-
Leakage-Resilient Extractors against Number-on-Forehead Protocols
Authors:
Eshan Chattopadhyay,
Jesse Goodman
Abstract:
Given a sequence of $N$ independent sources $\mathbf{X}_1,\mathbf{X}_2,\dots,\mathbf{X}_N\sim\{0,1\}^n$, how many of them must be good (i.e., contain some min-entropy) in order to extract a uniformly random string? This question was first raised by Chattopadhyay, Goodman, Goyal and Li (STOC '20), motivated by applications in cryptography, distributed computing, and the unreliable nature of real-wo…
▽ More
Given a sequence of $N$ independent sources $\mathbf{X}_1,\mathbf{X}_2,\dots,\mathbf{X}_N\sim\{0,1\}^n$, how many of them must be good (i.e., contain some min-entropy) in order to extract a uniformly random string? This question was first raised by Chattopadhyay, Goodman, Goyal and Li (STOC '20), motivated by applications in cryptography, distributed computing, and the unreliable nature of real-world sources of randomness. In their paper, they showed how to construct explicit low-error extractors for just $K \geq N^{1/2}$ good sources of polylogarithmic min-entropy. In a follow-up, Chattopadhyay and Goodman improved the number of good sources required to just $K \geq N^{0.01}$ (FOCS '21). In this paper, we finally achieve $K=3$.
Our key ingredient is a near-optimal explicit construction of a new pseudorandom primitive, called a leakage-resilient extractor (LRE) against number-on-forehead (NOF) protocols. Our LRE can be viewed as a significantly more robust version of Li's low-error three-source extractor (FOCS '15), and resolves an open question put forth by Kumar, Meka, and Sahai (FOCS '19) and Chattopadhyay, Goodman, Goyal, Kumar, Li, Meka, and Zuckerman (FOCS '20). Our LRE construction is based on a simple new connection we discover between multiparty communication complexity and non-malleable extractors, which shows that such extractors exhibit strong average-case lower bounds against NOF protocols.
△ Less
Submitted 14 June, 2025;
originally announced June 2025.
-
Lower Bounds for Leader Election and Collective Coin Flipping, Revisited
Authors:
Eshan Chattopadhyay,
Mohit Gurumukhani,
Noam Ringach,
Rocco Servedio
Abstract:
We study the tasks of collective coin flipping and leader election in the full-information model.
We prove new lower bounds for coin flipping protocols, implying lower bounds for leader election protocols. We show that any $k$-round coin flipping protocol, where each of $\ell$ players sends 1 bit per round, can be biased by $O(\ell/\log^{(k)}(\ell))$ bad players. For all $k>1$ this strengthens p…
▽ More
We study the tasks of collective coin flipping and leader election in the full-information model.
We prove new lower bounds for coin flipping protocols, implying lower bounds for leader election protocols. We show that any $k$-round coin flipping protocol, where each of $\ell$ players sends 1 bit per round, can be biased by $O(\ell/\log^{(k)}(\ell))$ bad players. For all $k>1$ this strengthens previous lower bounds [RSZ, SICOMP 2002], which ruled out protocols resilient to adversaries controlling $O(\ell/\log^{(2k-1)}(\ell))$ players. Consequently, we establish that any protocol tolerating a linear fraction of corrupt players, with only 1 bit per round, must run for at least $\log^*\ell-O(1)$ rounds, improving on the prior best lower bound of $\frac12 \log^*\ell-\log^*\log^*\ell$. This lower bound matches the number of rounds, $\log^*\ell$, taken by the current best coin flipping protocols from [RZ, JCSS 2001], [F, FOCS 1999] that can handle a linear sized coalition of bad players, but with players sending unlimited bits per round. We also derive lower bounds for protocols allowing multi-bit messages per round. Our results show that the protocols from [RZ, JCSS 2001], [F, FOCS 1999] that handle a linear number of corrupt players are almost optimal in terms of round complexity and communication per player in a round.
A key technical ingredient in proving our lower bounds is a new result regarding biasing most functions from a family of functions using a common set of bad players and a small specialized set of bad players specific to each function that is biased.
We give improved constant-round coin flipping protocols in the setting that each player can send 1 bit per round. For two rounds, our protocol can handle $O(\ell/(\log\ell)(\log\log\ell)^2)$ sized coalition of bad players; better than the best one-round protocol by [AL, Combinatorica 1993] in this setting.
