Randomness Extraction Beyond the Classical World Kai-Min Chung Academia Sinica, Taiwan 1 Based on joint works with Xin Li, Yaoyun Shi, and Xiaodi Wu.

Slides:



Advertisements
Similar presentations
On the Complexity of Parallel Hardness Amplification for One-Way Functions Chi-Jen Lu Academia Sinica, Taiwan.
Advertisements

An Introduction to Randomness Extractors Ronen Shaltiel University of Haifa Daddy, how do computers get random bits?
Linear-Degree Extractors and the Inapproximability of Max Clique and Chromatic Number David Zuckerman University of Texas at Austin.
Randomness Extractors & their Cryptographic Applications Salil Vadhan Harvard University
Randomness Extractors: Motivation, Applications and Constructions Ronen Shaltiel University of Haifa.
Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors Ronald Cramer, Yevgeniy Dodis, Serge Fehr, Carles Padro,
Short seed extractors against quantum storage Amnon Ta-Shma Tel-Aviv University 1.
Extracting Randomness From Few Independent Sources Boaz Barak, IAS Russell Impagliazzo, UCSD Avi Wigderson, IAS.
Foundations of Cryptography Lecture 7 Lecturer:Danny Harnik.
Extracting Randomness David Zuckerman University of Texas at Austin.
Approximate List- Decoding and Hardness Amplification Valentine Kabanets (SFU) joint work with Russell Impagliazzo and Ragesh Jaiswal (UCSD)
Randomness Extraction and Privacy Amplification with quantum eavesdroppers Thomas Vidick UC Berkeley Based on joint work with Christopher Portmann, Anindya.
Strong Key Derivation from Biometrics
Expander Graphs, Randomness Extractors and List-Decodable Codes Salil Vadhan Harvard University Joint work with Venkat Guruswami (UW) & Chris Umans (Caltech)
Extractors: applications and constructions Avi Wigderson IAS, Princeton Randomness.
1 Adam O’Neill Leonid Reyzin Boston University A Unified Approach to Deterministic Encryption and a Connection to Computational Entropy Benjamin Fuller.
CS555Topic 191 Cryptography CS 555 Topic 19: Formalization of Public Key Encrpytion.
Serge Fehr & Christian Schaffner CWI Amsterdam, The Netherlands 1 Randomness Extraction via ± -Biased Masking in the Presence of a Quantum Attacker TCC.
NON-MALLEABLE EXTRACTORS AND SYMMETRIC KEY CRYPTOGRAPHY FROM WEAK SECRETS Yevgeniy Dodis and Daniel Wichs (NYU) STOC 2009.
Quantum information as high-dimensional geometry Patrick Hayden McGill University Perspectives in High Dimensions, Cleveland, August 2010.
Outline 1.Introduction 2.The Framework of Untrusted-Device Extraction. 3.Our results 4.Proof Techniques: Miller-Shi 5.Proof Techniques: Chung-Shi-Wu 6.Further.
TAMPER DETECTION AND NON-MALLEABLE CODES Daniel Wichs (Northeastern U)
Fuzzy extractor based on universal hashes
Asymmetric Cryptography part 1 & 2 Haya Shulman Many thanks to Amir Herzberg who donated some of the slides from
3-source extractors, bi-partite Ramsey graphs, and other explicit constructions Boaz barak rOnen shaltiel Benny sudakov avi wigderson Joint work with GUY.
Position Based Cryptography* Nishanth Chandran Vipul Goyal Ryan Moriarty Rafail Ostrovsky UCLA CRYPTO ‘09.
1 Streaming Computation of Combinatorial Objects Ziv Bar-Yossef U.C. Berkeley Omer Reingold AT&T Labs – Research Ronen.
CS151 Complexity Theory Lecture 10 April 29, 2004.
BB84 Quantum Key Distribution 1.Alice chooses (4+  )n random bitstrings a and b, 2.Alice encodes each bit a i as {|0>,|1>} if b i =0 and as {|+>,|->}
On Everlasting Security in the Hybrid Bounded Storage Model Danny Harnik Moni Naor.
EECS 598 Fall ’01 Quantum Cryptography Presentation By George Mathew.
Leakage-Resilient Storage Francesco Davì Stefan Dziembowski Daniele Venturi SCN /09/2010 Sapienza University of Rome.
Extractors with Weak Random Seeds Ran Raz Weizmann Institute.
Simulating independence: new constructions of Condensers, Ramsey Graphs, Dispersers and Extractors Boaz Barak Guy Kindler Ronen Shaltiel Benny Sudakov.
Extractors against classical and quantum adversaries AmnonTa-Shma Tel-Aviv University.
Feynman Festival, Olomouc, June 2009 Antonio Acín N. Brunner, N. Gisin, Ll. Masanes, S. Massar, M. Navascués, S. Pironio, V. Scarani Quantum correlations.
A Few Simple Applications to Cryptography Louis Salvail BRICS, Aarhus University.
Paraty, Quantum Information School, August 2007 Antonio Acín ICFO-Institut de Ciències Fotòniques (Barcelona) Quantum Cryptography (III)
Physical Randomness Extractor Xiaodi Wu (MIT) device ……. Ext(x,s i ) Ext(x,0) Decouple ……. Z1Z1 ZiZi Z i+1 Eve Decouple ……. x uniform-to-all uniform-to-device.
Why Extractors? … Extractors, and the closely related “Dispersers”, exhibit some of the most “random-like” properties of explicitly constructed combinatorial.
Device-independent security in quantum key distribution Lluis Masanes ICFO-The Institute of Photonic Sciences arXiv:
1 A Randomized Space-Time Transmission Scheme for Secret-Key Agreement Xiaohua (Edward) Li 1, Mo Chen 1 and E. Paul Ratazzi 2 1 Department of Electrical.
Extractors: applications and constructions Avi Wigderson IAS, Princeton Randomness Seeded.
Introduction to Quantum Key Distribution
When is Randomness Extraction Possible? David Zuckerman University of Texas at Austin.
1 Explicit Two-Source Extractors and Resilient Functions Eshan Chattopadhyay David Zuckerman UT Austin.
Extractors: applications and constructions Avi Wigderson IAS, Princeton Randomness.
Cryptography In the Bounded Quantum-Storage Model
The question Can we generate provable random numbers? …. ?
TAMPER DETECTION AND NON-MALLEABLE CODES Daniel Wichs (Northeastern U)
What are the minimal assumptions needed for infinite randomness expansion? Henry Yuen (MIT) Stellenbosch, South Africa 27 October 2015.
Presentation Road Map 1 Authenticated Encryption 2 Message Authentication Code (MAC) 3 Authencryption and its Application Objective Modes of Operation.
Feb 18 th, 2014 IQI Seminar, Caltech Kai-Min Chung IIS, Sinica,Taiwan Yaoyun Shi University of Michigan Xiaodi Wu MIT/UC Berkeley device ……. Ext(x,s i.
1 Leonid Reyzin Boston University Adam Smith Weizmann  IPAM  Penn State Robust Fuzzy Extractors & Authenticated Key Agreement from Close Secrets Yevgeniy.
Quantum Cryptography Antonio Acín
Pseudo-random generators Talk for Amnon ’ s seminar.
New Results of Quantum-proof Randomness Extractors Xiaodi Wu (MIT) 1 st Trustworthy Quantum Information Workshop Ann Arbor, USA 1 based on work w/ Kai-Min.
Does Privacy Require True Randomness? Yevgeniy Dodis New York University Joint work with Carl Bosley.
Umans Complexity Theory Lecturess Lecture 11: Randomness Extractors.
Non-malleable Reductions and Applications Divesh Aggarwal * Yevgeniy Dodis * Tomasz Kazana ** Maciej Obremski ** Non-Malleable Codes from Two-Source Extractors.
Intrusion Resilience via the Bounded-Storage Model Stefan Dziembowski Warsaw University and CNR Pisa.
Computational Fuzzy Extractors
Sampling of min-entropy relative to quantum knowledge Robert König in collaboration with Renato Renner TexPoint fonts used in EMF. Read the TexPoint.
Modern symmetric-key Encryption
When are Fuzzy Extractors Possible?
Quantum Information Theory Introduction
Extractors: Optimal Up to Constant Factors
When are Fuzzy Extractors Possible?
Non-Malleable Extractors New tools and improved constructions
Presentation transcript:

