Let ${\displaystyle P}$  be a polynomial, and ${\displaystyle S=\{S_{k}\}}$  be a collection of sets such that ${\displaystyle S_{k}}$  contains ${\displaystyle P(k)}$ -bit long sequences. Moreover, let ${\displaystyle \mu _{k}}$  be the probability distribution of the strings in ${\displaystyle S_{k}}$ .

We now define the next-bit test in two different ways.

Boolean circuit formulation Edit

A predicting collection^[2] ${\displaystyle C=\{C_{k}^{i}\}}$  is a collection of boolean circuits, such that each circuit ${\displaystyle C_{k}^{i}}$  has less than ${\displaystyle P_{C}(k)}$  gates and exactly ${\displaystyle i}$  inputs. Let ${\displaystyle p_{k,i}^{C}}$  be the probability that, on input the ${\displaystyle i}$  first bits of ${\displaystyle s}$ , a string randomly selected in ${\displaystyle S_{k}}$  with probability ${\displaystyle \mu _{k}(s)}$ , the circuit correctly predicts ${\displaystyle s_{i+1}}$ , i.e. :

Now, we say that ${\displaystyle \{S_{k}\}_{k}}$  passes the next-bit test if for any predicting collection ${\displaystyle C}$ , any polynomial ${\displaystyle Q}$  :

Probabilistic Turing machines Edit

We can also define the next-bit test in terms of probabilistic Turing machines, although this definition is somewhat stronger (see Adleman's theorem). Let ${\displaystyle {\mathcal {M}}}$  be a probabilistic Turing machine, working in polynomial time. Let ${\displaystyle p_{k,i}^{\mathcal {M}}}$  be the probability that ${\displaystyle {\mathcal {M}}}$  predicts the ${\displaystyle (i+1)}$ st bit correctly, i.e.

We say that collection ${\displaystyle S=\{S_{k}\}}$  passes the next-bit test if for all polynomial ${\displaystyle Q}$ , for all but finitely many ${\displaystyle k}$ , for all ${\displaystyle 0<i<k}$ :

The next-bit test is a particular case of Yao's test for random sequences, and passing it is therefore a necessary condition for passing Yao's test. However, it has also been shown a sufficient condition by Yao.^[1]

We prove it now in the case of the probabilistic Turing machine, since Adleman has already done the work of replacing randomization with non-uniformity in his theorem. The case of Boolean circuits cannot be derived from this case (since it involves deciding potentially undecidable problems), but the proof of Adleman's theorem can be easily adapted to the case of non-uniform Boolean circuit families.

Let ${\displaystyle {\mathcal {M}}}$  be a distinguisher for the probabilistic version of Yao's test, i.e. a probabilistic Turing machine, running in polynomial time, such that there is a polynomial ${\displaystyle Q}$  such that for infinitely many ${\displaystyle k}$ 

Let ${\displaystyle R_{k,i}=\{s_{1}\ldots s_{i}u_{i+1}\ldots u_{P(k)}|s\in S_{k},u\in \{0,1\}^{P(k)}\}}$ . We have: ${\displaystyle R_{k,0}=\{0,1\}^{P(k)}}$  and ${\displaystyle R_{k,P(k)}=S_{k}}$ . Then, we notice that ${\displaystyle \sum _{i=0}^{P(k)}|p_{k,R_{k,i+1}}^{\mathcal {M}}-p_{k,R_{k,i}}^{\mathcal {M}}|\geq |p_{k,R_{k,P(k)}}^{\mathcal {M}}-p_{k,R_{k,0}}^{\mathcal {M}}|=|p_{k,S}^{\mathcal {M}}-p_{k,U}^{\mathcal {M}}|\geq {\frac {1}{Q(k)}}}$ . Therefore, at least one of the ${\displaystyle |p_{k,R_{k,i+1}}^{\mathcal {M}}-p_{k,R_{k,i}}^{\mathcal {M}}|}$  should be no smaller than ${\displaystyle {\frac {1}{Q(k)P(k)}}}$ .

Next, we consider probability distributions ${\displaystyle \mu _{k,i}}$  and ${\displaystyle {\overline {\mu _{k,i}}}}$  on ${\displaystyle R_{k,i}}$ . Distribution ${\displaystyle \mu _{k,i}}$  is the probability distribution of choosing the ${\displaystyle i}$  first bits in ${\displaystyle S_{k}}$  with probability given by ${\displaystyle \mu _{k}}$ , and the ${\displaystyle P(k)-i}$  remaining bits uniformly at random. We have thus:

We thus have ${\displaystyle \mu _{k,i}={\frac {1}{2}}(\mu _{k,i+1}+{\overline {\mu _{k,i+1}}})}$  (a simple calculus trick shows this), thus distributions ${\displaystyle \mu _{k,i+1}}$  and ${\displaystyle {\overline {\mu _{k,i+1}}}}$  can be distinguished by ${\displaystyle {\mathcal {M}}}$ . Without loss of generality, we can assume that ${\displaystyle p_{\mu _{k,i+1}}^{\mathcal {M}}-p_{\overline {\mu _{k,i+1}}}^{\mathcal {M}}\geq {\frac {1}{2}}+{\frac {1}{R(k)}}}$ , with ${\displaystyle R}$  a polynomial.

This gives us a possible construction of a Turing machine solving the next-bit test: upon receiving the ${\displaystyle i}$  first bits of a sequence, ${\displaystyle {\mathcal {N}}}$  pads this input with a guess of bit ${\displaystyle l}$  and then ${\displaystyle P(k)-i-1}$  random bits, chosen with uniform probability. Then it runs ${\displaystyle {\mathcal {M}}}$ , and outputs ${\displaystyle l}$  if the result is ${\displaystyle 1}$ , and ${\displaystyle 1-l}$  else.