△ Less
Submitted 2 April, 2025;
originally announced April 2025.
-
Condensing and Extracting Against Online Adversaries
Authors:
Eshan Chattopadhyay,
Mohit Gurumukhani,
Noam Ringach,
Rocco Servedio
Abstract:
We investigate the tasks of deterministically condensing and extracting randomness from Online Non-Oblivious Symbol Fixing (oNOSF) sources, a natural model of defective random sources for which extraction is impossible in many parameter regimes [AORSV, EUROCRYPT'20]. A $(g,\ell)$-oNOSF source is a sequence of $\ell$ blocks where $g$ of the blocks are good (are independent and have some min-entropy…
▽ More
We investigate the tasks of deterministically condensing and extracting randomness from Online Non-Oblivious Symbol Fixing (oNOSF) sources, a natural model of defective random sources for which extraction is impossible in many parameter regimes [AORSV, EUROCRYPT'20]. A $(g,\ell)$-oNOSF source is a sequence of $\ell$ blocks where $g$ of the blocks are good (are independent and have some min-entropy), and the remaining bad blocks are controlled by an online adversary - can be arbitrarily correlated with any block that appears before it.
The existence of condensers for oNOSF sources was recently studied in [CGR, FOCS'24]. They proved various condensing impossibility results, and showed the existence of condensers when $n\gg\ell$.
We make significant progress on proving the existence of condensers in almost all parameter regimes, even when $n$ is a large constant and $\ell$ is growing. We next construct the first explicit condensers for oNOSF sources, matching the existential results of [CGR, FOCS'24]. We also obtain a much improved construction for transforming low-entropy oNOSF sources into uniform oNOSF sources.
We find interesting applications of our results to collective coin flipping and collective sampling, problems that are well-studied in fault-tolerant distributed computing. We use our condensers to provide very simple protocols for these problems.
Next, we turn to understanding the possibility of extraction from oNOSF sources. We initiate the study of a new, natural notion of the influence of functions, which we call online influence. We establish tight bounds on the online influence of functions, which imply extraction lower bounds. Lastly, we give explicit extractor constructions for oNOSF sources, using novel connections to leader election protocols. These extractors achieve parameters that go beyond standard resilient functions [AL, Combinatorica'93].
△ Less
Submitted 2 April, 2025; v1 submitted 6 November, 2024;
originally announced November 2024.
-
Two-Sided Lossless Expanders in the Unbalanced Setting
Authors:
Eshan Chattopadhyay,
Mohit Gurumukhani,
Noam Ringach,
Yunya Zhao
Abstract:
We present the first explicit construction of two-sided lossless expanders in the unbalanced setting (bipartite graphs that have polynomially many more nodes on the left than on the right).
Prior to our work, all known explicit constructions in the unbalanced setting achieved only one-sided lossless expansion.
Specifically, we show that the one-sided lossless expanders constructed by Kalev and…
▽ More
We present the first explicit construction of two-sided lossless expanders in the unbalanced setting (bipartite graphs that have polynomially many more nodes on the left than on the right).
Prior to our work, all known explicit constructions in the unbalanced setting achieved only one-sided lossless expansion.
Specifically, we show that the one-sided lossless expanders constructed by Kalev and Ta-Shma (RANDOM'22) -- that are based on multiplicity codes introduced by Kopparty, Saraf, and Yekhanin (STOC'11) -- are, in fact, two-sided lossless expanders. Moreover, we show that our result is tight, thus completely characterizing the graph of Kalev and Ta-Shma.
Using our unbalanced bipartite expander, we easily obtain lossless (non-bipartite) expander graphs on $N$ vertices with polynomial degree $\ll N$ and expanding sets of size $N^{0.49}$.
△ Less
Submitted 9 February, 2025; v1 submitted 6 September, 2024;
originally announced September 2024.
