Pseudorandomness Properties of Random Reversible Circuits

TL;DR

This paper demonstrates that random reversible circuits with specific depth and architecture can produce permutations with strong pseudorandom properties, useful for cryptography, by analyzing their spectral gaps and combining one- and two-dimensional constructions.

Contribution

It introduces a simple, practical construction of approximately $k$-wise independent permutations using random reversible circuits in fixed architectures, with provable security guarantees.

Findings

Random circuits of depth ~√n produce approximate $k$-wise independent permutations.

Spectral gap analysis of Markov chains induced by 3-bit gates.

Two-dimensional lattice arrangements enhance permutation independence.

Abstract

Motivated by practical concerns in cryptography, we study pseudorandomness properties of permutations on $\{0,1\}^n$ computed by random circuits made from reversible $3$-bit gates (permutations on $\{0,1\}^3$). Our main result is that a random circuit of depth $\sqrt{n} \cdot \tilde{O}(k^3)$, with each layer consisting of $\Theta(n)$ random gates in a fixed two-dimensional nearest-neighbor architecture, yields approximate $k$-wise independent permutations. Our result can be seen as a particularly simple/practical block cipher construction that gives provable statistical security against attackers with access to $k$~input-output pairs within few rounds. The main technical component of our proof consists of two parts: 1. We show that the Markov chain on $k$-tuples of $n$-bit strings induced by a single random $3$-bit one-dimensional nearest-neighbor gate has spectral gap at least $1/n \cdot \tilde{O}(k)$. Then we infer that a random circuit with layers of random gates in a fixed one-dimensional gate architecture yields approximate $k$-wise independent permutations of $\{0,1\}^n$ in depth $n\cdot \tilde{O}(k^2)$ 2. We show that if the $n$ wires are layed out on a two-dimensional lattice of bits, then repeatedly alternating applications of approximate $k$-wise independent permutations of $\{0,1\}^{\sqrt n}$ to the rows and columns of the lattice yields an approximate $k$-wise independent permutation of $\{0,1\}^n$ in small depth. Our work improves on the original work of Gowers, who showed a gap of $1/\mathrm{poly}(n,k)$ for one random gate (with non-neighboring inputs); and, on subsequent work improving the gap to $\Omega(1/n^2k)$ in the same setting.