Local randomness in candidate one-way functions

Abstract

We call a distribution on n-bit strings (ɛ, e)-locally random, if for every choice of e ≤ n positions the induced distribution on e-bit strings is in the L 1-norm at most ɛ away from the uniform distribution on e-bit strings. We establish local randomness in polynomial random number generators (RNG) that are candidate one-way functions. Let N be a squarefree integer and let f1, …, fℓ be polynomials with coefficients in ℤN = ℤ/Nℤ. We study the RNG that stretches a random x ∈ ℤN into the sequence of least significant bits of f1(x), …, fℓ(x). We show that this RNG provides local randomness if for every prime divisor p of N the polynomials f1, …, fℓ are linearly independent modulo the subspace of polynomials of degree ≤ 1 in ℤp[x]. We also establish local randomness in polynomial random function generators. This yields candidates for cryptographic hash functions. The concept of local randomness in families of functions extends the concept of universal families of hash functions by Carter and Wegman (1979). The proofs of our results rely on upper bounds for exponential sums.