Randomness Extraction Beyond the Classical World Kai-Min Chung Academia Sinica, Taiwan 1 Based on joint works with Xin Li, Yaoyun Shi, and Xiaodi Wu

Original Motivation from 90’s Randomness is extremely useful resource – Randomized algorithm, Distributed algorithm, Cryptography,… Typically assume perfect uniform sources – Unbiased, independent random bits – Unrealistic strong assumption? Can we rely on weak sources/assumptions? 2

Randomness Extraction Paradigm Extract uniform randomness from weak random sources – Source = classical distribution over {0,1} n – Correlated and biased (unstructured), guarantee some entropy Impossible given a single such source – Even with n-1 bits of entropy – Several proposed extraction approaches This talk: extraction approaches beyond classical settings – Quantum-proof seeded extractors – Quantum-proof multi-source extractors – Physical randomness extractors (or, randomness amplification for any weak sources) 3

Classical Seeded Extractors [NZ96] Add short uniform seed as catalyst for extraction 4 m almost uniform bits n-bit weak random source X d-bit seed uniform Goal: minimize seed length d, maximize output length m

Pervasive Applications Diverse topics in Theoretical Computer Science – Cryptography, Derandomization [Sis88, NZ93,…], Distributed algorithms [WZ95], Data structures [Ta02], Hardness of Approximation [Zuc93,…] Many applications in Cryptography – Bounded-storage model [Lu02,V03], PRG [HILL89], Biometrics [DRS04], Leakage-resilient crypto [DP09] … Also in Quantum Cryptography – Privacy amplification [BBR88], Randomness expansion, Physical randomness extractors,… 5

Privacy Amplification [BBR88] Alice & Bob share secret weak random source X Goal: extract uniform key Z against eavesdropper Eve 6 Eve Alice Bob X X uniform Y Z=Ext(X,Y) Need explicit construction

