12 research outputs found
Affine-malleable Extractors, Spectrum Doubling, and Application to Privacy Amplification
The study of seeded randomness extractors is a major line of research in theoretical computer science. The goal is to construct deterministic algorithms which can take a ``weak random source with min-entropy and a uniformly random seed of length , and outputs a string of length close to that is close to uniform and independent of . Dodis and Wichs~\cite{DW09} introduced a generalization of randomness extractors called non-malleable extractors (\nmExt) where \nmExt(X,Y) is close to uniform and independent of and \nmExt(X,f(Y)) for any function with no fixed points.
We relax the notion of a non-malleable extractor and introduce what we call an affine-malleable extractor (\AmExt: \F^n \times \F^d \mapsto \F) where \AmExt(X,Y) is close to uniform and independent of and has some limited dependence of \AmExt(X,f(Y)) - that conditioned on , (\AmExt(X,Y), \AmExt(X,f(Y))) is close to where is uniformly distributed in \F and A, B \in \F are random variables independent of \F.
We show under a plausible conjecture in additive combinatorics (called the Spectrum Doubling Conjecture) that the inner-product function \IP{\cdot,\cdot}:\F^n \times \F^n \mapsto \F is an affine-malleable extractor. As a modest justification of the conjecture, we show that a weaker version of the conjecture is implied by the widely believed Polynomial Freiman-Ruzsa conjecture.
We also study the classical problem of privacy amplification, where two parties Alice and Bob share a weak secret of min-entropy , and wish to agree on secret key of length over a public communication channel completely controlled by a computationally unbounded attacker Eve. The main application of non-malleable extractors and its many variants has been in constructing secure privacy amplification protocols.
We show that affine-malleable extractors along with affine-evasive sets can also be used to construct efficient privacy amplification protocols. We show that our protocol, under the Spectrum Doubling Conjecture, achieves near optimal parameters and achieves additional security properties like source privacy that have been the focus of some recent results in privacy amplification
A Quantum-Proof Non-Malleable Extractor, With Application to Privacy Amplification against Active Quantum Adversaries
In privacy amplification, two mutually trusted parties aim to amplify the
secrecy of an initial shared secret in order to establish a shared private
key by exchanging messages over an insecure communication channel. If the
channel is authenticated the task can be solved in a single round of
communication using a strong randomness extractor; choosing a quantum-proof
extractor allows one to establish security against quantum adversaries.
In the case that the channel is not authenticated, Dodis and Wichs (STOC'09)
showed that the problem can be solved in two rounds of communication using a
non-malleable extractor, a stronger pseudo-random construction than a strong
extractor.
We give the first construction of a non-malleable extractor that is secure
against quantum adversaries. The extractor is based on a construction by Li
(FOCS'12), and is able to extract from source of min-entropy rates larger than
. Combining this construction with a quantum-proof variant of the
reduction of Dodis and Wichs, shown by Cohen and Vidick (unpublished), we
obtain the first privacy amplification protocol secure against active quantum
adversaries
Revisiting the Sanders-Freiman-Ruzsa Theorem in and its Application to Non-malleable Codes
Non-malleable codes (NMCs) protect sensitive data against degrees of
corruption that prohibit error detection, ensuring instead that a corrupted
codeword decodes correctly or to something that bears little relation to the
original message. The split-state model, in which codewords consist of two
blocks, considers adversaries who tamper with either block arbitrarily but
independently of the other. The simplest construction in this model, due to
Aggarwal, Dodis, and Lovett (STOC'14), was shown to give NMCs sending k-bit
messages to -bit codewords. It is conjectured, however, that the
construction allows linear-length codewords. Towards resolving this conjecture,
we show that the construction allows for code-length . This is achieved
by analysing a special case of Sanders's Bogolyubov-Ruzsa theorem for general
Abelian groups. Closely following the excellent exposition of this result for
the group by Lovett, we expose its dependence on for the
group , where is a prime
Extractors: Low Entropy Requirements Colliding With Non-Malleability
The known constructions of negligible error (non-malleable) two-source
extractors can be broadly classified in three categories:
(1) Constructions where one source has min-entropy rate about , the
other source can have small min-entropy rate, but the extractor doesn't
guarantee non-malleability.
