Randomness Condensers for Efficiently Samplable, Seed-Dependent Sources

We initiate a study of randomness condensers for sources that are efficiently samplable but may depend on the seed of the condenser. That is, we seek functions Cond : {0,1}n×{0,1}d→{0,1}m such that if we choose a random seed S←{0,1}d, and a source X= A(S) is generated by a randomized circuit A of size t such that X has min-entropy at least k given S, then Cond(X;S) should have min-entropy at least some k′ given S. The distinction from the standard notion of randomness condensers is that the source X may be correlated with the seed S (but is restricted to be efficiently samplable). Randomness extractors of this type (corresponding to the special case where k′=m) have been implicitly studied in the past (by Trevisan and Vadhan, FOCS ‘00). We show that: — Unlike extractors, we can have randomness condensers for samplable, seed-dependent sources whose computational complexity is smaller than the size t of the adversarial sampling algorithm A. Indeed, we show that sufficiently strong collision-resistant hash functions are seed-dependent condensers that produce outputs with min-entropy k' = m - O(log t), i.e. logarithmic entropy deficiency. — Randomness condensers suffice for key derivation in many cryptographic applications: when an adversary has negligible success probability (or negligible "squared advantage" [3]) for a uniformly random key, we can use instead a key generated by a condenser whose output has logarithmic entropy deficiency. — Randomness condensers for seed-dependent samplable sources that are robust to side information generated by the sampling algorithm imply soundness of the Fiat-Shamir Heuristic when applied to any constant-round, public-coin interactive proof system.

[1]  Benny Pinkas,et al.  Analysis of the Linux random number generator , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[2]  Aggelos Kiayias,et al.  Self Protecting Pirates and Black-Box Traitor Tracing , 2001, CRYPTO.

[3]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[4]  Ueli Maurer,et al.  Extracting randomness from generalized symbol-fixing and Markov sources , 2004, International Symposium onInformation Theory, 2004. ISIT 2004. Proceedings..

[5]  Yael Tauman Kalai,et al.  Improved Online/Offline Signature Schemes , 2001, CRYPTO.

[6]  Yael Tauman Kalai,et al.  Probabilistically Checkable Arguments , 2009, CRYPTO.

[7]  Eyal Kushilevitz,et al.  Exposure-Resilient Functions and All-or-Nothing Transforms , 2000, EUROCRYPT.

[8]  Yael Tauman Kalai,et al.  On the (In)security of the Fiat-Shamir paradigm , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[9]  Moni Naor,et al.  Magic functions , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[10]  Oded Goldreich,et al.  The Bit Extraction Problem of t-Resilient Functions (Preliminary Version) , 1985, FOCS.

[11]  Hugo Krawczyk,et al.  On the Composition of Zero-Knowledge Proof Systems , 1990, ICALP.

[12]  Shai Halevi Advances in Cryptology - CRYPTO 2009, 29th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 16-20, 2009. Proceedings , 2009, CRYPTO.

[13]  Emanuele Viola,et al.  Extractors for Circuit Sources , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.

[14]  Ivan Damgård,et al.  Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols , 1994, CRYPTO.

[15]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[16]  Ueli Maurer,et al.  Generalized Strong Extractors and Deterministic Privacy Amplification , 2005, IMACC.

[17]  Justin M. Reyneri,et al.  Coin flipping by telephone , 1984, IEEE Trans. Inf. Theory.

[18]  Avi Wigderson,et al.  Extracting randomness via repeated condensing , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[19]  Rafail Ostrovsky,et al.  Fast Verification of Any Remote Procedure Call: Short Witness-Indistinguishable One-Round Proofs for NP , 2000, ICALP.

[20]  Oded Goldreich,et al.  The bit extraction problem or t-resilient functions , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[21]  Yehuda Lindell,et al.  Lower bounds for non-black-box zero knowledge , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[22]  Enkatesan G Uruswami Unbalanced expanders and randomness extractors from Parvaresh-Vardy codes , 2008 .

[23]  Luca Trevisan,et al.  Extracting randomness from samplable distributions , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[24]  Elisabeth Oswald,et al.  A Comprehensive Evaluation of Mutual Information Analysis Using a Fair Evaluation Framework , 2011, CRYPTO.

[25]  Jean-Jacques Quisquater,et al.  A "Paradoxical" Indentity-Based Signature Scheme Resulting from Zero-Knowledge , 1988, CRYPTO.

[26]  Hugo Krawczyk,et al.  Leftover Hash Lemma, Revisited , 2011, IACR Cryptol. ePrint Arch..

[27]  Shafi Goldwasser,et al.  Advances in Cryptology — CRYPTO’ 88: Proceedings , 1990, Lecture Notes in Computer Science.

[28]  Michael E. Saks,et al.  Some extremal problems arising from discrete control processes , 1989, Comb..

[29]  David Zuckerman,et al.  Deterministic extractors for small-space sources , 2011, J. Comput. Syst. Sci..

[30]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[31]  Colin Boyd,et al.  Cryptography and Coding , 1995, Lecture Notes in Computer Science.

[32]  Ran Raz,et al.  Improved Randomness Extraction from Two Independent Sources , 2004, APPROX-RANDOM.

[33]  Noam Nisan,et al.  Randomness is Linear in Space , 1996, J. Comput. Syst. Sci..

[34]  Amnon Ta-Shma,et al.  Lossless Condensers, Unbalanced Expanders, And Extractors , 2007, Comb..

[35]  Boaz Barak,et al.  How to go beyond the black-box simulation barrier , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[36]  Amit Sahai,et al.  On Perfect and Adaptive Security in Exposure-Resilient Cryptography , 2001, EUROCRYPT.

[37]  Andrew Odlyzko,et al.  Advances in Cryptology — CRYPTO’ 86 , 2000, Lecture Notes in Computer Science.

[38]  Robin Milner,et al.  On Observing Nondeterminism and Concurrency , 1980, ICALP.

[39]  Miklos Santha,et al.  Generating Quasi-random Sequences from Semi-random Sources , 1986, J. Comput. Syst. Sci..

[40]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[41]  Avi Wigderson,et al.  Randomness conductors and constant-degree lossless expanders , 2002, STOC '02.

[42]  Oded Goldreich,et al.  Unbiased Bits from Sources of Weak Randomness and Probabilistic Communication Complexity , 1988, SIAM J. Comput..

[43]  Sorin C. Popescu,et al.  Lidar Remote Sensing , 2011 .

[44]  Ran Raz,et al.  On recycling the randomness of states in space bounded computation , 1999, STOC '99.

[45]  Yvo Desmedt,et al.  Advances in Cryptology — CRYPTO ’94 , 2001, Lecture Notes in Computer Science.

[46]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[47]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.