**On the Complexity of Breaking Pseudoentropy**

*Maciej Skorski*

**Abstract: **Pseudoentropy has found a lot of important applications to cryptography and complexity theory.
In this paper we focus on the foundational problem that has not been investigated so far, namely
by how much pseudoentropy (the amount seen by computationally bounded attackers) differs from its information-theoretic counterpart (seen by unbounded observers), given certain limits on attacker's computational power?

We provide the following answer for HILL pseudoentropy, which exhibits a \emph{threshold behavior} around the size exponential in the entropy amount: \begin{itemize} \item If the attacker size ($s$) and advantage ($\epsilon$) satisfy $s \gg 2^k\epsilon^{-2}$ where $k$ is the claimed amount of pseudoentropy, then the pseudoentropy boils down to the information-theoretic smooth entropy \item If $s \ll 2^k\epsilon^2$ then pseudoentropy could be arbitrarily bigger than the information-theoretic smooth entropy \end{itemize} Besides answering the posted question, we show an elegant application of our result to the complexity theory, namely that it implies the classical result on the existence of functions hard to approximate (due to Pippenger). In our approach we utilize non-constructive techniques: the duality of linear programming and the probabilistic method.

**Category / Keywords: **foundations / nonuniform attacks, pseudoentropy, smooth entropy, hardness of boolean functions

**Original Publication**** (with minor differences): **TAMC 2017

**Date: **received 29 Dec 2016, last revised 28 Mar 2017

**Contact author: **maciej skorski at gmail com

**Available format(s): **PDF | BibTeX Citation

**Version: **20170328:084614 (All versions of this report)

**Short URL: **ia.cr/2016/1186

**Discussion forum: **Show discussion | Start new discussion

[ Cryptology ePrint archive ]