On linear-size pseudorandom generators and hardcore functions

We consider the question of constructing pseudorandom generators that simultaneously have linear circuit complexity (in the output length), exponential security (in the seed length), and a large stretch (linear or polynomial in the seed length). We refer to such a pseudorandom generator as an asymptotically optimal PRG. We present a simple construction of an asymptotically optimal PRG from any one-way function f:{0,1} ⁿ → {0,1} ⁿ which satisfies the following requirements: 1. f can be computed by linear-size circuits; 2. f is 2 ^βn-hard to invert for some constant β > 0, and the min-entropy of f(x) on a random input x is at least γn for a constant γ > 0 such that β/3 + γ > 1. Alternatively, building on the work of Haitner, Harnik and Reingold (SICOMP 2011), one can replace the second requirement by: 2 ^′. f is 2 ^βn-hard to invert for some constant β > 0 and it is regular in the sense that the preimage size of every output of f is fixed (but possibly unknown). Previous constructions of PRGs from one-way functions can do without the entropy or regularity requirements, but even the best such constructions achieve slightly sub-exponential security (Vadhan and Zheng, STOC 2012). Our construction relies on a technical result about hardcore functions that may be of independent interest. We obtain a family of hardcore functions that can be computed by linear-sized circuits for any 2 ^βn-hard one-way function f:{0,1} ⁿ → {0,1} ⁿ where β > 3α. Our construction of asymptotically optimal PRGs uses such hardcore functions, which can be obtained via linear-size computable affine hash functions (Ishai, Kushilevitz, Ostrovsky and Sahai, STOC 2008).