Abstract. Let f : {0, 1} n → {0, 1} l be a one-way function. A function h : {0, 1} n → {0, 1} m is called a hard-core function for f if, when given f (x) for a (secret) x drawn uniformly from {0, 1} n , it is computationally infeasible to distinguish h(x) from a uniformly random m-bit string. A (randomized) function h : {0, 1} n × {0, 1} k → {0, 1} m is a general hardcore function if it is hard-core for every one-way function f : {0, 1} n → {0, 1} l , where the second input to h is a k-bit uniform random string r. Hard-core functions are a crucial tool in cryptography, in particular for the construction of pseudo-random generators and pseudo-random functions from any one-way function. The first general hard-core predicate, proposed by Goldreich and Levin, and several subsequently proposed hard-core functions, are bilinear functions in the two arguments x and r. In this paper we introduce a parameter of bilinear functions h : {0, 1} n × {0, 1} k → {0, 1} m , called exponential rank loss, and prove that it characterizes exactly whether or not h is a general hard-core function. The security proofs for the previously proposed bilinear hard-core functions follow as simple consequences. Our results are obtained by extending the class of list-decodable codes and by generalizing Hast's list-decoding algorithm from the Reed-Muller code to general codes.