-
On the Existence of Seedless Condensers: Exploring the Terrain
Authors:
Eshan Chattopadhyay,
Mohit Gurumukhani,
Noam Ringach
Abstract:
We prove several new results for seedless condensers in the context of three related classes of sources: Non-Oblivious Symbol Fixing (NOSF) sources, online NOSF (oNOSF) sources [AORSV, EUROCRYPT'20], and adversarial Chor-Goldreich (aCG) source [DMOZ, STOC'23]. We think of these sources as a sequence of random variables $\mathbf{X}=\mathbf{X}_1,\dots,\mathbf{X}_\ell$ on $\ell$ symbols where at leas…
▽ More
We prove several new results for seedless condensers in the context of three related classes of sources: Non-Oblivious Symbol Fixing (NOSF) sources, online NOSF (oNOSF) sources [AORSV, EUROCRYPT'20], and adversarial Chor-Goldreich (aCG) source [DMOZ, STOC'23]. We think of these sources as a sequence of random variables $\mathbf{X}=\mathbf{X}_1,\dots,\mathbf{X}_\ell$ on $\ell$ symbols where at least $g$ out of these $\ell$ symbols are "good" (i.e., have some min-entropy requirement), denoted as a $(g,\ell)$-source, and the remaining "bad" $\ell-g$ symbols may adversarially depend on these $g$ good blocks. The difference between each of these sources is realized by restrictions on the power of the adversary. Prior to our work, the only known seedless condenser upper or lower bound in these settings is due to [DMOZ, STOC'23], where they explicitly construct a seedless condenser for a restricted subset of $(g,\ell)$-aCG sources.
We show:
1) oNOSF sources
a) When $g\leq\ell/2$, we prove that condensing with error 0.99 above rate $\frac{1}{\lfloor \ell/g \rfloor}$ is impossible. In fact, we show that this is tight.
b) For $g> \ell/2$, we show the existence of excellent condensers for uniform oNOSF sources. In addition, we show the existence of similar condensers for oNOSF sources with only logarithmic min-entropy.
2) aCG sources
a) We observe that uniform aCG sources are equivalent to uniform oNOSF sources and consequently inherit the same results.
b) We show that one cannot condense beyond the min-entropy gap of each block or condense low min-entropy CG sources above rate $1/2$.
3) NOSF sources
a) We show that condensing with constant error above rate $\frac{g}{\ell}$ is impossible for uniform NOSF sources for any $g$ and $\ell$, thus ruling out the possibility of any non-trivial condensing. This shows a distinction between NOSF sources and oNOSF sources.
△ Less
Submitted 2 October, 2024; v1 submitted 22 December, 2023;
originally announced December 2023.
-
Extractors for Polynomial Sources over $\mathbb{F}_2$
Authors:
Eshan Chattopadhyay,
Jesse Goodman,
Mohit Gurumukhani
Abstract:
We explicitly construct the first nontrivial extractors for degree $d \ge 2$ polynomial sources over $\mathbb{F}_2^n$. Our extractor requires min-entropy $k\geq n - \tildeΩ(\sqrt{\log n})$. Previously, no constructions were known, even for min-entropy $k\geq n-1$. A key ingredient in our construction is an input reduction lemma, which allows us to assume that any polynomial source with min-entropy…
▽ More
We explicitly construct the first nontrivial extractors for degree $d \ge 2$ polynomial sources over $\mathbb{F}_2^n$. Our extractor requires min-entropy $k\geq n - \tildeΩ(\sqrt{\log n})$. Previously, no constructions were known, even for min-entropy $k\geq n-1$. A key ingredient in our construction is an input reduction lemma, which allows us to assume that any polynomial source with min-entropy $k$ can be generated by $O(k)$ uniformly random bits.
We also provide strong formal evidence that polynomial sources are unusually challenging to extract from, by showing that even our most powerful general purpose extractors cannot handle polynomial sources with min-entropy below $k\geq n-o(n)$. In more detail, we show that sumset extractors cannot even disperse from degree $2$ polynomial sources with min-entropy $k\geq n-O(n/\log\log n)$. In fact, this impossibility result even holds for a more specialized family of sources that we introduce, called polynomial non-oblivious bit-fixing (NOBF) sources. Polynomial NOBF sources are a natural new family of algebraic sources that lie at the intersection of polynomial and variety sources, and thus our impossibility result applies to both of these classical settings. This is especially surprising, since we do have variety extractors that slightly beat this barrier - implying that sumset extractors are not a panacea in the world of seedless extraction.
△ Less
Submitted 31 January, 2024; v1 submitted 19 September, 2023;
originally announced September 2023.
