An Entropy Lower Bound for Non-Malleable Extractors

A <inline-formula> <tex-math notation="LaTeX">$(k, \varepsilon )$ </tex-math></inline-formula>-non-malleable extractor is a function <inline-formula> <tex-math notation="LaTeX">$ {\sf nmExt}: \{0,1\}^{n} \times \{0,1\}^{d} \to \{0,1\}$ </tex-math></inline-formula> that takes two inputs, a weak source <inline-formula> <tex-math notation="LaTeX">$X \sim \{0,1\}^{n}$ </tex-math></inline-formula> of min-entropy <inline-formula> <tex-math notation="LaTeX">$k$ </tex-math></inline-formula> and an independent uniform seed <inline-formula> <tex-math notation="LaTeX">$s \in \{0,1\}^{d}$ </tex-math></inline-formula>, and outputs a bit <inline-formula> <tex-math notation="LaTeX">$ {\sf nmExt}(X, s)$ </tex-math></inline-formula> that is <inline-formula> <tex-math notation="LaTeX">$ \varepsilon $ </tex-math></inline-formula>-close to uniform, even given the seed <inline-formula> <tex-math notation="LaTeX">$s$ </tex-math></inline-formula> and the value <inline-formula> <tex-math notation="LaTeX">$ {\sf nmExt}(X, s')$ </tex-math></inline-formula> for an adversarially chosen seed <inline-formula> <tex-math notation="LaTeX">$s' \neq s$ </tex-math></inline-formula>. Dodis and Wichs (STOC 2009) showed the existence of <inline-formula> <tex-math notation="LaTeX">$(k, \varepsilon )$ </tex-math></inline-formula>-non-malleable extractors with seed length <inline-formula> <tex-math notation="LaTeX">$d = \log (n-k-1) + 2\log (1/ \varepsilon ) + 6$ </tex-math></inline-formula> that support sources of min-entropy <inline-formula> <tex-math notation="LaTeX">$k > \log (d) + 2 \log (1/ \varepsilon ) + 8$ </tex-math></inline-formula>. We show that the foregoing bound is essentially tight, by proving that any <inline-formula> <tex-math notation="LaTeX">$(k, \varepsilon )$ </tex-math></inline-formula>-non-malleable extractor must satisfy the min-entropy bound <inline-formula> <tex-math notation="LaTeX">$k > \log (d) + 2 \log (1/ \varepsilon ) - \log \log (1/ \varepsilon ) - C$ </tex-math></inline-formula> for an absolute constant <inline-formula> <tex-math notation="LaTeX">$C$ </tex-math></inline-formula>. In particular, this implies that non-malleable extractors require min-entropy at least <inline-formula> <tex-math notation="LaTeX">$\Omega (\log \log (n))$ </tex-math></inline-formula>. This is in stark contrast to the existence of strong seeded extractors that support sources of min-entropy <inline-formula> <tex-math notation="LaTeX">$k = O(\log (1/ \varepsilon ))$ </tex-math></inline-formula>. Our techniques strongly rely on coding theory. In particular, we reveal an inherent connection between non-malleable extractors and error correcting codes, by proving a new lemma which shows that any <inline-formula> <tex-math notation="LaTeX">$(k, \varepsilon )$ </tex-math></inline-formula>-non-malleable extractor with seed length <inline-formula> <tex-math notation="LaTeX">$d$ </tex-math></inline-formula> induces a code <inline-formula> <tex-math notation="LaTeX">$ {\mathcal C} \subseteq \{0,1\}^{2^{k}}$ </tex-math></inline-formula> with relative distance <inline-formula> <tex-math notation="LaTeX">$ \frac {1}{2}- 2 \varepsilon $ </tex-math></inline-formula> and rate <inline-formula> <tex-math notation="LaTeX">$\frac {d-1}{2^{k}}$ </tex-math></inline-formula>.

[1]  Madhu Sudan,et al.  Extensions to the Method of Multiplicities, with Applications to Kakeya Sets and Mergers , 2009, 2009 50th Annual IEEE Symposium on Foundations of Computer Science.

[2]  Enkatesan G Uruswami Unbalanced expanders and randomness extractors from Parvaresh-Vardy codes , 2008 .

[3]  Avi Wigderson,et al.  Extracting randomness via repeated condensing , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[4]  Xin Li,et al.  Non-malleable Extractors, Two-Source Extractors and Privacy Amplification , 2011, 2012 IEEE 53rd Annual Symposium on Foundations of Computer Science.

[5]  Ran Raz,et al.  Non-malleable Extractors with Short Seeds and Applications to Privacy Amplification , 2012, 2012 IEEE 27th Conference on Computational Complexity.

[6]  Jaikumar Radhakrishnan,et al.  Bounds for Dispersers, Extractors, and Depth-Two Superconcentrators , 2000, SIAM J. Discret. Math..

[7]  Yevgeniy Dodis,et al.  Non-malleable extractors and symmetric key cryptography from weak secrets , 2009, STOC '09.

[8]  Salil P. Vadhan,et al.  Pseudorandomness , 2012, Found. Trends Theor. Comput. Sci..

[9]  Gil Cohen,et al.  Non-Malleable Extractors - New Tools and Improved Constructions , 2016, Electron. Colloquium Comput. Complex..

[10]  Amnon Ta-Shma,et al.  A reduction from efficient non-malleable extractors to low-error two-source extractors with arbitrary constant rate , 2017, Electron. Colloquium Comput. Complex..

[11]  Xin Li,et al.  Design extractors, non-malleable condensers and privacy amplification , 2012, STOC '12.

[12]  David Zuckerman,et al.  Explicit two-source extractors and resilient functions , 2016, Electron. Colloquium Comput. Complex..

[13]  Vojtech Rödl,et al.  Pseudorandom sets and explicit constructions of ramsey graphs , 2004 .

[14]  Xin Li,et al.  Non-malleable extractors and non-malleable codes: partially optimal constructions , 2018, IACR Cryptol. ePrint Arch..

[15]  Amnon Ta-Shma,et al.  Better Condensers and New Extractors from Parvaresh-Vardy Codes , 2012, 2012 IEEE 27th Conference on Computational Complexity.

[16]  Gil Cohen,et al.  Towards optimal two-source extractors and Ramsey graphs , 2017, STOC.

[17]  Robert J. McEliece,et al.  New upper bounds on the rate of a code via the Delsarte-MacWilliams inequalities , 1977, IEEE Trans. Inf. Theory.

[18]  Alex Samorodnitsky,et al.  Linear Programming Bounds for Codes via a Covering Argument , 2007, Electron. Colloquium Comput. Complex..

[19]  Vipul Goyal,et al.  Non-malleable extractors and codes, with their many tampered extensions , 2015, IACR Cryptol. ePrint Arch..

[20]  Xin Li,et al.  Improved non-malleable extractors, non-malleable codes and independent source extractors , 2016, Electron. Colloquium Comput. Complex..

[21]  Noga Alon,et al.  Perturbed Identity Matrices Have High Rank: Proof and Applications , 2009, Combinatorics, Probability and Computing.

[22]  Noam Nisan,et al.  Randomness is Linear in Space , 1996, J. Comput. Syst. Sci..

[23]  Guy Kindler,et al.  Simulating independence: new constructions of condensers, ramsey graphs, dispersers, and extractors , 2005, STOC '05.

[24]  Oded Goldreich,et al.  Unbiased Bits from Sources of Weak Randomness and Probabilistic Communication Complexity , 1988, SIAM J. Comput..