On the Complexity of Parallel Hardness Amplification for One-Way Functions

We prove complexity lower bounds for the tasks of hardness amplification of one-way functions and construction of pseudo-random generators from one-way functions, which are realized non-adaptively in black-box ways. First, we consider the task of converting a one-way function f : {0, 1} → {0, 1} into a harder one-way function f̄ : {0, 1} → {0, 1}, with n̄, m̄ ≤ poly(n), in a black-box way. The hardness is measured as the fraction of inputs any polynomial-size circuit must fail to invert. We show that to use a constant-depth circuit to amplify hardness beyond a polynomial factor, its size must exceed 2, and to amplify hardness beyond a 2 factor, its size must exceed 2 o(n) . Moreover, for a constant-depth circuit to amplify hardness beyond an n factor in a security preserving way (with n̄ = O(n)), it size must exceed 2 o(1) . Next, we show that if a constant-depth polynomial-size circuit can amplify hardness beyond a polynomial factor in a weakly black-box way, then it must basically embed a hard function in itself. In fact, one can derive from such an amplification procedure a highly parallel one-way function, which is computable by an NC circuit (constant-depth polynomialsize circuit with bounded fan-in gates). Finally, we consider the task of constructing a pseudo-random generator G : {0, 1} → {0, 1} from a strongly one-way function f : {0, 1} → {0, 1} in a black-box way. We show that any such a construction realized by a constant-depth 2 o(1) -size circuit can only have a sublinear stretch (with m̄− n̄ = o(n̄)).