### Abstract

We initiate a study of randomness condensers for sources that are efficiently samplable but may depend on the seed of the condenser. That is, we seek functions Cond : {0,1} ^{n} × {0,1} ^{d} → {0,1} ^{m} such that if we choose a random seed S ← {0,1} ^{d}, and a source is generated by a randomized circuit of size t such that X has min-entropy at least k given S, then Cond(X;S) should have min-entropy at least some k′ given S. The distinction from the standard notion of randomness condensers is that the source X may be correlated with the seed S (but is restricted to be efficiently samplable). Randomness extractors of this type (corresponding to the special case where k′ = m) have been implicitly studied in the past (by Trevisan and Vadhan, FOCS '00). We show that: Unlike extractors, we can have randomness condensers for samplable, seed-dependent sources whose computational complexity is smaller than the size t of the adversarial sampling algorithm . Indeed, we show that sufficiently strong collision-resistant hash functions are seed-dependent condensers that produce outputs with min-entropy , i.e. logarithmic entropy deficiency. Randomness condensers suffice for key derivation in many cryptographic applications: when an adversary has negligible success probability (or negligible "squared advantage" [3]) for a uniformly random key, we can use instead a key generated by a condenser whose output has logarithmic entropy deficiency. Randomness condensers for seed-dependent samplable sources that are robust to side information generated by the sampling algorithm imply soundness of the Fiat-Shamir Heuristic when applied to any constant-round, public-coin interactive proof system.

Original language | English (US) |
---|---|

Title of host publication | Theory of Cryptography - 9th Theory of Cryptography Conference, TCC 2012, Proceedings |

Pages | 618-635 |

Number of pages | 18 |

Volume | 7194 LNCS |

DOIs | |

State | Published - 2012 |

Event | 9th Theory of Cryptography Conference, TCC 2012 - Taormina, Sicily, Italy Duration: Mar 19 2012 → Mar 21 2012 |

### Publication series

Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|

Volume | 7194 LNCS |

ISSN (Print) | 03029743 |

ISSN (Electronic) | 16113349 |

### Other

Other | 9th Theory of Cryptography Conference, TCC 2012 |
---|---|

Country | Italy |

City | Taormina, Sicily |

Period | 3/19/12 → 3/21/12 |

### Fingerprint

### ASJC Scopus subject areas

- Computer Science(all)
- Theoretical Computer Science

### Cite this

*Theory of Cryptography - 9th Theory of Cryptography Conference, TCC 2012, Proceedings*(Vol. 7194 LNCS, pp. 618-635). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7194 LNCS). https://doi.org/10.1007/978-3-642-28914-9_35

**Randomness condensers for efficiently samplable, seed-dependent sources.** / Dodis, Yevgeniy; Ristenpart, Thomas; Vadhan, Salil.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

*Theory of Cryptography - 9th Theory of Cryptography Conference, TCC 2012, Proceedings.*vol. 7194 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 7194 LNCS, pp. 618-635, 9th Theory of Cryptography Conference, TCC 2012, Taormina, Sicily, Italy, 3/19/12. https://doi.org/10.1007/978-3-642-28914-9_35

}

TY - GEN

T1 - Randomness condensers for efficiently samplable, seed-dependent sources

AU - Dodis, Yevgeniy

AU - Ristenpart, Thomas

AU - Vadhan, Salil

PY - 2012

Y1 - 2012

N2 - We initiate a study of randomness condensers for sources that are efficiently samplable but may depend on the seed of the condenser. That is, we seek functions Cond : {0,1} n × {0,1} d → {0,1} m such that if we choose a random seed S ← {0,1} d, and a source is generated by a randomized circuit of size t such that X has min-entropy at least k given S, then Cond(X;S) should have min-entropy at least some k′ given S. The distinction from the standard notion of randomness condensers is that the source X may be correlated with the seed S (but is restricted to be efficiently samplable). Randomness extractors of this type (corresponding to the special case where k′ = m) have been implicitly studied in the past (by Trevisan and Vadhan, FOCS '00). We show that: Unlike extractors, we can have randomness condensers for samplable, seed-dependent sources whose computational complexity is smaller than the size t of the adversarial sampling algorithm . Indeed, we show that sufficiently strong collision-resistant hash functions are seed-dependent condensers that produce outputs with min-entropy , i.e. logarithmic entropy deficiency. Randomness condensers suffice for key derivation in many cryptographic applications: when an adversary has negligible success probability (or negligible "squared advantage" [3]) for a uniformly random key, we can use instead a key generated by a condenser whose output has logarithmic entropy deficiency. Randomness condensers for seed-dependent samplable sources that are robust to side information generated by the sampling algorithm imply soundness of the Fiat-Shamir Heuristic when applied to any constant-round, public-coin interactive proof system.

AB - We initiate a study of randomness condensers for sources that are efficiently samplable but may depend on the seed of the condenser. That is, we seek functions Cond : {0,1} n × {0,1} d → {0,1} m such that if we choose a random seed S ← {0,1} d, and a source is generated by a randomized circuit of size t such that X has min-entropy at least k given S, then Cond(X;S) should have min-entropy at least some k′ given S. The distinction from the standard notion of randomness condensers is that the source X may be correlated with the seed S (but is restricted to be efficiently samplable). Randomness extractors of this type (corresponding to the special case where k′ = m) have been implicitly studied in the past (by Trevisan and Vadhan, FOCS '00). We show that: Unlike extractors, we can have randomness condensers for samplable, seed-dependent sources whose computational complexity is smaller than the size t of the adversarial sampling algorithm . Indeed, we show that sufficiently strong collision-resistant hash functions are seed-dependent condensers that produce outputs with min-entropy , i.e. logarithmic entropy deficiency. Randomness condensers suffice for key derivation in many cryptographic applications: when an adversary has negligible success probability (or negligible "squared advantage" [3]) for a uniformly random key, we can use instead a key generated by a condenser whose output has logarithmic entropy deficiency. Randomness condensers for seed-dependent samplable sources that are robust to side information generated by the sampling algorithm imply soundness of the Fiat-Shamir Heuristic when applied to any constant-round, public-coin interactive proof system.

UR - http://www.scopus.com/inward/record.url?scp=84858307660&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84858307660&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-28914-9_35

DO - 10.1007/978-3-642-28914-9_35

M3 - Conference contribution

AN - SCOPUS:84858307660

SN - 9783642289132

VL - 7194 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 618

EP - 635

BT - Theory of Cryptography - 9th Theory of Cryptography Conference, TCC 2012, Proceedings

ER -