Constructing Locally Computable Extractors and Cryptosystems in the Bounded-Storage Model

Abstract We consider the problem of constructing randomness extractors that are locally computable; that is, read only a small number of bits from their input. As recently shown by Lu locally computable extractors directly yield secure private-key cryptosystems in Maurer’s bounded-storage model. We suggest a general “sample-then-extract” approach to constructing locally computable extractors: use essentially any randomness-efficient sampler to select bits from the input and then apply any extractor to the selected bits. Plugging in known sampler and extractor constructions, we obtain locally computable extractors, and hence cryptosystems in the bounded-storage model, whose parameters improve upon previous constructions. We also provide lower bounds showing that the parameters we achieve are nearly optimal. The correctness of the sample-then-extract approach follows from a fundamental lemma of Nisan and Zuckerman, which states that sampling bits from a weak random source roughly preserves the min-entropy rate. We also present a refinement of this lemma, showing that the min-entropy rate is preserved up to an arbitrarily small additive loss, whereas the original lemma loses a logarithmic factor.

[1]  L. Fortnow,et al.  Recent Developments in Explicit Constructions of Extractors , 2002, Bull. EATCS.

[2]  Luca Trevisan,et al.  Extractors and pseudorandom generators , 2001, JACM.

[3]  Avi Wigderson,et al.  Extracting randomness via repeated condensing , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[4]  Oded Goldreich,et al.  On the power of two-point based sampling , 1989, J. Complex..

[5]  Avi Wigderson,et al.  Entropy waves, the zig-zag graph product, and new constant-degree expanders and extractors , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[6]  Jaikumar Radhakrishnan,et al.  Tight bounds for depth-two superconcentrators , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[7]  Ueli Maurer,et al.  Secret key agreement by public discussion from common information , 1993, IEEE Trans. Inf. Theory.

[8]  Ueli Maurer,et al.  Optimal Randomizer Efficiency in the Bounded-Storage Model , 2003, Journal of Cryptology.

[9]  Oded Goldreich,et al.  Unbiased Bits from Sources of Weak Randomness and Probabilistic Communication Complexity , 1988, SIAM J. Comput..

[10]  U. Maurer,et al.  Secret key agreement by public discussion from common information , 1993, IEEE Trans. Inf. Theory.

[11]  Michael O. Rabin,et al.  Hyper-Encryption and Everlasting Security , 2002, STACS.

[12]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[13]  Noam Nisan,et al.  Randomness is Linear in Space , 1996, J. Comput. Syst. Sci..

[14]  Gilles Brassard,et al.  Privacy Amplification by Public Discussion , 1988, SIAM J. Comput..

[15]  Noam Nisan,et al.  Pseudorandom generators for space-bounded computations , 1990, STOC '90.

[16]  Aravind Srinivasan,et al.  Explicit OR-dispersers with polylogarithmic degree , 1998, JACM.

[17]  Noam Nisan,et al.  Pseudorandom generators for space-bounded computation , 1992, Comb..

[18]  Salil P. Vadhan,et al.  On Constructing Locally Computable Extractors and Cryptosystems in the Bounded Storage Model , 2003, CRYPTO.

[19]  Amnon Ta-Shma Almost Optimal Dispersers , 2002, Comb..

[20]  Yonatan Aumann,et al.  Everlasting security in the bounded storage model , 2002, IEEE Trans. Inf. Theory.

[21]  Devdatt P. Dubhashi,et al.  Concentration of Measure for Randomized Algorithms: Techniques and Analysis , 2001 .

[22]  Avi Wigderson,et al.  Tiny Families of Functions with Random Properties: A Quality-Size Trade-off for Hashing , 1997, Electron. Colloquium Comput. Complex..

[23]  Mihir Bellare,et al.  Forward-Security in Private-Key Cryptography , 2003, CT-RSA.

[24]  Ran Raz,et al.  Extracting all the randomness and reducing the error in Trevisan's extractors , 1999, STOC '99.

[25]  Chi-Jen Lu,et al.  Hyper-encryption against Space-Bounded Adversaries from On-Line Strong Extractors , 2002, CRYPTO.

[26]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[27]  Luca Trevisan,et al.  Streaming computation of combinatorial objects , 2002, Proceedings 17th IEEE Annual Conference on Computational Complexity.

[28]  Avi Wigderson,et al.  Extractors: optimal up to constant factors , 2003, STOC '03.

[29]  Christopher Umans,et al.  Simple extractors for all min-entropies and a new pseudo-random generator , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[30]  Noam Nisan,et al.  Extracting Randomness: A Survey and New Constructions , 1999, J. Comput. Syst. Sci..

[31]  Mihir Bellare,et al.  Randomness-efficient oblivious sampling , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[32]  Jaikumar Radhakrishnan,et al.  Bounds for Dispersers, Extractors, and Depth-Two Superconcentrators , 2000, SIAM J. Discret. Math..

[33]  Zvi Galil,et al.  Explicit Constructions of Linear-Sized Superconcentrators , 1981, J. Comput. Syst. Sci..

[34]  Christopher Umans,et al.  Simple extractors for all min-entropies and a new pseudorandom generator , 2005, JACM.

[35]  Ran Canetti,et al.  Lower Bounds for Sampling Algorithms for Estimating the Average , 1995, Inf. Process. Lett..

[36]  David Zuckerman Randomness-optimal oblivious sampling , 1997, Random Struct. Algorithms.

[37]  DziembowskiStefan,et al.  Optimal Randomizer Efficiency in the Bounded-Storage Model , 2004 .

[38]  Oded Goldreich,et al.  A Sample of Samplers - A Computational Perspective on Sampling (survey) , 1997, Electron. Colloquium Comput. Complex..

[39]  David Zuckerman Simulating BPP using a general weak random source , 2005, Algorithmica.

[40]  Mihir Bellare,et al.  Randomness in interactive proofs , 1990, Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.

[41]  Chi-Jen Lu Encryption against Storage-Bounded Adversaries from On-Line Strong Extractors , 2003, Journal of Cryptology.

[42]  Yonatan Aumann,et al.  Information Theoretically Secure Communication in the Limited Storage Space Model , 1999, CRYPTO.

[43]  Ueli Maurer Conditionally-perfect secrecy and a provably-secure randomized cipher , 2004, Journal of Cryptology.

[44]  Amnon Ta-Shma,et al.  Extractors from Reed-Muller codes , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[45]  Ueli Maurer,et al.  Tight security proofs for the bounded-storage model , 2002, STOC '02.

[46]  Noga Alon,et al.  The Probabilistic Method , 2015, Fundamentals of Ramsey Theory.

[47]  Ueli Maurer,et al.  Unconditional Security Against Memory-Bounded Adversaries , 1997, CRYPTO.