ( X ) = H ( X ′ ) ∣ X ≠ X ′ ] ) ≤ 1 D ( 1 K + 1 M ) ≤ 1 + ε 2 D M \begin{aligned}
\text{CP}((H, H(X))) & = \Pr[(H, H(X)) = (H', H'(X'))] \\
& = \Pr[H = H' \wedge (X = X' \vee (X \ne X' \wedge H(X) = H(X')))] \\
& = \Pr[H = H'] ( \Pr[X = X'] + \Pr[X \ne X', H(X) = H(X')] )\ (\text{独立性}) \\
& = \text{CP}(H) ( \text{CP}(X) + \Pr[X \ne X'] \cdot \Pr[H(X) = H(X') \mid X \ne X'] ) \\
& \le \text{CP}(H) ( \text{CP}(X) + \Pr[H(X) = H(X') \mid X \ne X'] ) \\
& \le \dfrac{1}{D} \left( \dfrac{1}{K} + \dfrac{1}{M} \right) \le \dfrac{1 + \varepsilon^2}{D M}
\end{aligned}
CP ( ( H , H ( X ) ) ) = Pr [ ( H , H ( X ) ) = ( H ′ , H ′ ( X ′ ) ) ] = Pr [ H = H ′ ∧ ( X = X ′ ∨ ( X = X ′ ∧ H ( X ) = H ( X ′ ) ) ) ] = Pr [ H = H ′ ] ( Pr [ X = X ′ ] + Pr [ X = X ′ , H ( X ) = H ( X ′ ) ] ) ( 独立性 ) = CP ( H ) ( CP ( X ) + Pr [ X = X ′ ] ⋅ Pr [ H ( X ) = H ( X ′ ) ∣ X = X ′ ] ) ≤ CP ( H ) ( CP ( X ) + Pr [ H ( X ) = H ( X ′ ) ∣ X = X ′ ] ) ≤ D 1 ( K 1 + M 1 ) ≤ D M 1 + ε 2
综上:
Δ ( ( H , H ( X ) ) , ( U d , U m ) ) ≤ D M 2 ⋅ 1 + ε 2 D M − 1 D M = ε 2 \Delta((H, H(X)), (U_d, U_m)) \le \dfrac{\sqrt{D M}}{2} \cdot \sqrt{\dfrac{1 + \varepsilon^2}{D M} - \dfrac{1}{D M}} = \dfrac{\varepsilon}{2}
Δ ( ( H , H ( X ) ) , ( U d , U m ) ) ≤ 2 D M ⋅ D M 1 + ε 2 − D M 1 = 2 ε
即得。□ \Box □
[HH23] Pooya Hatami and William M. Hoza. “Theory of Unconditional Pseudorandom Generators”. In: ECCC preprint TR23-019 . 2023.
[INW94] Russell Impagliazzo, Noam Nisan, and Avi Wigderson. “Pseudorandomness for Network Algorithms”. In: Proc. 26th Annual ACM Symposium on Theory of Computing (STOC) . 1994, pp. 356–364. isbn: 0897916638. doi: 10.1145/195058.195190
[Nis92] Noam Nisan. “Pseudorandom generators for space-bounded computation”. In: Combinatorica 12.4 (1992), pp. 449–461. doi: 10.1007/BF01305237
[NZ96] Noam Nisan and David Zuckerman. “Randomness is linear in space”. In: J. Comput. System Sci . 52.1 (1996), pp. 43–52. issn: 0022-0000. doi: 10.1006/jcss.1996.0004
[Vad12] Salil P. Vadhan. “Pseudorandomness”. In: Foundations and Trends in Theoretical Computer Science 7.1-3 (2012), pp. 1–336. doi: 10.1561/0400000010