Presentation is loading. Please wait.

Presentation is loading. Please wait.

New Results of Quantum-proof Randomness Extractors Xiaodi Wu (MIT) 1 st Trustworthy Quantum Information Workshop Ann Arbor, USA 1 based on work w/ Kai-Min.

Published byGrace Richard Modified over 8 years ago

Similar presentations

Presentation on theme: "New Results of Quantum-proof Randomness Extractors Xiaodi Wu (MIT) 1 st Trustworthy Quantum Information Workshop Ann Arbor, USA 1 based on work w/ Kai-Min."— Presentation transcript:

1 New Results of Quantum-proof Randomness Extractors Xiaodi Wu (MIT) 1 st Trustworthy Quantum Information Workshop Ann Arbor, USA 1 based on work w/ Kai-Min Chung and Xin Li, arXiv: 1411.2315 and work w/Kai-Min Chung, in preparation

2 Randomness Extractor: Seeded [SV84,Vaz85,VV85,CG85,Vaz87,CW89,Zuc90,Zuc91,…] A deterministic function converts indep. weak random sources with entropy to almost-uniform randomness 2 seed source X UdUd Z

3 Randomness Extractor: Multi-source [CG85, BIK04, Raz, Rao, Bourgain, Li ……] A deterministic function converts indep. weak random sources with entropy to almost-uniform randomness 3 weak random source X1X1 XtXt Z

4 Applications beyond randomness Classical TCS – Cryptography, Derandomization [Sis88, NZ93,…], Distributed algorithms [WZ95], Data structures [Ta02], Hardness of Approximation [Zuc93,…] Quantum Information – Privacy amplification (QKD) [BB84, BBR…], device- independent crypto [VV12, MS14, CSW14, B+, …] – Bounded-storage model [DFSS08,…] 4

5 5 This talk: Q. Seeded Extractors with Optimal Parameters: (Chung, W, in preparation) * a new construction optimal w/ inverse poly rate source * new techniques for quantum-proof condensers Q. Side Info Model for Multi-source Extraction: (Chung, Li, W, arXiv: 1411.2315) * a proposal naturally unifying and extending existing models * q. multi-source extractors w/ matching paras to classical

6 6 Q. Seeded Extractors with Optimal Parameters: (Chung, W, in preparation) * a new construction optimal w/ inverse poly rate source * new techniques for quantum-proof condensers

7 Quantum Side Info: seeded extraction 7

8 Seeded Extractors against Side Info [R05,KMR05,KT08,DV10,T11,DPVR11] 8 seed source Seeded Randomness Extractor X UdUd Z adversary classical-secure marginal-secure for classical side-info for no side-info

9 What do we want? 9 Trevisan [T, DV, DPVR] m=k 0.98 d=O(log(n)) Left-over hashing [KMR, TSSR] m~=k

10 10 What GUV requires? GUV: Very Good Condenser Block Extraction & Composition Partial Progress: Cond. Inv. poly Extends to quantum setting Q. Extractor: (new even classically) Remark: inverse-poly rate sources are good for most applications! Our Contribution:

11 Our strategy Refer to Chung’s talk for technique limitations Resort to extractor paradigm [NZ,SZ, Zuc] before Trevisian, based on block-sampling & block-extraction. Our Observation: – A) this paradigm extends to the quantum setting – B) A new condenser/extractor in this paradigm 11 (n,k) source Sampling a subset: Hope: min-entropy rate remains Non-trivial to prove classically (e.g, Zuc97, Vad03). The quantum version by Koenig & Renner 11 However, this does not condense! Block-Sampling!

12 Block Sampling & Extraction [NZ,SZ,Zuc] 12 (n,k) source Block-Sampling (one by one) : Structure Entropy while keeping the rate Block-Extraction (one by one): Competing Parameters: 1) able to sample 2) able to extract => optimal paras for const entropy-rate sources [Zuc] Exp. increase Seed length Our Contribution: this construction is also quantum-proof. Observation: well, it does not need to be able to sample & extract at the same time! When fails to sample, it condenses! A win-win argument! Observation: well, it does not need to be able to sample & extract at the same time! When fails to sample, it condenses! A win-win argument!