(2) Constructions where one source is uniform, and the other can have small
min-entropy rate, and the extractor guarantees non-malleability when the
uniform source is tampered.
(3) Constructions where both sources have entropy rate very close to and
the extractor guarantees non-malleability against the tampering of both
sources.
We introduce a new notion of collision resistant extractors and in using it
we obtain a strong two source non-malleable extractor where we require the
first source to have entropy rate and the other source can have
min-entropy polylogarithmic in the length of the source.
We show how the above extractor can be applied to obtain a non-malleable
extractor with output rate , which is optimal. We also show how, by
using our extractor and extending the known protocol, one can obtain a privacy
amplification secure against memory tampering where the size of the secret
output is almost optimal
Non-Malleable Extractors - New Tools and Improved Constructions
A non-malleable extractor is a seeded extractor with a very strong guarantee - the output of a non-malleable extractor obtained using a typical seed is close to uniform even conditioned on the output obtained using any other seed. The first contribution of this paper consists of two new and improved constructions of non-malleable extractors:
- We construct a non-malleable extractor with seed-length O(log(n) * log(log(n))) that works for entropy Omega(log(n)). This improves upon a recent exciting construction by Chattopadhyay, Goyal, and Li (STOC\u2716) that has seed length O(log^{2}(n)) and requires entropy Omega(log^{2}(n)).
- Secondly, we construct a non-malleable extractor with optimal seed length O(log(n)) for entropy n/log^{O(1)}(n). Prior to this construction, non-malleable extractors with a logarithmic seed length, due to Li (FOCS\u2712), required entropy 0.49*n. Even non-malleable condensers with seed length O(log(n)), by Li (STOC\u2712), could only support linear entropy.
We further devise several tools for enhancing a given non-malleable extractor in a black-box manner. One such tool is an algorithm that reduces the entropy requirement of a non-malleable extractor at the expense of a slightly longer seed. A second algorithm increases the output length of a non-malleable extractor from constant to linear in the entropy of the source. We also devise an algorithm that transforms a non-malleable extractor to the so-called t-non-malleable extractor for any desired t. Besides being useful building blocks for our constructions, we consider these modular tools to be of independent interest
Recommended from our members
Explicit two-source extractors and more
In this thesis we study the problem of extracting almost truly random bits from imperfect sources of randomness. This is motivated by the wide use of randomness in computer science, and the fact that most accessible sources of randomness generate correlated bits, and at best contain some amount of entropy. We follow Chor and Goldreich [CG88] and Zuckerman [Z90], and model weak sources using min-entropy, where an (n,k)-source X is a distribution on n bits and takes any string x with probability at most 2^-k. It is known that it is impossible to extract random bits from a single (n,k)-source, and Chor and Goldreich [CG88] raised the question of extracting randomness from two such independent (n,k)-sources. Existentially, such 2-source randomness extractors exist for min-entropy k >=log n + O(1), but the best known construction prior to work in this thesis requires min-entropy k >=0.499 n [B2]. One of the main contributions of this thesis is an explicit 2-source extractor for min-entropy log^C n, for some constant C. Other results in this thesis include improved ways of extracting random bits from various other sources of randomness, as well as stronger notions of randomness extraction. Our results have applications in privacy amplification [BBR88,Mau92,BBCM95], which is a classical problem in information cryptography, and give protocols that achieve almost optimal parameters. Other applications include explicit constructions of non-malleable codes, which is a relaxation of the notion of error-detection codes and have applications in tamper-resilient cryptography [DPW10].Computer Science
Affine-malleable Extractors, Spectrum Doubling, and Application to Privacy Amplification
