Extracting Correlations

Motivated by applications in cryptography, we consider a generalization of randomness extraction and the related notion of privacy amplification to the case of two correlated sources. We introduce the notion of {\em correlation extractors}, which extract nearly perfect independent instances of a given joint distribution from imperfect, or "leaky,'' instances of the same distribution. More concretely, suppose that Alice holds $a$ and Bob holds $b$, where $(a, b)$ are obtained by taking $n$ independent samples from a joint distribution $(X, Y)$ and letting $a$ include all $X$ instances and $b$ include all $Y$ instances. An adversary Eve obtains partial information about $(a, b)$ by choosing a function $L$ with output length $t$ and learning $L(a, b)$.The goal is to design a protocol between Alice and Bob which may use additional fresh randomness, such that for every $L$ as above the following holds. In the end of the interaction, Alice outputs $a'$ and Bob outputs $b'$ such that $(a', b')$ are statistically indistinguishable from $m$ independent instances of $(X, Y)$ even when conditioned on Eve's view, and {\em even when conditioned on the joint view of Eve together with either Alice or Bob}.The standard questions of privacy amplification and randomness extraction correspond to the case where $X$ and $Y$ are identical random bits. In this work we address this question for other types of correlations. A central special case is that of {\em OT extractors}, which are correlation extractors for the correlation $(X, Y)$ corresponding to the cryptographic primitive of oblivious transfer. Our main result is that for any finite joint distribution $(X, Y)$ there is an explicit correlation extractor which extracts $m=\Omega(n)$ instances using $O(n)$ bits of communication, even when $t=\Omega(n)$ bits of information can be leaked to Eve. We present several applications which motivate the concept of correlation extractors and our main result. These include:\begin{itemize} \item Protecting certain cryptographic protocols against side-channel attacks. \item A protocol which realizes $m$ instances of oblivious transfer by communicating only $O(m)$ bits. The security of the protocol relies on a number-theoretic intractability assumption. \item A {\em constant-rate} unconditionally secure construction of oblivious transfer (for semi-honest parties) from {\em any nontrivial channel}. This establishes constant-rate equivalence of any two nontrivial finite channels.\end{itemize}

[1]  Noam Nisan,et al.  Randomness is Linear in Space , 1996, J. Comput. Syst. Sci..

[2]  Vinod Vaikuntanathan,et al.  Simultaneous Hardcore Bits and Cryptography against Memory Attacks , 2009, TCC.

[3]  Ueli Maurer Conditionally-perfect secrecy and a provably-secure randomized cipher , 2004, Journal of Cryptology.

[4]  Donald Beaver,et al.  Multiparty Computation with Faulty Majority , 1989, CRYPTO.

[5]  A. D. Wyner,et al.  The wire-tap channel , 1975, The Bell System Technical Journal.

[6]  Ivan Damgård,et al.  Unfair Noisy Channels and Oblivious Transfer , 2003, TCC.

[7]  Anderson C. A. Nascimento,et al.  On the Oblivious Transfer Capacity of Noisy Correlations , 2006, 2006 IEEE International Symposium on Information Theory.

[8]  Donald Beaver,et al.  Precomputing Oblivious Transfer , 1995, CRYPTO.

[9]  ApplebaumBenny,et al.  Cryptography in $NC^0$ , 2006 .

[10]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[11]  Claude Crépeau,et al.  Efficient Cryptographic Protocols Based on Noisy Channels , 1997, EUROCRYPT.

[12]  Oded Goldreich,et al.  How to Solve any Protocol Problem - An Efficiency Improvement , 1987, CRYPTO.

[13]  Jürg Wullschleger,et al.  Error-Tolerant Combiners for Oblivious Primitives , 2008, ICALP.

[14]  Claude Crépeau,et al.  Oblivious transfer with a memory-bounded receiver , 1998, Proceedings 39th Annual Symposium on Foundations of Computer Science (Cat. No.98CB36280).

[15]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[16]  Silvio Micali,et al.  Computationally Private Information Retrieval with Polylogarithmic Communication , 1999, EUROCRYPT.

