Presentation is loading. Please wait.

Presentation is loading. Please wait.

Randomness Extraction Beyond the Classical World Kai-Min Chung Academia Sinica, Taiwan 1 Based on joint works with Xin Li, Yaoyun Shi, and Xiaodi Wu.

Published byJoshua Henry Modified over 9 years ago

Similar presentations

Presentation on theme: "Randomness Extraction Beyond the Classical World Kai-Min Chung Academia Sinica, Taiwan 1 Based on joint works with Xin Li, Yaoyun Shi, and Xiaodi Wu."— Presentation transcript:

1 Randomness Extraction Beyond the Classical World Kai-Min Chung Academia Sinica, Taiwan 1 Based on joint works with Xin Li, Yaoyun Shi, and Xiaodi Wu

2 Original Motivation from 90’s Randomness is extremely useful resource – Randomized algorithm, Distributed algorithm, Cryptography,… Typically assume perfect uniform sources – Unbiased, independent random bits – Unrealistic strong assumption? Can we rely on weak sources/assumptions? 2

3 Randomness Extraction Paradigm Extract uniform randomness from weak random sources – Source = classical distribution over {0,1} n – Correlated and biased (unstructured), guarantee some entropy Impossible given a single such source – Even with n-1 bits of entropy – Several proposed extraction approaches This talk: extraction approaches beyond classical settings – Quantum-proof seeded extractors – Quantum-proof multi-source extractors – Physical randomness extractors (or, randomness amplification for any weak sources) 3

4 Classical Seeded Extractors [NZ96] Add short uniform seed as catalyst for extraction 4 m almost uniform bits n-bit weak random source X d-bit seed uniform Goal: minimize seed length d, maximize output length m

5 Pervasive Applications Diverse topics in Theoretical Computer Science – Cryptography, Derandomization [Sis88, NZ93,…], Distributed algorithms [WZ95], Data structures [Ta02], Hardness of Approximation [Zuc93,…] Many applications in Cryptography – Bounded-storage model [Lu02,V03], PRG [HILL89], Biometrics [DRS04], Leakage-resilient crypto [DP09] … Also in Quantum Cryptography – Privacy amplification [BBR88], Randomness expansion, Physical randomness extractors,… 5

6 Privacy Amplification [BBR88] Alice & Bob share secret weak random source X Goal: extract uniform key Z against eavesdropper Eve 6 Eve Alice Bob X X uniform Y Z=Ext(X,Y) Need explicit construction

7 Handle Side Information Eve may hold (quantum) side info E about X – e.g., when used as sub-protocol in QKD 7 Alice Bob X X uniform Y Z=Ext(X,Y) Eve E

8 Quantum-Proof Strong Extractors Want: Ext works against quantum side info 8 Output Z = Ext(X,Y) k-source X Seed Y uniform Eve E

9 Entropy & Distance: Operational Def. 9

10 What Do We Know? 10

11 Our Results [CW15] Optimal seed length for wide range parameters Revisit “block-sampling-&-extraction” framework [NZ96,Z97,SZ99] – Show it can be made quantum-proof – Improve by a new win-win type construction 11

12 Quantum-proof Multi-source Ext 12

13 What If We Don’t Have Uniform Seed? Multi-source extractor: use multiple indep. sources 13 X1X1 XtXt Z

14 Privacy Amp. w/o Perfect Randomness Suppose Alice & Bob have no perfect local randomness 14 Eve Alice Bob X X weak source Y Z=Ext(X,Y)

15 Quantum-Proof Multi-source Ext 15 Eve E1E1 EtEt X1X1 XtXt Z

16 Independent Adversary (IA) Model – Require E 1 and E 2 to be independent as well Bounded Storage (BS) Model – Allow entangled (local) side info, put size restriction on E 1, E 2 Classical DEOR Ext works for both models [KK12] 16 Output Z = Ext(X 1,X 2 ) k 1 -source X 1 k 2 -source X 2 Eve E1E1 E2E2 IA & BS Model for Two-sources [KK12]

17 Our Results [CLW15] General Entanglement (GE) Model – Unify both IA and BS models – Allow entanglement as BS, but NO size restriction – Key: new measure of entropy, avoid “interference” issue Generic techniques to prove GE security 17 (*) except improved two-source Ext of [Li15] (based on [CZ15])