Handle Side Information Eve may hold (quantum) side info E about X – e.g., when used as sub-protocol in QKD 7 Alice Bob X X uniform Y Z=Ext(X,Y) Eve E

Quantum-Proof Strong Extractors Want: Ext works against quantum side info 8 Output Z = Ext(X,Y) k-source X Seed Y uniform Eve E

Entropy & Distance: Operational Def. 9

What Do We Know? 10

Our Results [CW15] Optimal seed length for wide range parameters Revisit “block-sampling-&-extraction” framework [NZ96,Z97,SZ99] – Show it can be made quantum-proof – Improve by a new win-win type construction 11

Quantum-proof Multi-source Ext 12

What If We Don’t Have Uniform Seed? Multi-source extractor: use multiple indep. sources 13 X1X1 XtXt Z

Privacy Amp. w/o Perfect Randomness Suppose Alice & Bob have no perfect local randomness 14 Eve Alice Bob X X weak source Y Z=Ext(X,Y)

Quantum-Proof Multi-source Ext 15 Eve E1E1 EtEt X1X1 XtXt Z

Independent Adversary (IA) Model – Require E 1 and E 2 to be independent as well Bounded Storage (BS) Model – Allow entangled (local) side info, put size restriction on E 1, E 2 Classical DEOR Ext works for both models [KK12] 16 Output Z = Ext(X 1,X 2 ) k 1 -source X 1 k 2 -source X 2 Eve E1E1 E2E2 IA & BS Model for Two-sources [KK12]

Our Results [CLW15] General Entanglement (GE) Model – Unify both IA and BS models – Allow entanglement as BS, but NO size restriction – Key: new measure of entropy, avoid “interference” issue Generic techniques to prove GE security 17 (*) except improved two-source Ext of [Li15] (based on [CZ15])

Physical Randomness Extractors 18

What If We Are Paranoid about Independence Assumption? Cannot be verified & don’t know how to guarantee “Device-independent Extractors” – Extract randomness from quantum power without trust 19 source device Accept/Reject Eve X D1D1 D2D2 DtDt E Z

What If We Are Paranoid about Independence Assumption? Cannot be verified & don’t know how to guarantee “Device-independent Extractors” – Extract randomness from quantum power without trust – Randomness expansion: seeded setting still require uniform seed and independence – Randomness amplification: Santha-Vazirani (SV) source Structured source with high min-entropy Does randomness extraction remain feasible without any independence or structural assumptions? 20

Physical Randomness Extractor (PRE) DI extraction for general weak source We construct quantum-secure PRE [CSW14] – Only require O(1) bits min-entropy; minimal assumptions! No-signaling-secure PRE (ongoing work) [CSW15] – Physics interpretation [GMD+13] : stronger dichotomy theorem 21 source device Accept/Reject Eve X D1D1 D2D2 DtDt E Z

Our Explicit Construction of Quantum-proof Seeded Extractor 22

Block Sampling & Extraction Block Sampling & Extraction [NZ96,SZ99,Zuc97] 23 Block-Sampling (one by one) : Block-Extraction (one by one): Preserve entropy rate in blocks Gain block structure Seed = seed for the last short block (“free”)

Block Sampling & Extraction Block Sampling & Extraction [NZ96,SZ99,Zuc97] 24 Block-Sampling (one by one) : Preserve entropy rate in blocks | | | |

Self Composition Self Composition [NZ96,SZ99,Zuc97] 25 What we have achieved: Self composition gives: Self composition again: Ext 1 : Ext 2 : Ext 3 : Self composition s = log*n times: Ext s : = O(log n) need > 1

Win-win argument 26 W1W1 W2W2 W3W3 W4W4 W1W1 W2W2 W3W3 W4W4 Z

Controlling the Parameters 27 W1W1

Summary 28

Open Questions 29

Privacy Amplification with Man-in-the-Middle (MIM) Adversary Eve holds side info E about X & launch MIM attack – Can arbitrarily modify, insert, delete, and reorder message Well-studied problem classically [MW97,DW09,RW03, KR09,CKOR10,DLWZ11,CRS12,Li12,Li15] Motivate quantum-proof non-malleable Ext 30 Alice Bob X X uniform Y Z=Ext(X,Y) Z’=Ext(X,Y’) Eve E Open! for quantum E Open! for quantum E

Cryptography w/ Imperfect Randomness 31

QCrypt against Quantum Side Info Significant gap in our understanding between cryptography against classical vs. quantum side info – Seeded and multi-source extractors – Privacy amplification, non-malleable extractors – Network extractors – Leakage-resilient cryptography, etc It’s time to bridge the gap! 32

Thank you! Questions? 33

Self Composition Self Composition [NZ96,SZ99,Zuc97] 34 What we have achieved: Self composition gives: Self composition again: Ext 1 : Ext 2 : Ext 3 : Idea: Ext 2 use Ext 1 to extract

Self Composition Self Composition [NZ96,SZ99,Zuc97] 35 What we have achieved: Self composition gives: Self composition s = log*n times: Ext 1 : Ext 2 : Ext s : = O(log n) need > 1

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.