On the algebraic immunity - resiliency trade-off, implications for Goldreich's pseudorandom generator

peer reviewe

On the Algebraic Immunity - Resiliency trade-off, implications for Goldreich\u27s Pseudorandom Generator

Goldreich\u27s pseudorandom generator is a well-known building block for many theoretical cryptographic constructions from multi-party computation to indistinguishability obfuscation. Its unique efficiency comes from the use of random local functions: each bit of the output is computed by applying some fixed public $n$-variable Boolean function $f$ to a random public size-$n$ tuple of distinct input bits. The characteristics that a Boolean function $f$ must have to ensure pseudorandomness is a puzzling issue. It has been studied in several works and particularly by Applebaum and Lovett (STOC 2016) who showed that resiliency and algebraic immunity are key parameters in this purpose. In this paper, we propose the first study on Boolean functions that reach together maximal algebraic immunity and high resiliency. 1) We assess the possible consequences of the asymptotic existence of such optimal functions. We show how they allow to build functions reaching all possible algebraic immunity-resiliency trade-offs (respecting the algebraic immunity and Siegenthaler bounds). We provide a new bound on the minimal number of variables~$n$, and thus on the minimal locality, necessary to ensure a secure Goldreich\u27s pseudorandom generator. Our results come with a granularity level depending on the strength of our assumptions, from none to the conjectured asymptotic existence of optimal functions. 2) We extensively analyze the possible existence and the properties of such optimal functions. Our results show two different trends. On the one hand, we were able to show some impossibility results concerning existing families of Boolean functions that are known to be optimal with respect to their algebraic immunity, starting by the promising XOR-MAJ functions. We show that they do not reach optimality and could be beaten by optimal functions if our conjecture is verified. On the other hand, we prove the existence of optimal functions in low number of variables by experimentally exhibiting some of them up to $12$ variables. This directly provides better candidates for Goldreich\u27s pseudorandom generator than the existing XOR-MAJ candidates for polynomial stretches from $2$ to $6$