19,059 research outputs found

    Extractors for Adversarial Sources via Extremal Hypergraphs

    Get PDF
    Randomness extraction is a fundamental problem that has been studied for over three decades. A well-studied setting assumes that one has access to multiple independent weak random sources, each with some entropy. However, this assumption is often unrealistic in practice. In real life, natural sources of randomness can produce samples with no entropy at all or with unwanted dependence. Motivated by this and applications from cryptography, we initiate a systematic study of randomness extraction for the class of adversarial sources defined as follows. A weak source X\mathbf{X} of the form X1,...,XN\mathbf{X}_1,...,\mathbf{X}_N, where each Xi\mathbf{X}_i is on nn bits, is an (N,K,n,k)(N,K,n,k)-source of locality dd if the following hold: (1) Somewhere good sources: at least KK of the Xi\mathbf{X}_i\u27s are independent, and each contains min-entropy at least kk. We call these Xi\mathbf{X}_i\u27s good sources, and their locations are unknown. (2) Bounded dependence: each remaining (bad) source can depend arbitrarily on at most dd good sources. We focus on constructing extractors with negligible error, in the regime where most of the entropy is contained within a few sources instead of across many (i.e., kk is at least polynomial in KK). In this setting, even for the case of 00-locality, very little is known prior to our work. For d1d \geq 1, essentially no previous results are known. We present various new extractors for adversarial sources in a wide range of parameters, and some of our constructions work for locality d=KΩ(1)d = K^{\Omega(1)}. As an application, we also give improved extractors for small-space sources. The class of adversarial sources generalizes several previously studied classes of sources, and our explicit extractor constructions exploit tools from recent advances in extractor machinery, such as two-source non-malleable extractors and low-error condensers. Thus, our constructions can be viewed as a new application of non-malleable extractors. In addition, our constructions combine the tools from extractor theory in a novel way through various sorts of explicit extremal hypergraphs. These connections leverage recent progress in combinatorics, such as improved bounds on cap sets and explicit constructions of Ramsey graphs, and may be of independent interest

    Three-Source Extractors for Polylogarithmic Min-Entropy

    Full text link
    We continue the study of constructing explicit extractors for independent general weak random sources. The ultimate goal is to give a construction that matches what is given by the probabilistic method --- an extractor for two independent nn-bit weak random sources with min-entropy as small as logn+O(1)\log n+O(1). Previously, the best known result in the two-source case is an extractor by Bourgain \cite{Bourgain05}, which works for min-entropy 0.49n0.49n; and the best known result in the general case is an earlier work of the author \cite{Li13b}, which gives an extractor for a constant number of independent sources with min-entropy polylog(n)\mathsf{polylog(n)}. However, the constant in the construction of \cite{Li13b} depends on the hidden constant in the best known seeded extractor, and can be large; moreover the error in that construction is only 1/poly(n)1/\mathsf{poly(n)}. In this paper, we make two important improvements over the result in \cite{Li13b}. First, we construct an explicit extractor for \emph{three} independent sources on nn bits with min-entropy kpolylog(n)k \geq \mathsf{polylog(n)}. In fact, our extractor works for one independent source with poly-logarithmic min-entropy and another independent block source with two blocks each having poly-logarithmic min-entropy. Thus, our result is nearly optimal, and the next step would be to break the 0.49n0.49n barrier in two-source extractors. Second, we improve the error of the extractor from 1/poly(n)1/\mathsf{poly(n)} to 2kΩ(1)2^{-k^{\Omega(1)}}, which is almost optimal and crucial for cryptographic applications. Some of the techniques developed here may be of independent interests

    Linear Transformations for Randomness Extraction

    Get PDF
    Information-efficient approaches for extracting randomness from imperfect sources have been extensively studied, but simpler and faster ones are required in the high-speed applications of random number generation. In this paper, we focus on linear constructions, namely, applying linear transformation for randomness extraction. We show that linear transformations based on sparse random matrices are asymptotically optimal to extract randomness from independent sources and bit-fixing sources, and they are efficient (may not be optimal) to extract randomness from hidden Markov sources. Further study demonstrates the flexibility of such constructions on source models as well as their excellent information-preserving capabilities. Since linear transformations based on sparse random matrices are computationally fast and can be easy to implement using hardware like FPGAs, they are very attractive in the high-speed applications. In addition, we explore explicit constructions of transformation matrices. We show that the generator matrices of primitive BCH codes are good choices, but linear transformations based on such matrices require more computational time due to their high densities.Comment: 2 columns, 14 page

