The Randomized Iterate Revisited - Almost Linear Seed Length PRGs from A Broader Class of One-way Functions, by Yu Yu and Dawu Gu and Xiangxue Li

We revisit ``the randomized iterate'' technique that was originally used by Goldreich, Krawczyk, and Luby (SICOMP 1993) and refined by Haitner, Harnik and Reingold (CRYPTO 2006) in constructing pseudorandom generators (PRGs) from regular one-way functions (OWFs). We abstract out a technical lemma (which is folklore in leakage resilient cryptography), and use it to provide a simpler and more modular proof for the Haitner-Harnik-Reingold PRGs from regular OWFs. We introduce a more general class of OWFs called ``weakly-regular one-way functions'', and construct a PRG with seed length $O(n*\log{n})$. More specifically, consider an arbitrary one-way function $f$ with range divided into sets $\Y_1$, $\Y_2$, $\ldots$, $\Y_n$ where each $\Y_i=\{y:2^{i-1}\le|f^{-1}(y)|<2^{i}\}$. We say that $f$ is weakly-regular if there is a cutoff point $max$ such that $\Y_{max}$ has some noticeable portion (say $n^{-c}$ for constant $c$), and $\Y_{max+1}$, $\ldots$, $\Y_n$ only sum to a negligible fraction $\epsilon$. We construct a PRG by making $O(n^{2c+1})$ calls to $f$ and achieve seed length $O(n*\log{n})$ using bounded space generators, where the only parameter required to know is $c$ (which is constant for a specific $f$ but may vary for different OWFs) and no knowledge is required for $max$ and $\epsilon$. This generalizes the approach of Haitner et al., where arbitrary regular OWFs fall into a special case for $c=0$. We use a proof technique that is similar to and extended from the method by Haitner, Harnik and Reingold for hardness amplification of regular weakly-one-way functions. Our work further explores the feasibility and limits of the ``randomized iterate'' type of black-box constructions. In particular, the underlying $f$ can have an arbitrary structure as long as the set of images with maximal preimage size has a noticeable fraction. In addition, our construction is much more seed-length efficient and security-preserving (but less general) than the HILL-style generators where the best known construction by Vadhan and Zheng (STOC 2012) requires seed length $\tilde{O}(n^3)$.