The randomized iterate, revisited - Almost linear seed length PRGs from a broader class of one-way functions

We revisit “the randomized iterate” technique that was originally used by Goldreich, Krawczyk, and Luby (SICOMP 1993) and refined by Haitner, Harnik and Reingold (CRYPTO 2006) in constructing pseudorandom generators (PRGs) from regular one-way functions (OWFs). We abstract out a technical lemma (which is folklore in leakage resilient cryptography), and use it to provide a simpler and more modular proof for the Haitner-Harnik-Reingold PRGs from regular OWFs. We introduce a more general class of OWFs called “weakly-regular one-way functions” from which we construct a PRG of seed length O(n·logn). More specifically, consider an arbitrary one-way function f with range divided into sets Y₁, Y₂, . . ., Y_n where each Y_i ^def = {y : 2ⁱ⁻¹ ≤ |f⁻¹(y)| < 2ⁱ}. We say that f is weakly-regular if there exists a (not necessarily efficient computable) cut-off point max such that Y_max is of some noticeable portion (say n^−c for constant c), and Y_max+1, . . ., Y_n only sum to a negligible fraction. We construct a PRG by making Õ(n^2c+1) calls to f and achieve seed length O(n· logn) using bounded space generators. This generalizes the approach of Haitner et al., where regular OWFs fall into a special case for c = 0. We use a proof technique that is similar to and extended from the method by Haitner, Harnik and Reingold for hardness amplification of regular weakly-one-way functions. Our work further explores the feasibility and limits of the “randomized iterate” type of black-box constructions. In particular, the underlying f can have an arbitrary structure as long as the set of images with maximal preimage size has a noticeable fraction. In addition, our construction is much more seed-length efficient and security-preserving (albeit less general) than the HILL-style generators where the best known construction by Vadhan and Zheng (STOC 2012) requires seed length Õ(n³).