-
Recursive Error Reduction for Regular Branching Programs
Authors:
Eshan Chattopadhyay,
Jyun-Jie Liao
Abstract:
In a recent work, Chen, Hoza, Lyu, Tal and Wu (FOCS 2023) showed an improved error reduction framework for the derandomization of regular read-once branching programs (ROBPs). Their result is based on a clever modification to the inverse Laplacian perspective of space-bounded derandomization, which was originally introduced by Ahmadinejad, Kelner, Murtagh, Peebles, Sidford and Vadhan (FOCS 2020).…
▽ More
In a recent work, Chen, Hoza, Lyu, Tal and Wu (FOCS 2023) showed an improved error reduction framework for the derandomization of regular read-once branching programs (ROBPs). Their result is based on a clever modification to the inverse Laplacian perspective of space-bounded derandomization, which was originally introduced by Ahmadinejad, Kelner, Murtagh, Peebles, Sidford and Vadhan (FOCS 2020).
In this work, we give an alternative error reduction framework for regular ROBPs. Our new framework is based on a binary recursive formula from the work of Chattopadhyay and Liao (CCC 2020), that they used to construct weighted pseudorandom generators (WPRGs) for general ROBPs.
Based on our new error reduction framework, we give alternative proofs to the following results for regular ROBPs of length $n$ and width $w$, both of which were proved in the work of Chen et al. using their error reduction:
$\bullet$ There is a WPRG with error $\varepsilon$ that has seed length $\tilde{O}(\log(n)(\sqrt{\log(1/\varepsilon)}+\log(w))+\log(1/\varepsilon)).$
$\bullet$ There is a (non-black-box) deterministic algorithm which estimates the expectation of any such program within error $\pm\varepsilon$ with space complexity $\tilde{O}(\log(nw)\cdot\log\log(1/\varepsilon)).$ (This was first proved in the work of Ahmadinejad et al., but the proof by Chen et al. is simpler.)
Because of the binary recursive nature of our new framework, both of our proofs are based on a straightforward induction that is arguably simpler than the Laplacian-based proof in the work of Chen et al.
△ Less
Submitted 6 December, 2023; v1 submitted 8 September, 2023;
originally announced September 2023.
-
Low-Degree Polynomials Extract from Local Sources
Authors:
Omar Alrabiah,
Eshan Chattopadhyay,
Jesse Goodman,
Xin Li,
João Ribeiro
Abstract:
We continue a line of work on extracting random bits from weak sources that are generated by simple processes. We focus on the model of locally samplable sources, where each bit in the source depends on a small number of (hidden) uniformly random input bits. Also known as local sources, this model was introduced by De and Watson (TOCT 2012) and Viola (SICOMP 2014), and is closely related to source…
▽ More
We continue a line of work on extracting random bits from weak sources that are generated by simple processes. We focus on the model of locally samplable sources, where each bit in the source depends on a small number of (hidden) uniformly random input bits. Also known as local sources, this model was introduced by De and Watson (TOCT 2012) and Viola (SICOMP 2014), and is closely related to sources generated by $\mathsf{AC}^0$ circuits and bounded-width branching programs. In particular, extractors for local sources also work for sources generated by these classical computational models.
Despite being introduced a decade ago, little progress has been made on improving the entropy requirement for extracting from local sources. The current best explicit extractors require entropy $n^{1/2}$, and follow via a reduction to affine extractors. To start, we prove a barrier showing that one cannot hope to improve this entropy requirement via a black-box reduction of this form. In particular, new techniques are needed.
In our main result, we seek to answer whether low-degree polynomials (over $\mathbb{F}_2$) hold potential for breaking this barrier. We answer this question in the positive, and fully characterize the power of low-degree polynomials as extractors for local sources. More precisely, we show that a random degree $r$ polynomial is a low-error extractor for $n$-bit local sources with min-entropy $Ω(r(n\log n)^{1/r})$, and we show that this is tight.
Our result leverages several new ingredients, which may be of independent interest. Our existential result relies on a new reduction from local sources to a more structured family, known as local non-oblivious bit-fixing sources. To show its tightness, we prove a "local version" of a structural result by Cohen and Tal (RANDOM 2015), which relies on a new "low-weight" Chevalley-Warning theorem.
△ Less
Submitted 26 May, 2022;
originally announced May 2022.
