Goldreich’s pseudorandom generator is a well-known building block for many theoretical cryptographic constructions from multi-party computation to indistinguishability obfuscation. Its unique efficiency comes from the use of random local functions: each bit of the output is computed by applying some fixed public n-variable Boolean function f to a random public size-n tuple of distinct input bits. The characteristics that a Boolean function f must have to ensure pseudorandomness is a puzzling issue. It has been studied in several works and particularly by Applebaum and Lovett (STOC 2016) who showed that resiliency and algebraic immunity are key parameters in this purpose. In this paper, we propose the first study on Boolean functions that reach together maximal algebraic immunity and high resiliency. (1) We assess the possible consequences of the asymptotic existence of such optimal functions. We show how they allow to build functions reaching all possible algebraic immunity-resiliency trade-offs (respecting the algebraic immunity and Siegenthaler bounds). We provide a new bound on the minimal number of variables n, and thus on the minimal locality, necessary to ensure a secure Goldreich’s pseudorandom generator. Our results come with a granularity level depending on the strength of our assumptions, from none to the conjectured asymptotic existence of optimal functions. (2) We extensively analyze the possible existence and the properties of such optimal functions. Our results show two different trends. On the one hand, we were able to show some impossibility results concerning existing families of Boolean functions that are known to be optimal with respect to their algebraic immunity, starting by the promising XOR-MAJ functions. We show that they do not reach optimality and could be beaten by optimal functions if our conjecture is verified. On the other hand, we prove the existence of optimal functions in low number of variables by experimentally exhibiting some of them up to 12 variables. This directly provides better candidates for Goldreich’s pseudorandom generator than the existing XOR-MAJ candidates for polynomial stretches from 2 to 6.

Goldreich 的伪随机生成器是从多方计算到不可区分性混淆等许多理论密码结构的著名构建块。其独特的效率来自随机局部函数的使用：输出的每一位都是通过将一些固定的公共n变量布尔函数f应用于不同输入位的随机公共大小n元组来计算的。布尔函数f的特点必须保证伪随机性是一个令人费解的问题。它已经在几部作品中进行了研究，特别是 Applebaum 和 Lovett (STOC 2016)，他们表明弹性和代数免疫是实现这一目的的关键参数。在本文中，我们提出了第一个关于同时达到最大代数免疫和高弹性的布尔函数的研究。(1) 我们评估此类最优函数渐近存在的可能后果。我们展示了它们如何允许构建达到所有可能的代数免疫-弹性权衡的函数（尊重代数免疫和 Siegenthaler 界限）。我们提供了最小变量数n的新界限 ，因此在最小的地方，有必要确保安全的 Goldreich 伪随机生成器。根据我们假设的强度，我们的结果具有粒度级别，从无到最优函数的推测渐近存在。(2) 我们广泛分析了这种最优函数的可能存在性和性质。我们的结果显示出两种不同的趋势。一方面，我们能够展示一些关于已知在代数免疫方面最佳的布尔函数族的不可能结果，从有前途的 XOR-MAJ 函数开始。我们证明它们没有达到最优，如果我们的猜想得到验证，它们可能会被最优函数打败。另一方面，我们通过实验展示其中一些多达 12 个变量来证明在少量变量中存在最优函数。这直接为 Goldreich 的伪随机生成器提供了比从 2 到 6 的多项式延伸的现有 XOR-MAJ 候选更好的候选。