Let G : {0, 1}~n → {0, 1}~m be a pseudorandom generator. We say that a circuit implementation of G is (k,q)-robust if for every set 5 of at most k wires anywhere in the circuit, there is a set T of at most q|S| outputs, such that conditioned on the values of 5 and T the remaining outputs are pseudorandom. We initiate the study of robust PRGs, presenting explicit and non-explicit constructions in which k is close to n, q is constant, and m n. These include unconditional constructions of robust r-wise independent PRGs and small-bias PRGs, as well as conditional constructions of robust cryptographic PRGs. In addition to their general usefulness as a more resilient form of PRGs, our study of robust PRGs is motivated by cryptographic applications in which an adversary has a local view of a large source of secret randomness. We apply robust r-wise independent PRGs towards reducing the randomness complexity of private circuits and protocols for secure multiparty computation, as well as improving the "black-box complexity" of constant-round secure two-party computation.
展开▼
机译:令G:{0,1}〜n→{0,1}〜m为伪随机数生成器。我们说,如果对于电路中任何位置的至多k条导线的每组5条,T最多为q | S |,则G的电路实现是(k,q)稳健的。输出,使得以5和T为条件,其余输出是伪随机的。我们开始研究稳健的PRG,提出显式和非显式构造,其中k接近n,q为常数,并且m >> n。这些包括健壮的r方向独立PRG和小偏置PRG的无条件构造,以及健壮的密码PRG的有条件构造。除了它们作为PRG的更灵活形式的一般用途外,我们对健壮PRG的研究还受到密码学应用的启发,在这种应用中,对手对本地大量的秘密随机性具有局部看法。我们应用稳健的r独立的PRG来降低专用电路和协议的随机复杂性,以进行安全的多方计算,以及提高恒定轮安全两方计算的“黑匣子复杂性”。
展开▼
