article

Free access

How to construct random functions

Authors:

Oded Goldreich,

Shafi Goldwasser, and

Silvio MicaliAuthors Info & Claims

Journal of the ACM (JACM), Volume 33, Issue 4

Pages 792 - 807

https://doi.org/10.1145/6490.6503

Published: 10 August 1986 Publication History

PDF eReader

Abstract

A constructive theory of randomness for functions, based on computational complexity, is developed, and a pseudorandom function generator is presented. This generator is a deterministic polynomial-time algorithm that transforms pairs (g, r), where g is any one-way function and r is a random k-bit string, to polynomial-time computable functions ƒ_r: {1, …, 2^k} → {1, …, 2^k}. These ƒ_r's cannot be distinguished from random functions by any probabilistic polynomial-time algorithm that asks and receives the value of a function at arguments of its choice. The result has applications in cryptography, random constructions, and complexity theory.

References

[1]

ADELMAN, L. Time, Space and Randomness. Tech. Memo 131, Laboratory for Computer Science MIT, Cambridge, Mass., 1979.

Google Scholar

[2]

ALEXI, W., CHOR, B., GOLDREICH, O., AND SCHNORR, C. P. RSA and Rabin functions: Certain parts are as hard as the whole. SIAM J. Comput., to appear. (An earlier version appeared in Proceedings of the 25th IEEE Symposium on Foundations of Computer Science. IEEE, New York, 1984, pp. 449-457.)

Google Scholar

[3]

ANGLUIN, O., AND LICHTENSTEIN, D. Provable security of cryptosystems: A survey. Tech. Rep. 288, Dept. of Computer Science, Yale Univ. New Haven, Conn., 1983.

Google Scholar

[4]

BENNETT, C. H., AND GILL, J. Relative to a random oracle, A, P^ ~ NP^ ~ co-NP^ with probability I. SIAM J. Comput. I 0 ( 198 l), 96-113.

Google Scholar

[5]

BEN-OR, M., CnOR, B., AND SHAMIR, A. On the cryptographic security of single RSA bits. In Proceedings of the 15th ACM Symposium on Theory of Computing (Boston, Mass., Apr. 25-27). ACM, New~'ork, 1983, pp. 421-430.

Crossref

Google Scholar

[6]

BEN-OR, M., GOLDREICH, O., MICALI, S., AND RIVEST, R.L. A fair protocol for signing contracts. In Automata, Languages and Programming, 12th Colloquium, W. Brauer, Ed. Lecture Notes in Computer Science, vol. 194. Springer-Vedag, New York, 1985, pp. 43-52.

Crossref

Google Scholar

[7]

BLUM, L., BLUM, M., AND SHUB, M. A simpl~ unpredictable pseudo-random number generator. SIAM J. Comput. 15 (May 1986), 364-383.

Digital Library

Google Scholar

[8]

BLUM, M., AND MICALI, S. How to generate cryptographically strong sequences of pseudo-random bits. SIAM J. Comput. 13 (Nov. I984), 850-864.

Digital Library

Google Scholar

[9]

BRASSARD, G. On computationally secure authentication tags requiring short secret shared keys. In Advances in Cryptology: Proceedings of Crypto-82, D. Chaum, R. L. Rivest and A. T. Sherman, Eds. Plenum Press, New York, 1983, pp. 79-86.

Crossref

Google Scholar

[10]

CnAITIN, G.J. On the length of programs for computing finite binary sequences. J. ACM 13, 4 (Oct. 1966), 547-570.

Crossref

Google Scholar

[11]

DIFFIE, W., AND HELLMAN, M. E. New directions in cryptography. IEEE Trans. Inf. Theory IT-22 (Nov. 1976), 644-654.

Digital Library

Google Scholar

[12]

FREIZE, A. M., KANNAN, R., AND LAGARIAS, J.C. Linear congruential generators do not produce random sequences. In Proceedings of the 25th Symposium on Foundations of Computer Science. IEEE, New York, 1984, pp. 480-484'.

Digital Library

Google Scholar

[13]

GACS, P. On the symmetry of algorithmic information. Soy. Math. Dokl. 15 (1974), 1477.

Google Scholar

[14]

GOLDREICH, O., GOLDWASSER, S., AND MICALI, S. How to construct random functions. Tech. Memo 244, Laboratory for Computer Science, MIT, Cambridge, Mass., Nov. 1983.

