We study pseudorandomness properties of permutations on $\{0,1\}^n$ computed by random circuits made from reversible $3$-bit gates (permutations on $\{0,1\}^3$). Our main result is that a random circuit of depth $n \cdot \tilde{O}(k^2)$, with each layer consisting of $\approx n/3$ random gates in a fixed nearest-neighbor architecture, yields almost $k$-wise independent permutations. The main technical component is showing that the Markov chain on $k$-tuples of $n$-bit strings induced by a single random $3$-bit nearest-neighbor gate has spectral gap at least $1/n \cdot \tilde{O}(k)$. This improves on the original work of Gowers [Gowers96], who showed a gap of $1/\mathrm{poly}(n,k)$ for one random gate (with non-neighboring inputs); and, on subsequent work [HMMR05,BH08] improving the gap to $\Omega(1/n^2k)$ in the same setting. From the perspective of cryptography, our result can be seen as a particularly simple/practical block cipher construction that gives provable statistical security against attackers with access to $k$~input-output pairs within few rounds. We also show that the Luby--Rackoff construction of pseudorandom permutations from pseudorandom functions can be implemented with reversible circuits. From this, we make progress on the complexity of the Minimum Reversible Circuit Size Problem (MRCSP), showing that block ciphers of fixed polynomial size are computationally secure against arbitrary polynomial-time adversaries, assuming the existence of one-way functions (OWFs).

翻译：我们研究了由随机可逆三比特门（$\{0,1\}^3$上的排列）构成的随机电路所计算的$\{0,1\}^n$上排列的伪随机性。主要结果表明，深度为$n \cdot \tilde{O}(k^2)$的随机电路（其中每层由固定最近邻架构中约$n/3$个随机门组成）可生成几乎$k$元独立排列。关键技术环节是证明单个随机三比特最近邻门诱导的$n$比特串$k$元组马尔可夫链的谱间隙至少为$1/n \cdot \tilde{O}(k)$。这改进了Gowers的原始工作[Gowers96]（针对单随机门（非相邻输入）证明间隙为$1/\mathrm{poly}(n,k)$）以及后续工作[HMMR05,BH08]（在同一设定下将间隙改进至$\Omega(1/n^2k)$）。从密码学视角看，我们的结果可视为一种特别简单/实用的分组密码构造，能在少量轮次内提供对抗拥有$k$个输入-输出对攻击者的可证明统计安全性。我们还证明了基于伪随机函数的Luby-Rackoff伪随机排列构造可通过可逆电路实现。由此，我们在最小可逆电路规模问题（MRCSP）的复杂度上取得进展：证明在假设单向函数（OWFs）存在的前提下，固定多项式规模的分组密码对任意多项式时间敌手具有计算安全性。