By ''efficient'' we mean that the time needed to compute the pseudo random output is polynomial in the length of the input seed.
By ''short'' and ''longer'' we require that the length of the output is strictly longer than the seed. It can be shown that this is sufficient to actually get any polynomial stretching factor.
By ''looks'' random we mean that no probabilistic polynomial time algorithm exists that can decide (with probability significantly greater than 1/2) if a given sample is from the generator or is a truly random string of the same length.
An example:
Which of these sequences do you think is random and which is not? One has been produced by a series of coin flips (and ought to be random) whereas the other has been produced by taking a prime number, p, computing 1/p and extracting a set of consecutive decimals in this expansion.
- 842061550843
- 286247531507
References:
Goldreich & Levin: "A Hard-Core Predicate for any One-way Function". Proceedings FOCS 1988.
Goldreich et al: "How to Construct Random Function". J. of ACM no 4 1986.
Goldreich et al: "On the existence of Pseudo Random Generators". Proceedings FOCS 1988.
Håstad et al: "Construction of a pseudo-random generator from any one-way function".
Proceedings STOC 1989, 1990.
Yao: "Theory and Applications of Trapdoor Functions". Proceedings FOCS 1982.
Good introductions to the theoretical aspects of cryptography are found in:
Diffie & Hellman: "New Directions in Cryptography". IEEE Trans. on Info. Theory 6 1976.
Goldreich: "Foundations of Cryptography". Lecture notes. Computer Science dept. of Technion, Haifa 1989.
Mats Näslund <matsn@nada.kth.se>, September 1994