# Yao's test

In cryptography and the theory of computation, Yao's test is a test defined by Andrew Chi-Chih Yao in 1982 ,[1] against pseudo-random sequences. A sequence of words passes Yao's test if an attacker with reasonable computational power cannot distinguish it from a sequence generated uniformly at random.

## Formal statement

### Boolean circuits

Let $P$ be a polynomial, and $S=\{S_k\}_k$ be a collection of sets $S_k$ of $P(k)$-bit long sequences, and for each $k$, let $\mu_k$ be a probability distribution on $S_k$, and $P_C$ be a polynomial. A predicting collection $C=\{C_k\}$ is a collection of boolean circuits of size less than $P_C(k)$. Let $p_{k,S}^C$ be the probability that on input $s$, a string randomly selected in $S_k$ with probability $\mu(s)$, $C_k(s)=1$, i.e.

$p_{k,S}^C={\mathcal P}[C_k(s)=1 | s\in S_k\text{ with probability }\mu_k(s)]$

Moreover, let $p_{k,U}^C$ be the probability that $C_k(s)=1$ on input $s$ a $P(k)$-bit long sequence selected uniformly at random in $\{0,1\}^{P(k)}$. We say that $S$ passes Yao's test if for all predicting collection $C$, for all but finitely many $k$, for all polynomial $Q$ :

$|p_{k,S}^C-p_{k,U}^C|<\frac{1}{Q(k)}$

### Probabilistic formulation

As in the case of the next-bit test, the predicting collection used in the above definition can be replaced by a probabilistic Turing machine, working in polynomial time. This also yields a strictly stronger definition of Yao's test (see Adleman's theorem). Indeed, One could decide undecidable properties of the pseudo-random sequence with the non-uniform circuits described above, whereas BPP machines can always be simulated by exponential-time deterministic Turing machines.

## References

1. ^ Andrew Chi-Chih Yao. Theory and applications of trapdoor functions. In Proceedings of the 23rd IEEE Symposium on Foundations of Computer Science, 1982.