    Impossibility of independence amplification in Kolmogorov complexity theory

    Full text link
    The paper studies randomness extraction from sources with bounded independence and the issue of independence amplification of sources, using the framework of Kolmogorov complexity. The dependency of strings xx and yy is dep(x,y)=max{C(x)C(xy),C(y)C(yx)}{\rm dep}(x,y) = \max\{C(x) - C(x \mid y), C(y) - C(y\mid x)\}, where C()C(\cdot) denotes the Kolmogorov complexity. It is shown that there exists a computable Kolmogorov extractor ff such that, for any two nn-bit strings with complexity s(n)s(n) and dependency α(n)\alpha(n), it outputs a string of length s(n)s(n) with complexity s(n)α(n)s(n)- \alpha(n) conditioned by any one of the input strings. It is proven that the above are the optimal parameters a Kolmogorov extractor can achieve. It is shown that independence amplification cannot be effectively realized. Specifically, if (after excluding a trivial case) there exist computable functions f1f_1 and f2f_2 such that dep(f1(x,y),f2(x,y))β(n){\rm dep}(f_1(x,y), f_2(x,y)) \leq \beta(n) for all nn-bit strings xx and yy with dep(x,y)α(n){\rm dep}(x,y) \leq \alpha(n), then β(n)α(n)O(logn)\beta(n) \geq \alpha(n) - O(\log n)

    Physical Randomness Extractors: Generating Random Numbers with Minimal Assumptions

    Get PDF
    How to generate provably true randomness with minimal assumptions? This question is important not only for the efficiency and the security of information processing, but also for understanding how extremely unpredictable events are possible in Nature. All current solutions require special structures in the initial source of randomness, or a certain independence relation among two or more sources. Both types of assumptions are impossible to test and difficult to guarantee in practice. Here we show how this fundamental limit can be circumvented by extractors that base security on the validity of physical laws and extract randomness from untrusted quantum devices. In conjunction with the recent work of Miller and Shi (arXiv:1402:0489), our physical randomness extractor uses just a single and general weak source, produces an arbitrarily long and near-uniform output, with a close-to-optimal error, secure against all-powerful quantum adversaries, and tolerating a constant level of implementation imprecision. The source necessarily needs to be unpredictable to the devices, but otherwise can even be known to the adversary. Our central technical contribution, the Equivalence Lemma, provides a general principle for proving composition security of untrusted-device protocols. It implies that unbounded randomness expansion can be achieved simply by cross-feeding any two expansion protocols. In particular, such an unbounded expansion can be made robust, which is known for the first time. Another significant implication is, it enables the secure randomness generation and key distribution using public randomness, such as that broadcast by NIST's Randomness Beacon. Our protocol also provides a method for refuting local hidden variable theories under a weak assumption on the available randomness for choosing the measurement settings.Comment: A substantial re-writing of V2, especially on model definitions. An abstract model of robustness is added and the robustness claim in V2 is made rigorous. Focuses on quantum-security. A future update is planned to address non-signaling securit

    Strong Coordination over Noisy Channels: Is Separation Sufficient?

    Full text link
    We study the problem of strong coordination of actions of two agents XX and YY that communicate over a noisy communication channel such that the actions follow a given joint probability distribution. We propose two novel schemes for this noisy strong coordination problem, and derive inner bounds for the underlying strong coordination capacity region. The first scheme is a joint coordination-channel coding scheme that utilizes the randomness provided by the communication channel to reduce the local randomness required in generating the action sequence at agent YY. The second scheme exploits separate coordination and channel coding where local randomness is extracted from the channel after decoding. Finally, we present an example in which the joint scheme is able to outperform the separate scheme in terms of coordination rate.Comment: 9 pages, 4 figures. An extended version of a paper accepted for the IEEE International Symposium on Information Theory (ISIT), 201
    corecore