The study of seeded randomness extractors is a major line of research in theoretical computer science. The goal is to construct deterministic algorithms which can take a weak random source x with min-entropy k and a uniformly random seed Y of length d, and outputs a string of length close to k that is close to uniform and independent of Y. Dodis and Wichs [DW09] introduced a generalization of randomness extractors called non-malleable extractors (nmExt) where nmExt(X, Y) is close to uniform and independent of Y and nmExt(X, f(Y)) for any function f with no fixed points. We relax the notion of a non-malleable extractor and introduce what we call an affine-malleable extractor (AmExt : Fn x Fd -> F) where AmExt(X, Y ) is close to uniform and independent of Y and has some limited dependence of AmExt(X, f(Y )) - that conditioned on Y , (AmExt(X, Y ), AmExt(X, f(Y ))) is epsilon-close to (U, A U + B) where U is uniformly distributed in F and A, B is an element of F are random variables independent of U. We show that the inner-product function (,) : FnxFn -> F is an affine-malleable extractor for min-entropy k = n/2 + Omega(log(1/epsilon)). Moreover, under a plausible conjecture in additive combinatorics (called the Spectrum Doubling Conjecture), we show that this holds for k = Omega(log n log(1/epsilon)). As a modest justification of the conjecture, we show that a weaker version of the conjecture is implied by the widely believed Polynomial Freiman-Ruzsa conjecture. We also study the classical problem of privacy amplification, where two parties Alice and Bob share a weak secret X of min-entropy k, and wish to agree on secret key R of length m over a public communication channel completely controlled by a computationally unbounded attacker Eve. The main application of non-malleable extractors and their many variants has been in constructing secure privacy amplification protocols. We show that affine-malleable extractors along with affine-evasive sets can also be used to construct efficient privacy amplification protocols. This gives a much simpler protocol for min-entropy k = n/2 + Omega(log(1/epsilon)), and additionally, under the Spectrum Doubling Conjecture, achieves near optimal parameters and achieves additional security properties like source privacy that have been the focus of some recent results in privacy amplification
Affine-malleable Extractors, Spectrum Doubling, and Application to Privacy Amplification
The study of seeded randomness extractors is a major line of research in theoretical computer science. The goal is to construct deterministic algorithms which can take a weak random source x with min-entropy k and a uniformly random seed Y of length d, and outputs a string of length close to k that is close to uniform and independent of Y. Dodis and Wichs [DW09] introduced a generalization of randomness extractors called non-malleable extractors (nmExt) where nmExt(X, Y) is close to uniform and independent of Y and nmExt(X, f(Y)) for any function f with no fixed points. We relax the notion of a non-malleable extractor and introduce what we call an affine-malleable extractor (AmExt : Fn x Fd -> F) where AmExt(X, Y ) is close to uniform and independent of Y and has some limited dependence of AmExt(X, f(Y )) - that conditioned on Y , (AmExt(X, Y ), AmExt(X, f(Y ))) is epsilon-close to (U, A U + B) where U is uniformly distributed in F and A, B is an element of F are random variables independent of U. We show that the inner-product function (,) : FnxFn -> F is an affine-malleable extractor for min-entropy k = n/2 + Omega(log(1/epsilon)). Moreover, under a plausible conjecture in additive combinatorics (called the Spectrum Doubling Conjecture), we show that this holds for k = Omega(log n log(1/epsilon)). As a modest justification of the conjecture, we show that a weaker version of the conjecture is implied by the widely believed Polynomial Freiman-Ruzsa conjecture. We also study the classical problem of privacy amplification, where two parties Alice and Bob share a weak secret X of min-entropy k, and wish to agree on secret key R of length m over a public communication channel completely controlled by a computationally unbounded attacker Eve. The main application of non-malleable extractors and their many variants has been in constructing secure privacy amplification protocols. We show that affine-malleable extractors along with affine-evasive sets can also be used to construct efficient privacy amplification protocols. This gives a much simpler protocol for min-entropy k = n/2 + Omega(log(1/epsilon)), and additionally, under the Spectrum Doubling Conjecture, achieves near optimal parameters and achieves additional security properties like source privacy that have been the focus of some recent results in privacy amplification
Advances in Functional Encryption
Functional encryption is a novel paradigm for public-key encryption that enables both fine-grained access control and selective computation on encrypted data, as is necessary to protect big, complex data in the cloud. In this thesis, I provide a brief introduction to functional encryption, and an overview of my contributions to the area