18 Physical Randomness Extractors 18

19 What If We Are Paranoid about Independence Assumption? Cannot be verified & don’t know how to guarantee “Device-independent Extractors” – Extract randomness from quantum power without trust 19 source device Accept/Reject Eve X D1D1 D2D2 DtDt E Z

20 What If We Are Paranoid about Independence Assumption? Cannot be verified & don’t know how to guarantee “Device-independent Extractors” – Extract randomness from quantum power without trust – Randomness expansion: seeded setting still require uniform seed and independence – Randomness amplification: Santha-Vazirani (SV) source Structured source with high min-entropy Does randomness extraction remain feasible without any independence or structural assumptions? 20

21 Physical Randomness Extractor (PRE) DI extraction for general weak source We construct quantum-secure PRE [CSW14] – Only require O(1) bits min-entropy; minimal assumptions! No-signaling-secure PRE (ongoing work) [CSW15] – Physics interpretation [GMD+13] : stronger dichotomy theorem 21 source device Accept/Reject Eve X D1D1 D2D2 DtDt E Z

22 Our Explicit Construction of Quantum-proof Seeded Extractor 22

23 Block Sampling & Extraction Block Sampling & Extraction [NZ96,SZ99,Zuc97] 23 Block-Sampling (one by one) : Block-Extraction (one by one): Preserve entropy rate in blocks Gain block structure Seed = seed for the last short block (“free”)

24 Block Sampling & Extraction Block Sampling & Extraction [NZ96,SZ99,Zuc97] 24 Block-Sampling (one by one) : Preserve entropy rate in blocks | | | |

25 Self Composition Self Composition [NZ96,SZ99,Zuc97] 25 What we have achieved: Self composition gives: Self composition again: Ext 1 : Ext 2 : Ext 3 : Self composition s = log*n times: Ext s : = O(log n) need > 1

26 Win-win argument 26 W1W1 W2W2 W3W3 W4W4 W1W1 W2W2 W3W3 W4W4 Z

27 Controlling the Parameters 27 W1W1

28 Summary 28

29 Open Questions 29

30 Privacy Amplification with Man-in-the-Middle (MIM) Adversary Eve holds side info E about X & launch MIM attack – Can arbitrarily modify, insert, delete, and reorder message Well-studied problem classically [MW97,DW09,RW03, KR09,CKOR10,DLWZ11,CRS12,Li12,Li15] Motivate quantum-proof non-malleable Ext 30 Alice Bob X X uniform Y Z=Ext(X,Y) Z’=Ext(X,Y’) Eve E Open! for quantum E Open! for quantum E

31 Cryptography w/ Imperfect Randomness 31

32 QCrypt against Quantum Side Info Significant gap in our understanding between cryptography against classical vs. quantum side info – Seeded and multi-source extractors – Privacy amplification, non-malleable extractors – Network extractors – Leakage-resilient cryptography, etc It’s time to bridge the gap! 32

33 Thank you! Questions? 33

34 Self Composition Self Composition [NZ96,SZ99,Zuc97] 34 What we have achieved: Self composition gives: Self composition again: Ext 1 : Ext 2 : Ext 3 : Idea: Ext 2 use Ext 1 to extract

35 Self Composition Self Composition [NZ96,SZ99,Zuc97] 35 What we have achieved: Self composition gives: Self composition s = log*n times: Ext 1 : Ext 2 : Ext s : = O(log n) need > 1

Download ppt "Randomness Extraction Beyond the Classical World Kai-Min Chung Academia Sinica, Taiwan 1 Based on joint works with Xin Li, Yaoyun Shi, and Xiaodi Wu."

Similar presentations

On the Complexity of Parallel Hardness Amplification for One-Way Functions Chi-Jen Lu Academia Sinica, Taiwan.

On the Complexity of Parallel Hardness Amplification for One-Way Functions Chi-Jen Lu Academia Sinica, Taiwan.
An Introduction to Randomness Extractors Ronen Shaltiel University of Haifa Daddy, how do computers get random bits?

An Introduction to Randomness Extractors Ronen Shaltiel University of Haifa Daddy, how do computers get random bits?
Linear-Degree Extractors and the Inapproximability of Max Clique and Chromatic Number David Zuckerman University of Texas at Austin.

