Non-Uniform Attacks Against Pseudoentropy

De, Trevisan and Tulsiani [CRYPTO 2010] show that every distribution over n-bit strings which has constant statistical distance to uniform (e.g., the output of a pseudorandom generator mapping n− 1 to n bit strings), can be distinguished from the uniform distribution with advantage by a circuit of size O(2 2). We generalize this result, showing that a distribution which has less than k bits of minentropy, can be distinguished from any distribution with k bits of δ-smooth min-entropy with advantage by a circuit of size O(2 2/δ2). As a special case, this implies that any distribution with support at most 2 (e.g., the output of a pseudoentropy generator mapping k to n bit strings) can be distinguished from any given distribution with min-entropy k+ 1 with advantage by a circuit of size O(2 2). Our result thus shows that pseudoentropy distributions face basically the same non-uniform attacks as pseudorandom distributions. 1998 ACM Subject Classification F.1.3 Complexity Measures and Classes