Randomness condensers for efficiently samplable, seed-dependent sources

Yevgeniy Dodis, Thomas Ristenpart, Salil Vadhan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

We initiate a study of randomness condensers for sources that are efficiently samplable but may depend on the seed of the condenser. That is, we seek functions Cond : {0,1} n × {0,1} d → {0,1} m such that if we choose a random seed S ← {0,1} d, and a source is generated by a randomized circuit of size t such that X has min-entropy at least k given S, then Cond(X;S) should have min-entropy at least some k′ given S. The distinction from the standard notion of randomness condensers is that the source X may be correlated with the seed S (but is restricted to be efficiently samplable). Randomness extractors of this type (corresponding to the special case where k′ = m) have been implicitly studied in the past (by Trevisan and Vadhan, FOCS '00). We show that: Unlike extractors, we can have randomness condensers for samplable, seed-dependent sources whose computational complexity is smaller than the size t of the adversarial sampling algorithm . Indeed, we show that sufficiently strong collision-resistant hash functions are seed-dependent condensers that produce outputs with min-entropy , i.e. logarithmic entropy deficiency. Randomness condensers suffice for key derivation in many cryptographic applications: when an adversary has negligible success probability (or negligible "squared advantage" [3]) for a uniformly random key, we can use instead a key generated by a condenser whose output has logarithmic entropy deficiency. Randomness condensers for seed-dependent samplable sources that are robust to side information generated by the sampling algorithm imply soundness of the Fiat-Shamir Heuristic when applied to any constant-round, public-coin interactive proof system.

Original languageEnglish (US)
Title of host publicationTheory of Cryptography - 9th Theory of Cryptography Conference, TCC 2012, Proceedings
Pages618-635
Number of pages18
Volume7194 LNCS
DOIs
StatePublished - 2012
Event9th Theory of Cryptography Conference, TCC 2012 - Taormina, Sicily, Italy
Duration: Mar 19 2012Mar 21 2012

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7194 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other9th Theory of Cryptography Conference, TCC 2012
CountryItaly
CityTaormina, Sicily
Period3/19/123/21/12

Fingerprint

Randomness
Seed
Entropy
Dependent
Logarithmic
Randomness Extractors
Interactive Proof Systems
Extractor
Side Information
Sampling
Output
Hash Function
Soundness
Hash functions
Computational Complexity
Collision
Choose
Heuristics
Computational complexity
Imply

ASJC Scopus subject areas

  • Computer Science(all)
  • Theoretical Computer Science

Cite this

Dodis, Y., Ristenpart, T., & Vadhan, S. (2012). Randomness condensers for efficiently samplable, seed-dependent sources. In Theory of Cryptography - 9th Theory of Cryptography Conference, TCC 2012, Proceedings (Vol. 7194 LNCS, pp. 618-635). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7194 LNCS). https://doi.org/10.1007/978-3-642-28914-9_35

Randomness condensers for efficiently samplable, seed-dependent sources. / Dodis, Yevgeniy; Ristenpart, Thomas; Vadhan, Salil.

Theory of Cryptography - 9th Theory of Cryptography Conference, TCC 2012, Proceedings. Vol. 7194 LNCS 2012. p. 618-635 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7194 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Dodis, Y, Ristenpart, T & Vadhan, S 2012, Randomness condensers for efficiently samplable, seed-dependent sources. in Theory of Cryptography - 9th Theory of Cryptography Conference, TCC 2012, Proceedings. vol. 7194 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 7194 LNCS, pp. 618-635, 9th Theory of Cryptography Conference, TCC 2012, Taormina, Sicily, Italy, 3/19/12. https://doi.org/10.1007/978-3-642-28914-9_35
Dodis Y, Ristenpart T, Vadhan S. Randomness condensers for efficiently samplable, seed-dependent sources. In Theory of Cryptography - 9th Theory of Cryptography Conference, TCC 2012, Proceedings. Vol. 7194 LNCS. 2012. p. 618-635. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-642-28914-9_35
Dodis, Yevgeniy ; Ristenpart, Thomas ; Vadhan, Salil. / Randomness condensers for efficiently samplable, seed-dependent sources. Theory of Cryptography - 9th Theory of Cryptography Conference, TCC 2012, Proceedings. Vol. 7194 LNCS 2012. pp. 618-635 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{8504e9426bee46b5a2b1bbe0e214e685,
title = "Randomness condensers for efficiently samplable, seed-dependent sources",
abstract = "We initiate a study of randomness condensers for sources that are efficiently samplable but may depend on the seed of the condenser. That is, we seek functions Cond : {0,1} n × {0,1} d → {0,1} m such that if we choose a random seed S ← {0,1} d, and a source is generated by a randomized circuit of size t such that X has min-entropy at least k given S, then Cond(X;S) should have min-entropy at least some k′ given S. The distinction from the standard notion of randomness condensers is that the source X may be correlated with the seed S (but is restricted to be efficiently samplable). Randomness extractors of this type (corresponding to the special case where k′ = m) have been implicitly studied in the past (by Trevisan and Vadhan, FOCS '00). We show that: Unlike extractors, we can have randomness condensers for samplable, seed-dependent sources whose computational complexity is smaller than the size t of the adversarial sampling algorithm . Indeed, we show that sufficiently strong collision-resistant hash functions are seed-dependent condensers that produce outputs with min-entropy , i.e. logarithmic entropy deficiency. Randomness condensers suffice for key derivation in many cryptographic applications: when an adversary has negligible success probability (or negligible {"}squared advantage{"} [3]) for a uniformly random key, we can use instead a key generated by a condenser whose output has logarithmic entropy deficiency. Randomness condensers for seed-dependent samplable sources that are robust to side information generated by the sampling algorithm imply soundness of the Fiat-Shamir Heuristic when applied to any constant-round, public-coin interactive proof system.",
author = "Yevgeniy Dodis and Thomas Ristenpart and Salil Vadhan",
year = "2012",
doi = "10.1007/978-3-642-28914-9_35",
language = "English (US)",
isbn = "9783642289132",
volume = "7194 LNCS",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "618--635",
booktitle = "Theory of Cryptography - 9th Theory of Cryptography Conference, TCC 2012, Proceedings",

