Suppose we are able to come up with an algorithm $A$ that outputs 1 with probability 1/2+ when given a locked version of some circuit C_1, but outputs 1 with probability 1/2 only when given a locked version of another circuit C_2. This means if we follow the algorithm in the paper for transforming a locked version of C_1 to a locked version of C_2, then for at least one of the 2^n input combinations, the probability of A outputting 1 when given a locked version of C_{1,2}^(i) is at least \epsilon/2^n greater than the probability of A outputting 1 given a locked version of C_{1,2}(i+1), where i is the index of the input combination and C_{1,2}^(x) denotes a half-transformed circuit as in the proof. But this mean that A can tell with probability at least \epsilon/2^n whether C_{1,2}^(i)’s output at input combination i is that of C_1 or that of C_2. at input combination i, which means it can tell the PRF’s output at i given only the punctured GGM key, which breaks the puncturability property, not the iO property since the iO we’re using is perfectly secure. All we need then is to use the theorem given by that website to transform this into a bound for breaking Trivium as a PRNG.