Google Scholar

[15]

GOLDREICH, O., GOLDWASSER, S., AND MICALI, S. On the cryptographic applications of random functions. In Advances in Cryptology: Proceedings of Crypto-84. B. Blakely, Ed. Lecture Notes in Computer Science, vol. 196. Springer-Vedag, New York, 1985, pp. 276-288.

Crossref

Google Scholar

[16]

GOLDWASSER, S. Probabilistic encryption: Theory and applications. Ph.D. dissertation, Dept. of Computer Science, Univ. of California, Berkeley, Calif., 1984.

Crossref

Google Scholar

[17]

GOLDWASSER, S., MICALI, S., AND RIVEST, R.L. A "paradoxical" signature scheme. In Proceedings of the 25th IEEE Symposium on Foundations of Computer Science. IEEE, New York, 1984, pp. 441-448.

Google Scholar

[18]

GOLDWASSER, A., MICALI, S., AND RIVEST, R. L. A digital signature scheme secure against adaptive chosen method attack. SIAM J. Comput. to appear.

Crossref

Google Scholar

[19]

GOLDWASSER, S., MICALI, S., AND TONG, P. Why and how to establish a private code on a public network. In Proceedings of the 23rd IEEE Symposium on Foundations of Computer Science. IEEE, New York, 1982, pp. 134-144.

Digital Library

Google Scholar

[20]

HARTMANIS, J. Generalized Kolmogorov complexity and the structure of feasible computations. In Proceedings of the 24th IEEE Symposium on Foundations of Computer Science. IEEE, New York, 1983, pp. 439-445.

Digital Library

Google Scholar

[21]

HASTAD, J., AND SHAMIR, A. The cryptographic security of truncated linearly related variables. In Proceedings of the 17th ACM Symposium on Theory of Computing (Providence, R.I., May 6-8). ACM, New York, 1985, pp. 356-362.

Crossref

Google Scholar

[22]

KNUTn, D. The Art of Computer Programming: Seminumerical Algorithms, vol. 2. 2nd ed. Addison-Wesley, Reading, Mass. 1981.

Crossref

Google Scholar

[23]

KOLMOGOROV, A. Three approaches to the concept of "The amount of information," Prob. Inf. Transm. I, l (1965).

Google Scholar

[24]

LAGARIAS, J., AND REEDS, J. Extrapolation of nonlinear recurrences. Submitted for publication.

Google Scholar

[25]

LEVIN, L.A. On the notion of a random sequence. Soy. Math. Dokl. 14, 5 (1973), 1413.

Google Scholar

[26]

LEVlN, L. A. Various measures of complexity for finite objects (axiomatic descriptions). Soy. Math. Dokl. 17, 2 (1976), 522-526.

Google Scholar

[27]

LEVIN, L.A. Randomness conservation inequalities, information and independence in mathematical theories. Inf. Control 61 (1984), 15-37.

Digital Library

Google Scholar

[28]

LEVIN, L.A. One-way function and pseudorandom generators. In Proceedings of the 17th ACM Symposium on Theory of Computing (Providence, R.I., May 6-8). ACM, New York, 1985, pp. 363-365.

Crossref

Google Scholar

[29]

LONG, D. L., AND WIGDERSON, A. How discreet is discrete log? In preparation. A preliminary version appeared in Proceedings of the 15th ACM Symposium on Theory of Computing (Boston, Mass., Apr. 25-27). ACM, New York, 1983, pp. 413-420.

Crossref

Google Scholar

[30]

Luav, M., AND RACKOFF, C. Pseudo random permutation generators and cryptographic composition. In Proceedings of the 18th ACM Symposium on Theory of Computing (Berkeley, Calif., May 28-30). ACM, New York, 1986, pp. 356-363.

Crossref

Google Scholar

[31]

MARTIN-LOF, P. The definition of random sequences. Inf. Control 9 (1966), 602-619.

Crossref

Google Scholar

[32]

PLUMSTEAD, J. Inferring a sequence generated by a linear congruence. In Proceedings of the 23rd IEEE Symposium on Foundations of Computer Science. IEEE, New York, 1982, pp. 153-159.

Digital Library

Google Scholar

[33]

RABIN, M.O. Digitalized signatures and public key functions as intractable as factoring. Tech. Rep. 212, Laboratory for Computer Science, Cambridge, Mass., 1979.

Digital Library

Google Scholar

[34]

RIVEST, R., SHAMIR, A., AND ADLEMAN, L. A method for obtaining digital signatures and public key cryptosystems. Commun. ACM, 21, 2 (Feb. 1978), 120-126.

