Pseudorandomness, Volume 46, Number 10

T his essay considers finite objects, encoded by binary finite sequences called strings. When we talk of distributions we mean discrete probability distributions having a finite support that is a set of strings. Of special interest is the uniform distribution, which for a length parameter n (explicit or implicit in the discussion), assigns each n-bit string x ∈ {0,1}n equal probability (i.e., probability 2−n). We will colloquially speak of “perfectly random strings”, meaning strings selected according to such a uniform distribution. The second half of this century has witnessed the development of three theories of randomness, a notion that has been puzzling thinkers over the ages. The first theory (cf. [3]), initiated by Shannon, is rooted in probability theory and is focused on distributions that are not perfectly random. Shannon’s information theory characterizes perfect randomness as the extreme case in which the information content is maximized (and there is no redundancy at all).1 Thus, perfect randomness is associated with a unique distribution—the uniform one. In particular, by definition, one cannot generate such perfect random strings from shorter random strings. The second theory (cf. [11, 12]), due to Solomonov, Kolmogorov, and Chaitin, is rooted in computability theory and specifically in the notion of a universal language (equivalently, universal machine or computing device). It measures the complexity of objects in terms of the shortest program (for a fixed universal machine) that generates the object.2 Like Shannon’s theory, Kolmogorov complexity is quantitative, and perfect random objects appear as an extreme case. Interestingly, in this approach one may say that a single object, rather than a distribution over objects, is perfectly random. Still, Kolmogorov’s approach is inherently intractable (i.e., Kolmogorov complexity is uncomputable), and, by definition, one cannot generate strings of high Kolmogorov complexity from short random strings. The third theory, initiated by Blum, Goldwasser, Micali, and Yao [8, 2, 13], is rooted in complexity theory and is the focus of this essay. This approach is explicitly aimed at providing a theory of perfect randomness that nevertheless allows for the efficient generation of perfect random strings from shorter random strings. The heart of this approach is the suggestion to view objects as equal if they cannot be told apart by any efficient Oded Goldreich is professor of computer science at the Weizmann Institute of Science, Israel. His e-mail address is [email protected].