-
Extractors for Sum of Two Sources
Authors:
Eshan Chattopadhyay,
Jyun-Jie Liao
Abstract:
We consider the problem of extracting randomness from \textit{sumset sources}, a general class of weak sources introduced by Chattopadhyay and Li (STOC, 2016). An $(n,k,C)$-sumset source $\mathbf{X}$ is a distribution on $\{0,1\}^n$ of the form $\mathbf{X}_1 + \mathbf{X}_2 + \ldots + \mathbf{X}_C$, where $\mathbf{X}_i$'s are independent sources on $n$ bits with min-entropy at least $k$. Prior extr…
▽ More
We consider the problem of extracting randomness from \textit{sumset sources}, a general class of weak sources introduced by Chattopadhyay and Li (STOC, 2016). An $(n,k,C)$-sumset source $\mathbf{X}$ is a distribution on $\{0,1\}^n$ of the form $\mathbf{X}_1 + \mathbf{X}_2 + \ldots + \mathbf{X}_C$, where $\mathbf{X}_i$'s are independent sources on $n$ bits with min-entropy at least $k$. Prior extractors either required the number of sources $C$ to be a large constant or the min-entropy $k$ to be at least $0.51 n$.
As our main result, we construct an explicit extractor for sumset sources in the setting of $C=2$ for min-entropy $\mathrm{poly}(\log n)$ and polynomially small error. We can further improve the min-entropy requirement to $(\log n) \cdot (\log \log n)^{1 + o(1)}$ at the expense of worse error parameter of our extractor. We find applications of our sumset extractor for extracting randomness from other well-studied models of weak sources such as affine sources, small-space sources, and interleaved sources.
Interestingly, it is unknown if a random function is an extractor for sumset sources. We use techniques from additive combinatorics to show that it is a disperser, and further prove that an affine extractor works for an interesting subclass of sumset sources which informally corresponds to the "low doubling" case (i.e., the support of $\mathbf{X_1} + \mathbf{X_2}$ is not much larger than $2^k$).
△ Less
Submitted 25 October, 2021;
originally announced October 2021.
-
Fractional Pseudorandom Generators from Any Fourier Level
Authors:
Eshan Chattopadhyay,
Jason Gaitonde,
Chin Ho Lee,
Shachar Lovett,
Abhishek Shetty
Abstract:
We prove new results on the polarizing random walk framework introduced in recent works of Chattopadhyay {et al.} [CHHL19,CHLT19] that exploit $L_1$ Fourier tail bounds for classes of Boolean functions to construct pseudorandom generators (PRGs). We show that given a bound on the $k$-th level of the Fourier spectrum, one can construct a PRG with a seed length whose quality scales with $k$. This in…
▽ More
We prove new results on the polarizing random walk framework introduced in recent works of Chattopadhyay {et al.} [CHHL19,CHLT19] that exploit $L_1$ Fourier tail bounds for classes of Boolean functions to construct pseudorandom generators (PRGs). We show that given a bound on the $k$-th level of the Fourier spectrum, one can construct a PRG with a seed length whose quality scales with $k$. This interpolates previous works, which either require Fourier bounds on all levels [CHHL19], or have polynomial dependence on the error parameter in the seed length [CHLT10], and thus answers an open question in [CHLT19]. As an example, we show that for polynomial error, Fourier bounds on the first $O(\log n)$ levels is sufficient to recover the seed length in [CHHL19], which requires bounds on the entire tail.
We obtain our results by an alternate analysis of fractional PRGs using Taylor's theorem and bounding the degree-$k$ Lagrange remainder term using multilinearity and random restrictions. Interestingly, our analysis relies only on the \emph{level-k unsigned Fourier sum}, which is potentially a much smaller quantity than the $L_1$ notion in previous works. By generalizing a connection established in [CHH+20], we give a new reduction from constructing PRGs to proving correlation bounds. Finally, using these improvements we show how to obtain a PRG for $\mathbb{F}_2$ polynomials with seed length close to the state-of-the-art construction due to Viola [Vio09], which was not known to be possible using this framework.
△ Less
Submitted 7 November, 2020; v1 submitted 4 August, 2020;
originally announced August 2020.
