Optimal PRGs for Low-Degree Polynomials over Polynomial-Size Fields

Pseudorandom generators (PRGs) for low-degree polynomials are a central object in pseudorandomness, with applications to circuit lower bounds and derandomization. Viola’s celebrated construction gives a PRG over the binary field, but with seed length exponential in the degree $d$. This exponential dependence can be avoided over sufficiently large fields. In particular, Dwivedi, Guo, and Volk constructed PRGs with optimal seed length over fields of size exponential in $d$. The latter builds on the framework of Derksen and Viola, who obtained optimal-seed constructions over fields of size polynomial in $d$, although growing with the number of variables $n$. In this work, we construct the first PRG with optimal seed length for degree-$d$ polynomials over fields of polynomial size, specifically $q \approx d^4$, assuming sufficiently large characteristic. Our construction follows the framework of prior work and reduces the required field size by replacing the hitting-set generator used in previous constructions with a new pseudorandom object. We also observe a threshold phenomenon in the field-size dependence. Specifically, we prove that constructing PRGs over fields of sublinear size, for example $q = d^{0.99}$ where $q$ is a power of two, would already yield PRGs for the binary field with comparable seed length via our reduction, provided that the construction imposes no restriction on the characteristic. While a breakdown of existing techniques has been noted before, we prove that this phenomenon is inherent to the problem itself, irrespective of the technique used.

💡 Research Summary

The paper addresses the long‑standing problem of constructing explicit pseudorandom generators (PRGs) that fool degree‑d multivariate polynomials over finite fields with optimal seed length. A PRG for a class C ⊆ Σⁿ → Σ is a map G : {0,1}ˢ → Σⁿ such that for every f ∈ C the distributions f(G(Uₛ)) and f(U_{Σⁿ}) are ε‑close in total variation distance. The information‑theoretic lower bound on the seed length is s = Ω(d·log(n/d)+log q+log (1/ε)). Achieving this bound explicitly has been a central challenge.

Prior work.
Viola’s celebrated construction over the binary field F₂ achieves seed length O(d·log n + d·2ᵈ·log(q/ε)), which is exponential in d. Over large fields, Bogdanov introduced a technique that reduces the problem to constructing hitting‑set generators (HSGs). Using HSGs together with algebraic geometry, Derksen–Viola (DV) obtained optimal‑seed PRGs when the field size q satisfies q ≥ Ω(d⁴·n^{0.001}/ε²). Later, Dwivedi–Guo–Volk (DGV) removed the dependence on n but required q ≥ Ω(d^{2ᵈ}/ε + d⁴/ε²), i.e., an exponential dependence on d.

Our contributions.

1. Optimal‑seed PRG over polynomial‑size fields.
   We construct an explicit PRG G : {0,1}ˢ → 𝔽_qⁿ with seed length
   s = O(d·log n + log q)
   that works for any field size q satisfying
   q ≥ Ω((d·log d)⁴/ε²) and char(𝔽_q) ≥ Ω(d²).
   This improves both DV (which needed q to grow with n) and DGV (which needed exponential q) by reducing the field size to a polynomial in d (roughly d⁴). The construction follows the DV/DGV framework but replaces the HSG used in DGV with a new pseudorandom object that we call a polynomial hitting set. This object allows us to keep the degree of the restriction polynomials p₁,…,pₙ constant while still preserving a crucial algebraic property—indecomposability—with high probability.

2. Threshold phenomenon.
   We prove that if one could construct a PRG for degree‑d polynomials over any field of size q = d^{1‑τ} (for some fixed τ > 0) without imposing any restriction on the characteristic, then a PRG of comparable seed length for the binary field would follow automatically. The reduction is simple: pick q to be a power of two, run the assumed PRG over 𝔽_q, and then apply the absolute trace map coordinate‑wise to obtain a generator over 𝔽₂. Because the trace is a linear map that preserves the distribution of indecomposable polynomials, the resulting binary PRG inherits the same seed length O(d·poly(1)·log n). Consequently, any sub‑linear improvement in the field‑size requirement would immediately collapse the binary‑field barrier, showing that the quartic dependence q ≈ d⁴ is essentially a structural threshold rather than an artifact of current techniques.

Technical overview.
The DV approach hinges on the fact that for an indecomposable polynomial f ∈ 𝔽_q