Yao's Test

In cryptography and the theory of computation, Yao's test is a test defined by Andrew Chi-Chih Yao in 1982,Andrew Chi-Chih Yao
Theory and applications of trapdoor functions
In Proceedings of the 23rd IEEE Symposium on Foundations of Computer Science, 1982. against pseudo-random sequences. A sequence of words passes Yao's test if an attacker with reasonable computational power cannot distinguish it from a sequence generated uniformly at random.

Formal statement

Boolean circuits

Let $P$ be a polynomial, and $S=\_k$ be a collection of sets $S_k$ of $P(k)$-bit long sequences, and for each $k$, let $\mu_k$ be a probability distribution on $S_k$, and $P_C$ be a polynomial. A predicting collection $C=\$ is a collection of boolean circuits of size less than $P_C(k)$. Let $p_^C$ be the probability that on input $s$, a string randomly selected in $S_k$ with probability $\mu(s)$, $C_k(s)=1$, i.e.

p_^C= s\in S_k\text\mu_k(s)/math>

Moreover, let $p_^C$ be the probability that $C_k(s)=1$ on input $s$ a $P(k)$-bit long sequence selected uniformly at random in $\^$. We say that $S$ passes Yao's test if for all predicting collection $C$, for all but finitely many $k$, for all polynomial $Q$ :

$, p_^C-p_^C, <\frac{Q(k)}$

Probabilistic formulation

As in the case of the next-bit test, the predicting collection used in the above definition can be replaced by a probabilistic Turing machine, working in polynomial time. This also yields a strictly stronger definition of Yao's test (see Adleman's theorem). Indeed, One could decide undecidable properties of the pseudo-random sequence with the non-uniform circuits described above, whereas BPP machines can always be simulated by exponential-time deterministic Turing machines.

References

Cryptography
Theory of computation