Digital Library

Google Scholar

[35]

SCHNORR, C.P. Zufaelligkeit und Wahrscheinlichkeit. Lecture Notes in Mathematics, vol. 218. Springer-Verlag, New York, 197 i.

Google Scholar

[36]

SHAMIR, A. On the generation of cryptographically strong pseudorandom sequences. ACM Trans. Comput. Syst. 1, l (Feb. 1983), 38-44.

Crossref

Google Scholar

[37]

SIr'SER, M. A complexity theoretic approach to randomness, in Proceedings of the 15th ACM Symposium on Theory of Computing (Boston, Mass., Apr. 25-27). ACM, New York, 1983, 330-335.

Crossref

Google Scholar

[38]

SOLOMONOFF, R.J. A formal theory of inductive inference. Inf. Control, 7, l (1964), 1-22.

Google Scholar

[39]

WILBER, R.E. Randomness and the density of hard problems. In Proceedings of 24th IEEE Symposium on Foundations of Computer Science. IEEE, New York, 1983, pp. 335-342.

Digital Library

Google Scholar

[40]

VAZIRANI, U. V., AND VAZIRANI, V.V. RSA bits are .732 + ~ secure, tn Advances in Cryptology: Proceedings ofCrypto-83, D. Chaum, Ed. Plenum Press, New York, 1984, pp. 369-375.

Google Scholar

[41]

VAZIRANI, U. V., AND VAZIRANI, V.V. Efficient and secure pseudo-random number generation. In Proceedings of the 25th IEEE Symposium on Foundations of Computer Science. IEEE, New York, 1984, pp. 458-463.

Digital Library

Google Scholar

[42]

YAO, A.C. Theory and applications of trapdoor functions. In Proceedings of the 23rd IEEE Symposium on Foundations of Computer Science. IEEE, New York, 1982, pp 80-9 I.

Digital Library

Google Scholar

[43]

ZVONKIN, A. K., AND LEVIN, L.A. The complexity of finite objects and the algorithmic concepts of randomness and information. UMN (Russian Math. Surveys), 25, 6 (1970), 83-124.

Google Scholar

Cited By

View all

Li JHan DWeng TWu HLi KCastiglione A(2025)A secure data storage and sharing scheme for port supply chain based on blockchain and dynamic searchable encryptionComputer Standards & Interfaces10.1016/j.csi.2024.10388791(103887)Online publication date: Jan-2025
https://doi.org/10.1016/j.csi.2024.103887
Öksüz Ö(2024)A Smart Contract Based Secure Ride Sharing SystemInternational Journal of Information Security Science10.55859/ijiss.139918913:1(1-22)Online publication date: 29-Mar-2024
https://doi.org/10.55859/ijiss.1399189
Muhammad FYasir N(2024)Redefining GCM’s resistance to cryptanalysis with offset mechanismsTrends in Computer Science and Information Technology10.17352/tcsit.0000799:1(042-051)Online publication date: 30-Mar-2024
https://doi.org/10.17352/tcsit.000079
Show More Cited By

Index Terms

How to construct random functions

Recommendations

How to Construct Quantum Random Functions
FOCS '12: Proceedings of the 2012 IEEE 53rd Annual Symposium on Foundations of Computer Science

In the presence of a quantum adversary, there are two possible definitions of security for a pseudorandom function. The first, which we call standard-security, allows the adversary to be quantum, but requires queries to the function to be classical. The ...
Read More
How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract)
CRYPTO '85: Advances in Cryptology

Let F ⁿ be the set of all functions from n bits to n bits. Let f ⁿ specify for each key k of a given length a function f _k ⁿ F ⁿ . We say f ⁿ is pseudo-random if the following two properties hold: (1) Given a key k and an input a of ...
Read More
Random Continuous Functions

We investigate notions of algorithmic randomness in the space C(2^N) of continuous functions on 2^N. A probability measure is given and a version of the Martin-Lof test for randomness is defined which allows us to define a class of (Martin-Lof) random ...
Read More

Reviews

Reviewer:

In this paper, the authors have answered a frequently raised question: What is meant by saying that certain functions “behave randomly”__?__ They have presented an efficient way to construct functions that behave randomly, if one-way functions exist. These constructed functions then demonstrated their randomness by various applications. The authors have developed a constructive theory of randomness for functions and presented a pseudorandom function generator. The derivation of these theories was based upon the computational complexity of the functions. This pseudorandom function generator is considered to be a deterministic polynomial-time algorithm that transforms pair ( g,r), where g is any one-way function and r is a random k-bit string, to polynomial-time computable functions: f r: {1, . . . , 2 k}:2WZ{1, . . . ,- 2 k}. These f r's cannot be distinguished from random functions by any probabilistic polynomial-time algorithm that asks and receives the value of a function at arguments of its choice. The applications of the result of these functions are shown in the field of cryptography, random constructions, and complexity theory.