-
Improved Extractors for Small-Space Sources
Authors:
Eshan Chattopadhyay,
Jesse Goodman
Abstract:
We study the problem of extracting random bits from weak sources that are sampled by algorithms with limited memory. This model of small-space sources was introduced by Kamp, Rao, Vadhan and Zuckerman (STOC'06), and falls into a line of research initiated by Trevisan and Vadhan (FOCS'00) on extracting randomness from weak sources that are sampled by computationally bounded algorithms. Our main res…
▽ More
We study the problem of extracting random bits from weak sources that are sampled by algorithms with limited memory. This model of small-space sources was introduced by Kamp, Rao, Vadhan and Zuckerman (STOC'06), and falls into a line of research initiated by Trevisan and Vadhan (FOCS'00) on extracting randomness from weak sources that are sampled by computationally bounded algorithms. Our main results are the following.
1. We obtain near-optimal extractors for small-space sources in the polynomial error regime. For space $s$ sources over $n$ bits, our extractors require just $k\geq s\cdot$polylog$(n)$ entropy. This is an exponential improvement over the previous best result, which required $k\geq s^{1.1}\cdot2^{\log^{0.51} n}$ (Chattopadhyay and Li, STOC'16).
2. We obtain improved extractors for small-space sources in the negligible error regime. For space $s$ sources over $n$ bits, our extractors require entropy $k\geq n^{1/2+δ}\cdot s^{1/2-δ}$, whereas the previous best result required $k\geq n^{2/3+δ}\cdot s^{1/3-δ}$ (Chattopadhyay, Goodman, Goyal and Li, STOC'20).
To obtain our first result, the key ingredient is a new reduction from small-space sources to affine sources, allowing us to simply apply a good affine extractor.
To obtain our second result, we must develop some new machinery, since we do not have low-error affine extractors that work for low entropy. Our main tool is a significantly improved extractor for adversarial sources, which is built via a simple framework that makes novel use of a certain kind of leakage-resilient extractors (known as cylinder intersection extractors), by combining them with a general type of extremal designs. Our key ingredient is the first derandomization of these designs, which we obtain using new connections to coding theory and additive combinatorics.
△ Less
Submitted 24 August, 2021; v1 submitted 15 July, 2020;
originally announced July 2020.
-
Optimal Error Pseudodistributions for Read-Once Branching Programs
Authors:
Eshan Chattopadhyay,
Jyun-Jie Liao
Abstract:
In a seminal work, Nisan (Combinatorica'92) constructed a pseudorandom generator for length $n$ and width $w$ read-once branching programs with seed length $O(\log n\cdot \log(nw)+\log n\cdot\log(1/\varepsilon))$ and error $\varepsilon$. It remains a central question to reduce the seed length to $O(\log (nw/\varepsilon))$, which would prove that $\mathbf{BPL}=\mathbf{L}$. However, there has been n…
▽ More
In a seminal work, Nisan (Combinatorica'92) constructed a pseudorandom generator for length $n$ and width $w$ read-once branching programs with seed length $O(\log n\cdot \log(nw)+\log n\cdot\log(1/\varepsilon))$ and error $\varepsilon$. It remains a central question to reduce the seed length to $O(\log (nw/\varepsilon))$, which would prove that $\mathbf{BPL}=\mathbf{L}$. However, there has been no improvement on Nisan's construction for the case $n=w$, which is most relevant to space-bounded derandomization.
Recently, in a beautiful work, Braverman, Cohen and Garg (STOC'18) introduced the notion of a pseudorandom pseudo-distribution (PRPD) and gave an explicit construction of a PRPD with seed length $\tilde{O}(\log n\cdot \log(nw)+\log(1/\varepsilon))$. A PRPD is a relaxation of a pseudorandom generator, which suffices for derandomizing $\mathbf{BPL}$ and also implies a hitting set. Unfortunately, their construction is quite involved and complicated. Hoza and Zuckerman (FOCS'18) later constructed a much simpler hitting set generator with seed length $O(\log n\cdot \log(nw)+\log(1/\varepsilon))$, but their techniques are restricted to hitting sets.
In this work, we construct a PRPD with seed length $$O(\log n\cdot \log (nw)\cdot \log\log(nw)+\log(1/\varepsilon)).$$ This improves upon the construction in [BCG18] by a $O(\log\log(1/\varepsilon))$ factor, and is optimal in the small error regime. In addition, we believe our construction and analysis to be simpler than the work of Braverman, Cohen and Garg.