}

TY - GEN

T1 - Randomness condensers for efficiently samplable, seed-dependent sources

AU - Dodis, Yevgeniy

AU - Ristenpart, Thomas

AU - Vadhan, Salil

PY - 2012

Y1 - 2012

N2 - We initiate a study of randomness condensers for sources that are efficiently samplable but may depend on the seed of the condenser. That is, we seek functions Cond : {0,1} n × {0,1} d → {0,1} m such that if we choose a random seed S ← {0,1} d, and a source is generated by a randomized circuit of size t such that X has min-entropy at least k given S, then Cond(X;S) should have min-entropy at least some k′ given S. The distinction from the standard notion of randomness condensers is that the source X may be correlated with the seed S (but is restricted to be efficiently samplable). Randomness extractors of this type (corresponding to the special case where k′ = m) have been implicitly studied in the past (by Trevisan and Vadhan, FOCS '00). We show that: Unlike extractors, we can have randomness condensers for samplable, seed-dependent sources whose computational complexity is smaller than the size t of the adversarial sampling algorithm . Indeed, we show that sufficiently strong collision-resistant hash functions are seed-dependent condensers that produce outputs with min-entropy , i.e. logarithmic entropy deficiency. Randomness condensers suffice for key derivation in many cryptographic applications: when an adversary has negligible success probability (or negligible "squared advantage" [3]) for a uniformly random key, we can use instead a key generated by a condenser whose output has logarithmic entropy deficiency. Randomness condensers for seed-dependent samplable sources that are robust to side information generated by the sampling algorithm imply soundness of the Fiat-Shamir Heuristic when applied to any constant-round, public-coin interactive proof system.

AB - We initiate a study of randomness condensers for sources that are efficiently samplable but may depend on the seed of the condenser. That is, we seek functions Cond : {0,1} n × {0,1} d → {0,1} m such that if we choose a random seed S ← {0,1} d, and a source is generated by a randomized circuit of size t such that X has min-entropy at least k given S, then Cond(X;S) should have min-entropy at least some k′ given S. The distinction from the standard notion of randomness condensers is that the source X may be correlated with the seed S (but is restricted to be efficiently samplable). Randomness extractors of this type (corresponding to the special case where k′ = m) have been implicitly studied in the past (by Trevisan and Vadhan, FOCS '00). We show that: Unlike extractors, we can have randomness condensers for samplable, seed-dependent sources whose computational complexity is smaller than the size t of the adversarial sampling algorithm . Indeed, we show that sufficiently strong collision-resistant hash functions are seed-dependent condensers that produce outputs with min-entropy , i.e. logarithmic entropy deficiency. Randomness condensers suffice for key derivation in many cryptographic applications: when an adversary has negligible success probability (or negligible "squared advantage" [3]) for a uniformly random key, we can use instead a key generated by a condenser whose output has logarithmic entropy deficiency. Randomness condensers for seed-dependent samplable sources that are robust to side information generated by the sampling algorithm imply soundness of the Fiat-Shamir Heuristic when applied to any constant-round, public-coin interactive proof system.

UR - http://www.scopus.com/inward/record.url?scp=84858307660&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84858307660&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-28914-9_35

DO - 10.1007/978-3-642-28914-9_35

M3 - Conference contribution

AN - SCOPUS:84858307660

SN - 9783642289132

VL - 7194 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 618

EP - 635

BT - Theory of Cryptography - 9th Theory of Cryptography Conference, TCC 2012, Proceedings

ER -