Linear-Degree Extractors and the Inapproximability of Max Clique and Chromatic Number David Zuckerman University of Texas at Austin.
Randomness Extractors & their Cryptographic Applications Salil Vadhan Harvard University

Randomness Extractors & their Cryptographic Applications Salil Vadhan Harvard University
Randomness Extractors: Motivation, Applications and Constructions Ronen Shaltiel University of Haifa.

Randomness Extractors: Motivation, Applications and Constructions Ronen Shaltiel University of Haifa.
Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors Ronald Cramer, Yevgeniy Dodis, Serge Fehr, Carles Padro,

Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors Ronald Cramer, Yevgeniy Dodis, Serge Fehr, Carles Padro,
Short seed extractors against quantum storage Amnon Ta-Shma Tel-Aviv University 1.

Short seed extractors against quantum storage Amnon Ta-Shma Tel-Aviv University 1.
Extracting Randomness From Few Independent Sources Boaz Barak, IAS Russell Impagliazzo, UCSD Avi Wigderson, IAS.

Extracting Randomness From Few Independent Sources Boaz Barak, IAS Russell Impagliazzo, UCSD Avi Wigderson, IAS.
Foundations of Cryptography Lecture 7 Lecturer:Danny Harnik.

Foundations of Cryptography Lecture 7 Lecturer:Danny Harnik.
Extracting Randomness David Zuckerman University of Texas at Austin.

Extracting Randomness David Zuckerman University of Texas at Austin.
Approximate List- Decoding and Hardness Amplification Valentine Kabanets (SFU) joint work with Russell Impagliazzo and Ragesh Jaiswal (UCSD)

Approximate List- Decoding and Hardness Amplification Valentine Kabanets (SFU) joint work with Russell Impagliazzo and Ragesh Jaiswal (UCSD)
Randomness Extraction and Privacy Amplification with quantum eavesdroppers Thomas Vidick UC Berkeley Based on joint work with Christopher Portmann, Anindya.

Randomness Extraction and Privacy Amplification with quantum eavesdroppers Thomas Vidick UC Berkeley Based on joint work with Christopher Portmann, Anindya.
Strong Key Derivation from Biometrics

Strong Key Derivation from Biometrics
Expander Graphs, Randomness Extractors and List-Decodable Codes Salil Vadhan Harvard University Joint work with Venkat Guruswami (UW) & Chris Umans (Caltech)

Expander Graphs, Randomness Extractors and List-Decodable Codes Salil Vadhan Harvard University Joint work with Venkat Guruswami (UW) & Chris Umans (Caltech)
Extractors: applications and constructions Avi Wigderson IAS, Princeton Randomness.

Extractors: applications and constructions Avi Wigderson IAS, Princeton Randomness.
1 Adam O’Neill Leonid Reyzin Boston University A Unified Approach to Deterministic Encryption and a Connection to Computational Entropy Benjamin Fuller.

1 Adam O’Neill Leonid Reyzin Boston University A Unified Approach to Deterministic Encryption and a Connection to Computational Entropy Benjamin Fuller.
CS555Topic 191 Cryptography CS 555 Topic 19: Formalization of Public Key Encrpytion.

CS555Topic 191 Cryptography CS 555 Topic 19: Formalization of Public Key Encrpytion.
Serge Fehr & Christian Schaffner CWI Amsterdam, The Netherlands 1 Randomness Extraction via ± -Biased Masking in the Presence of a Quantum Attacker TCC.

Serge Fehr & Christian Schaffner CWI Amsterdam, The Netherlands 1 Randomness Extraction via ± -Biased Masking in the Presence of a Quantum Attacker TCC.
NON-MALLEABLE EXTRACTORS AND SYMMETRIC KEY CRYPTOGRAPHY FROM WEAK SECRETS Yevgeniy Dodis and Daniel Wichs (NYU) STOC 2009.

NON-MALLEABLE EXTRACTORS AND SYMMETRIC KEY CRYPTOGRAPHY FROM WEAK SECRETS Yevgeniy Dodis and Daniel Wichs (NYU) STOC 2009.
Quantum information as high-dimensional geometry Patrick Hayden McGill University Perspectives in High Dimensions, Cleveland, August 2010.

Quantum information as high-dimensional geometry Patrick Hayden McGill University Perspectives in High Dimensions, Cleveland, August 2010.

Similar presentations

Ads by Google