△ Less
Submitted 1 June, 2020; v1 submitted 17 February, 2020;
originally announced February 2020.
-
Non-Malleable Extractors and Codes for Composition of Tampering, Interleaved Tampering and More
Authors:
Eshan Chattopadhyay,
Xin Li
Abstract:
Non-malleable codes were introduced by Dziembowski, Pietrzak, and Wichs (JACM 2018) as a generalization of standard error correcting codes to handle severe forms of tampering on codewords. This notion has attracted a lot of recent research, resulting in various explicit constructions, which have found applications in tamper-resilient cryptography and connections to other pseudorandom objects in th…
▽ More
Non-malleable codes were introduced by Dziembowski, Pietrzak, and Wichs (JACM 2018) as a generalization of standard error correcting codes to handle severe forms of tampering on codewords. This notion has attracted a lot of recent research, resulting in various explicit constructions, which have found applications in tamper-resilient cryptography and connections to other pseudorandom objects in theoretical computer science.
We continue the line of investigation on explicit constructions of non-malleable codes in the information theoretic setting, and give explicit constructions for several new classes of tampering functions.
(1) Interleaved split-state tampering: Here the codeword is partitioned in an unknown way by an adversary, and then tampered with by a split-state tampering function. (2) Linear function composed with split-state tampering: In this model, the codeword is first tampered with by a split-state adversary, and then the whole tampered codeword is further tampered with by a linear function. In fact our results are stronger, and we can handle linear function composed with interleaved split-state tampering. (3) Bounded communication split-state tampering: In this model, the two split-state tampering adversaries are allowed to participate in a communication protocol with a bounded communication budget.
Our results are the first explicit constructions of non-malleable codes in any of these tampering models. We derive all these results from explicit constructions of seedless non-malleable extractors, which we believe are of independent interest.
Using our techniques, we also give an improved seedless extractor for an unknown interleaving of two independent sources.
△ Less
Submitted 2 November, 2018; v1 submitted 14 April, 2018;
originally announced April 2018.
-
Explicit Non-Malleable Extractors, Multi-Source Extractors and Almost Optimal Privacy Amplification Protocols
Authors:
Eshan Chattopadhyay,
Xin Li
Abstract:
We make progress in the following three problems: 1. Constructing optimal seeded non-malleable extractors; 2. Constructing optimal privacy amplification protocols with an active adversary, for any security parameter; 3. Constructing extractors for independent weak random sources, when the min-entropy is extremely small (i.e., near logarithmic).
For the first two problems, the best known non-mall…
▽ More
We make progress in the following three problems: 1. Constructing optimal seeded non-malleable extractors; 2. Constructing optimal privacy amplification protocols with an active adversary, for any security parameter; 3. Constructing extractors for independent weak random sources, when the min-entropy is extremely small (i.e., near logarithmic).
For the first two problems, the best known non-malleable extractors by Chattopadhyay, Goyal and Li [CGL16], and by Cohen [Coh16a,Coh16b] all require seed length and min-entropy at least $\log^2 (1/ε)$, where $ε$ is the error of the extractor. As a result, the best known explicit privacy amplification protocols with an active adversary, which achieve 2 rounds of communication and optimal entropy loss in [Li15c,CGL16], can only handle security parameter up to $s=Ω(\sqrt{k})$, where $k$ is the min-entropy of the shared secret weak random source. For larger $s$ the best known protocol with optimal entropy loss in [Li15c] requires $O(s/\sqrt{k})$ rounds of communication.
In this paper we give an explicit non-malleable extractor that only requires seed length and min-entropy $\log^{1+o(1)} (n/ε)$, which also yields a 2-round privacy amplification protocol with optimal entropy loss for security parameter up to $s=k^{1-α}$ for any constant $α>0$.
For the third problem, previously the best known extractor which supports the smallest min-entropy due to Li [Li13a], requires min-entropy $\log^{2+δ} n$ and uses $O(1/δ)$ sources, for any constant $δ>0$. A very recent result by Cohen and Schulman [CS16] improves this, and constructed explicit extractors that use $O(1/δ)$ sources for min-entropy $\log^{1+δ} n$, any constant $δ>0$. In this paper we further improve their result, and give an explicit extractor that uses $O(1)$ (an absolute constant) sources for min-entropy $\log^{1+o(1)} n$.