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Information & Contributors

Information

Published In

Journal of the ACM Volume 33, Issue 4

Oct. 1986

189 pages

ISSN:0004-5411

EISSN:1557-735X

DOI:10.1145/6490

Editor:
Daniel Rosencrantz

Issue’s Table of Contents

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 10 August 1986

Published in JACM Volume 33, Issue 4

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1,506
Total Citations
View Citations
9,553
Total Downloads

Downloads (Last 12 months)1,041
Downloads (Last 6 weeks)118

Other Metrics

View Author Metrics

Citations

Cited By

View all

Li JHan DWeng TWu HLi KCastiglione A(2025)A secure data storage and sharing scheme for port supply chain based on blockchain and dynamic searchable encryptionComputer Standards & Interfaces10.1016/j.csi.2024.10388791(103887)Online publication date: Jan-2025
https://doi.org/10.1016/j.csi.2024.103887
Öksüz Ö(2024)A Smart Contract Based Secure Ride Sharing SystemInternational Journal of Information Security Science10.55859/ijiss.139918913:1(1-22)Online publication date: 29-Mar-2024
https://doi.org/10.55859/ijiss.1399189
Muhammad FYasir N(2024)Redefining GCM’s resistance to cryptanalysis with offset mechanismsTrends in Computer Science and Information Technology10.17352/tcsit.0000799:1(042-051)Online publication date: 30-Mar-2024
https://doi.org/10.17352/tcsit.000079
Heimberger LHennerbichler TMeisingseth FRamacher SRechberger CQuek TGao DZhou JCardenas A(2024)OPRFs from IsogeniesProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3645010(575-588)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3645010
Song XZheng YBai JDong CLiu ZChang EQuek TGao DZhou JCardenas A(2024)DISCO: Dynamic Searchable Encryption with Constant StateProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3637674(1724-1738)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3637674
Gur TJahanara MKhodabandeh MRajgopal NSalamatian BShinkar IMohar BShinkar IO'Donnell R(2024)On the Power of Interactive Proofs for LearningProceedings of the 56th Annual ACM Symposium on Theory of Computing10.1145/3618260.3649784(1063-1070)Online publication date: 10-Jun-2024
https://dl.acm.org/doi/10.1145/3618260.3649784
Hirahara SNanashima MMohar BShinkar IO'Donnell R(2024)One-Way Functions and Zero KnowledgeProceedings of the 56th Annual ACM Symposium on Theory of Computing10.1145/3618260.3649701(1731-1738)Online publication date: 10-Jun-2024
https://dl.acm.org/doi/10.1145/3618260.3649701
Boyle EKomargodski IVafa NMohar BShinkar IO'Donnell R(2024)Memory Checking Requires Logarithmic OverheadProceedings of the 56th Annual ACM Symposium on Theory of Computing10.1145/3618260.3649686(1712-1723)Online publication date: 10-Jun-2024
https://dl.acm.org/doi/10.1145/3618260.3649686
Chen LHirahara SRen HMohar BShinkar IO'Donnell R(2024)Symmetric Exponential Time Requires Near-Maximum Circuit SizeProceedings of the 56th Annual ACM Symposium on Theory of Computing10.1145/3618260.3649624(1990-1999)Online publication date: 10-Jun-2024
https://dl.acm.org/doi/10.1145/3618260.3649624
Li ZMohar BShinkar IO'Donnell R(2024)Symmetric Exponential Time Requires Near-Maximum Circuit Size: Simplified, Truly UniformProceedings of the 56th Annual ACM Symposium on Theory of Computing10.1145/3618260.3649615(2000-2007)Online publication date: 10-Jun-2024
https://dl.acm.org/doi/10.1145/3618260.3649615
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

References

Cited By

Index Terms

Recommendations

How to Construct Quantum Random Functions

How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract)

Random Continuous Functions

Reviews

Access critical reviews of Computing literature here

Comments

Information

Published In

Publisher

Publication History

Permissions

Check for updates

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

PDF

eReader

Get Access

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations