56 research outputs found
Two Source Extractors for Asymptotically Optimal Entropy, and (Many) More
A long line of work in the past two decades or so established close
connections between several different pseudorandom objects and applications.
These connections essentially show that an asymptotically optimal construction
of one central object will lead to asymptotically optimal solutions to all the
others. However, despite considerable effort, previous works can get close but
still lack one final step to achieve truly asymptotically optimal
constructions.
In this paper we provide the last missing link, thus simultaneously achieving
explicit, asymptotically optimal constructions and solutions for various well
studied extractors and applications, that have been the subjects of long lines
of research. Our results include:
Asymptotically optimal seeded non-malleable extractors, which in turn give
two source extractors for asymptotically optimal min-entropy of ,
explicit constructions of -Ramsey graphs on vertices with , and truly optimal privacy amplification protocols with an active adversary.
Two source non-malleable extractors and affine non-malleable extractors for
some linear min-entropy with exponentially small error, which in turn give the
first explicit construction of non-malleable codes against -split state
tampering and affine tampering with constant rate and \emph{exponentially}
small error.
Explicit extractors for affine sources, sumset sources, interleaved sources,
and small space sources that achieve asymptotically optimal min-entropy of
or (for space sources).
An explicit function that requires strongly linear read once branching
programs of size , which is optimal up to the constant in
. Previously, even for standard read once branching programs, the
best known size lower bound for an explicit function is .Comment: Fixed some minor error
Survey: Non-malleable code in the split-state model
Non-malleable codes are a natural relaxation of error correction and error detection codes applicable in scenarios where error-correction or error-detection is impossible.
Over the last decade, non-malleable codes have been studied for a wide variety of tampering families. Among the most well studied of these is the split-state family of tampering channels, where the codeword is split into two or more parts and each part is tampered independently.
We survey various constructions and applications of non-malleable codes in the split-state model
Algebraic Restriction Codes and Their Applications
Consider the following problem: You have a device that is supposed to compute a linear combination of its inputs, which are taken from some finite field. However, the device may be faulty and compute arbitrary functions of its inputs. Is it possible to encode the inputs in such a way that only linear functions can be evaluated over the encodings? I.e., learning an arbitrary function of the encodings will not reveal more information about the inputs than a linear combination.
In this work, we introduce the notion of algebraic restriction codes (AR codes), which constrain adversaries who might compute any function to computing a linear function. Our main result is an information-theoretic construction AR codes that restrict any class of function with a bounded number of output bits to linear functions. Our construction relies on a seed which is not provided to the adversary.
While interesting and natural on its own, we show an application of this notion in cryptography. In particular, we show that AR codes lead to the first construction of rate-1 oblivious transfer with statistical sender security from the Decisional Diffie-Hellman assumption, and the first-ever construction that makes black-box use of cryptography. Previously, such protocols were known only from the LWE assumption, using non-black-box cryptographic techniques. We expect our new notion of AR codes to find further applications, e.g., in the context of non-malleability, in the future
Short Leakage Resilient and Non-malleable Secret Sharing Schemes
Leakage resilient secret sharing (LRSS) allows a dealer to share a secret amongst parties such that any authorized subset of the parties can recover the secret from their shares, while an adversary that obtains shares of any unauthorized subset of parties along with bounded leakage from the other shares learns no information about the secret. Non-malleable secret sharing (NMSS) provides a guarantee that even shares that are tampered by an adversary will reconstruct to either the original message or something independent of it.
The most important parameter of LRSS and NMSS schemes is the size of each share. For LRSS, in the local leakage model (i.e., when the leakage functions on each share are independent of each other and bounded), Srinivasan and Vasudevan (CRYPTO 2019), gave a scheme for threshold access structures with a share size of approximately (.(message length) + ), where is the number of bits of leakage tolerated from every share. For the case of NMSS, the best known result (again due to the above work) has a share size of (.(message length)).
In this work, we build LRSS and NMSS schemes with much improved share sizes. Additionally, our LRSS scheme obtains optimal share and leakage size. In particular, we get the following results:
-We build an information-theoretic LRSS scheme for threshold access structures with a share size of ((message length) + ).
-As an application of the above result, we obtain an NMSS with a share size of (.(message length)). Further, for the special case of sharing random messages, we obtain a share size of (.(message length))
Improved Computational Extractors and their Applications
Recent exciting breakthroughs, starting with the work of Chattopadhyay and Zuckerman (STOC 2016) have achieved the first two-source extractors that operate in the low min-entropy regime. Unfortunately, these constructions suffer from non-negligible error, and reducing the error to negligible remains an important open problem. In recent work, Garg, Kalai, and Khurana (GKK, Eurocrypt 2020) investigated a meaningful relaxation of this problem to the computational setting, in the presence of a common random string (CRS). In this relaxed model, their work built explicit two-source extractors for a restricted class of unbalanced sources with min-entropy (for some constant ) and negligible error, under the sub-exponential DDH assumption.