△ Less
Submitted 4 April, 2016; v1 submitted 16 March, 2016;
originally announced March 2016.
-
Non-Malleable Extractors and Codes, with their Many Tampered Extensions
Authors:
Eshan Chattopadhyay,
Vipul Goyal,
Xin Li
Abstract:
Randomness extractors and error correcting codes are fundamental objects in computer science. Recently, there have been several natural generalizations of these objects, in the context and study of tamper resilient cryptography. These are seeded non-malleable extractors, introduced in [DW09]; seedless non-malleable extractors, introduced in [CG14b]; and non-malleable codes, introduced in [DPW10].…
▽ More
Randomness extractors and error correcting codes are fundamental objects in computer science. Recently, there have been several natural generalizations of these objects, in the context and study of tamper resilient cryptography. These are seeded non-malleable extractors, introduced in [DW09]; seedless non-malleable extractors, introduced in [CG14b]; and non-malleable codes, introduced in [DPW10].
However, explicit constructions of non-malleable extractors appear to be hard, and the known constructions are far behind their non-tampered counterparts.
In this paper we make progress towards solving the above problems. Our contributions are as follows.
(1) We construct an explicit seeded non-malleable extractor for min-entropy $k \geq \log^2 n$. This dramatically improves all previous results and gives a simpler 2-round privacy amplification protocol with optimal entropy loss, matching the best known result in [Li15b].
(2) We construct the first explicit non-malleable two-source extractor for min-entropy $k \geq n-n^{Ω(1)}$, with output size $n^{Ω(1)}$ and error $2^{-n^{Ω(1)}}$.
(3) We initiate the study of two natural generalizations of seedless non-malleable extractors and non-malleable codes, where the sources or the codeword may be tampered many times. We construct the first explicit non-malleable two-source extractor with tampering degree $t$ up to $n^{Ω(1)}$, which works for min-entropy $k \geq n-n^{Ω(1)}$, with output size $n^{Ω(1)}$ and error $2^{-n^{Ω(1)}}$. We show that we can efficiently sample uniformly from any pre-image. By the connection in [CG14b], we also obtain the first explicit non-malleable codes with tampering degree $t$ up to $n^{Ω(1)}$, relative rate $n^{Ω(1)}/n$, and error $2^{-n^{Ω(1)}}$.
△ Less
Submitted 1 May, 2015;
originally announced May 2015.
-
On Low Discrepancy Samplings in Product Spaces of Motion Groups
Authors:
Chandrajit Bajaj,
Abhishek Bhowmick,
Eshan Chattopadhyay,
David Zuckerman
Abstract:
Deterministically generating near-uniform point samplings of the motion groups like SO(3), SE(3) and their n-wise products SO(3)^n, SE(3)^n is fundamental to numerous applications in computational and data sciences. The natural measure of sampling quality is discrepancy. In this work, our main goal is construct low discrepancy deterministic samplings in product spaces of the motion groups. To this…
▽ More
Deterministically generating near-uniform point samplings of the motion groups like SO(3), SE(3) and their n-wise products SO(3)^n, SE(3)^n is fundamental to numerous applications in computational and data sciences. The natural measure of sampling quality is discrepancy. In this work, our main goal is construct low discrepancy deterministic samplings in product spaces of the motion groups. To this end, we develop a novel strategy (using a two-step discrepancy construction) that leads to an almost exponential improvement in size (from the trivial direct product). To the best of our knowledge, this is the first nontrivial construction for SO(3)^n, SE(3)^n and the hypertorus T^n.
We also construct new low discrepancy samplings of S^2 and SO(3). The central component in our construction for SO(3) is an explicit construction of N points in S^2 with discrepancy \tildeØ(1/\sqrt{N}) with respect to convex sets, matching the bound achieved for the special case of spherical caps in \cite{ABD_12}. We also generalize the discrepancy of Cartesian product sets \cite{Chazelle04thediscrepancy} to the discrepancy of local Cartesian product sets.
The tools we develop should be useful in generating low discrepancy samplings of other complicated geometric spaces.
△ Less
Submitted 28 November, 2014;
originally announced November 2014.