[17]  Rafail Ostrovsky,et al.  Cryptography with constant computational overhead , 2008, STOC.

[18]  Moni Naor,et al.  A Minimal Model for Secure Computation , 2002 .

[19]  Kirill Morozov,et al.  Efficient Unconditional Oblivious Transfer from Almost Any Noisy Channel , 2004, SCN.

[20]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[21]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[22]  Avi Wigderson,et al.  Tiny Families of Functions with Random Properties: A Quality-Size Trade-off for Hashing , 1997, Electron. Colloquium Comput. Complex..

[23]  Noga Alon,et al.  Random Cayley Graphs and Expanders , 1994, Random Struct. Algorithms.

[24]  Joe Kilian More general completeness theorems for secure two-party computation , 2000, STOC '00.

[25]  Rafail Ostrovsky,et al.  Single Database Private Information Retrieval Implies Oblivious Transfer , 2000, EUROCRYPT.

[26]  Yael Tauman Kalai,et al.  Network Extractor Protocols , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[27]  Yevgeniy Dodis,et al.  On Extracting Private Randomness over a Public Channel , 2003, RANDOM-APPROX.

[28]  Rafail Ostrovsky,et al.  Replication is not needed: single database, computationally-private information retrieval , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[29]  H. Stichtenoth,et al.  On the Asymptotic Behaviour of Some Towers of Function Fields over Finite Fields , 1996 .

[30]  Ueli Maurer,et al.  Generalized privacy amplification , 1994, Proceedings of 1994 IEEE International Symposium on Information Theory.

[31]  Yuval Ishai,et al.  OT-Combiners via Secure Computation , 2008, TCC.

[32]  Hao Chen,et al.  Algebraic Geometric Secret Sharing Schemes and Secure Multi-Party Computations over Small Fields , 2006, CRYPTO.

[33]  Eyal Kushilevitz,et al.  Private information retrieval , 1998, JACM.

[34]  Michael O. Rabin,et al.  How To Exchange Secrets with Oblivious Transfer , 2005, IACR Cryptol. ePrint Arch..

[35]  Craig Gentry,et al.  Single-Database Private Information Retrieval with Constant Communication Rate , 2005, ICALP.

[36]  Ueli Maurer,et al.  Perfect cryptographic security from partially independent channels , 1991, STOC '91.

[37]  Gilles Brassard,et al.  Privacy Amplification by Public Discussion , 1988, SIAM J. Comput..

[38]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[39]  Oded Goldreich Foundations of Cryptography: Volume 1 , 2006 .

[40]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[41]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[42]  Jürg Wullschleger Oblivious Transfer from Weak Noisy Channels , 2009, TCC.

[43]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[44]  Stefan Wolf,et al.  Oblivious Transfer Is Symmetric , 2006, EUROCRYPT.

[45]  Moni Naor,et al.  Small-bias probability spaces: efficient constructions and applications , 1990, STOC '90.

[46]  Moni Naor,et al.  On Robust Combiners for Oblivious Transfer and Other Primitives , 2005, EUROCRYPT.

[47]  Yuval Ishai,et al.  Perfect Constant-Round Secure Computation via Perfect Randomizing Polynomials , 2002, ICALP.

[48]  Ronen Shaltiel,et al.  Constant-Round Oblivious Transfer in the Bounded Storage Model , 2004, Journal of Cryptology.

[49]  Yuval Ishai,et al.  Cryptography in NC0 , 2004, SIAM J. Comput..

[50]  Joe Kilian,et al.  Achieving oblivious transfer using weakened security assumptions , 1988, [Proceedings 1988] 29th Annual Symposium on Foundations of Computer Science.

[51]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[52]  Vinod Vaikuntanathan,et al.  Distributed Computing with Imperfect Randomness , 2005, DISC.

[53]  Yehuda Lindell,et al.  Black-box constructions for secure computation , 2006, STOC '06.

[54]  Oded Goldreich,et al.  The bit extraction problem or t-resilient functions , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).