In this work, we investigate whether computational extractors in the CRS model be applied to more challenging environments. Specifically, we study network extractor protocols (Kalai et al., FOCS 2008) and extractors for adversarial sources (Chattopadhyay et al., STOC 2020) in the CRS model. We observe that these settings require extractors that work well for balanced sources, making the GKK results inapplicable. We remedy this situation by obtaining the following results, all of which are in the CRS model and assume the sub-exponential hardness of DDH.
- We obtain ``optimal\u27\u27 computational two-source and non-malleable extractors for balanced sources: requiring both sources to have only poly-logarithmic min-entropy, and achieving negligible error. To obtain this result, we perform a tighter and arguably simpler analysis of the GKK extractor.
- We obtain a single-round network extractor protocol for poly-logarithmic min-entropy sources that tolerates an optimal number of adversarial corruptions. Prior work in the information-theoretic setting required sources with high min-entropy rates, and in the computational setting had round complexity that grew with the number of parties, required sources with linear min-entropy, and relied on exponential hardness (albeit without a CRS).
- We obtain an ``optimal\u27\u27 {\em adversarial source extractor} for poly-logarithmic min-entropy sources, where the number of honest sources is only 2 and each corrupted source can depend on either one of the honest sources. Prior work in the information-theoretic setting had to assume a large number of honest sources
Proceedings of the 19th Sound and Music Computing Conference
Proceedings of the 19th Sound and Music Computing Conference - June 5-12, 2022 - Saint-Étienne (France).
https://smc22.grame.f
Algebraic Restriction Codes and their Applications
Consider the following problem: You have a device that is supposed to compute a linear combination of its inputs, which are taken from some finite field. However, the device may be faulty and compute arbitrary functions of its inputs. Is it possible to encode the inputs in such a way that only linear functions can be evaluated over the encodings? I.e., learning an arbitrary function of the encodings will not reveal more information about the inputs than a linear combination.
In this work, we introduce the notion of algebraic restriction codes (AR codes), which constrain adversaries who might compute any function to computing a linear function. Our main result is an information-theoretic construction AR codes that restrict any class of function with a bounded number of output bits to linear functions. Our construction relies on a seed which is not provided to the adversary.
While interesting and natural on its own, we show an application of this notion in cryptography. In particular, we show that AR codes lead to the first construction of rate-1 oblivious transfer with statistical sender security from the Decisional Diffie-Hellman assumption, and the first-ever construction that makes black-box use of cryptography. Previously, such protocols were known only from the LWE assumption, using non-black-box cryptographic techniques. We expect our new notion of AR codes to find further applications, e.g., in the context of non-malleability, in the future
Recommended from our members
On Resilience to Computable Tampering
Non-malleable codes, introduced by Dziembowski, Pietrzak, and Wichs (ICS 2010), provide a means of encoding information such that if the encoding is tampered with, the result encodes something either identical or completely unrelated. Unlike error-correcting codes (for which the result of tampering must always be identical), non-malleable codes give guarantees even when tampering functions are allowed to change every symbol of a codeword.
In this thesis, we will provide constructions of non-malleable codes secure against a variety tampering classes with natural computational semantics:
• Bounded-Communication: Functions corresponding to 2-party protocols where each party receives half the input (respectively) and then may communicate </4 bits before returning their (respective) half of the tampered output.
•Local Functions (Juntas):} each tampered output bit is only a function of n¹-ẟ inputs bits, where ẟ>0 is any constant (the efficiency of our code depends on ẟ). This class includes NC⁰.
•Decision Trees: each tampered output bit is a function of n¹/⁴-⁰(¹) adaptively chosen bits.
•Small-Depth Circuits: each tampered output bit is produced by a log(n)/log log(n)-depth circuit of polynomial size, for some constant . This class includes AC⁰.
•Low Degree Polynomials: each tampered output field element is produced by a low-degree (relative to the field size) polynomial.
•Polynomial-Size Circuit Tampering: each tampered codeword is produced by circuit of size ᶜ where is any constant (the efficiency of our code depends on ). This result assumes that E is hard for exponential size nondeterministic circuits (all other results are unconditional).
We stress that our constructions are efficient (encoding and decoding can be performed in uniform polynomial time) and (with the exception of the last result, which assumes strong circuit lower bounds) enjoy unconditional, statistical security guarantees. We also illuminate some potential barriers to constructing codes for more complex computational classes from simpler assumptions
- …