13 Condenser: 1/poly rate -> const rate (Win-Win argument) 13 (n,k) Sampling ( if success -> extraction, otherwise condensing) E1E1 E2E2 Sample again on a shorter input …… E3E3 C 0 length k …… const Rounds (C0, E1,E2,…) -> const rate source Quantum: 1) sampling [KR] 2) remaining analysis & comp.

14 Summary: 14 Zuckerman’s Extractor Win-Win Condenser

15 15 Q. Side Info Model for Multi-source Extraction: (Chung, Li, W, arXiv: 1411.2315) * a proposal naturally unifying and extending existing models * q. multi-source extractors w/ matching paras to classical

16 Multi-source Extractors [BIW04] 16 source X1X1 XtXt Z Multi-source Extractor

17 Side Info. of multiple sources? 17 Want: a general definition of entropy & sufficient entropy => extractability. adversary Restriction on E is necessary!

18 Simple Models Independent Adversary (IA): each source leaks own side information However, IA fails to consider the entanglement /correlation. Bounded Storage Adv (BS): allow entangle; one-round leaking [KK12] May break independence; non-trivial even for classical side info 18 source X1X1 X2X2 Z Two-source Extractor adversary A2A2 E2E2 A1A1 E1E1

19 Kasher & Kempe 12 19 The [DEOR04] extractor works with comparable parameters in both IA & BS models, although side info breaks independence. ISSUEs: No unified model & No unified entropy measure Technique-wise very specific to the [DEOR04] extractor Our Contribution: A Unified & Generalized Model: General Entangled (GE) model Take the one-round leaking model [KK12] + right entropy measure Prove most existing two-/multi-source extractors are GE-secure e.g., Raz, Bourgain, Li, BRSW, Rao, …. Remarks on the model: 1. Could refer to a practical scenario of generating side-info: when parties are far apart from each other & leaking procedure is short! 2. Unclear about extension to multiple rounds. Could fall into the previous counter-example.

20 Entropy measure: problematic [KK12]

21 EtEt Contribution I: General Entangled (GE) Model 21 adversary X2X2 XtXt X1X1 A1A1 AtAt E1E1 A2A2 E2E2 A1A1 AtAt

22 General Entangled (GE) Model 22

23 General Entangled (GE) Model 23

24 GE-secure Multi-source Extractors 24 source X1X1 XtXt Z Multi-source Extractor adversary

25 Existing Two-source Extractors (e.g., Raz, Bourgain, existential ones) are GE-secure. Any Multi-source Extractors (e.g., Li, BRSW, Rao) can be upgraded to be GE-secure. Both w/ matching parameters. 25 Contribution II: GE-secure extractors GE- Strong OA Security Equivalence! Obtain Strong OA Security: XOR, +1 source, block-source Omitted!

26 Only get side info from a single source – at adversary’s choice (without seeing the sources) Weaker than IA & GE OA-sources & OA-secure extractors defined similarly One-sided Adversary (OA) Model 26 adversary XiXi XtXt X1X1 AiAi EiEi

27 Strong OA-GE Security Equivalence 27 M OA IA BS GE classical side-info no side-info strong ext.

28 Strong OA-GE Security Equivalence 28 EtEt adversary X2X2 XtXt X1X1 A1A1 AtAt E1E1 A2A2 E2E2 A1A1 A2A2 Apply Ext S Leaking on X S

29 Proof: simulation b/c 29 Apply OA Ext Leaking on X S COMMUTE (strong) Leaking on X t, Leaking on X S, Apply Ext Leaking on X t, Apply Ext, Leaking on X S = Apply OA security w/ sufficient entropy

30 Summary 30 M OA IA BS GE strong ext.

31 31 Conclusions: Q. Seeded Extractor optimal w/ inv. poly rate sources Q. Multi-source: side info model & extractors Open Questions: Better Q. Extractor/Condenser? Optimal Parameters for any source? Alternative/General Side Info Model allowing extraction?

32 Thanks! Questions? 32

33 Obtain Strong OA-security (I): +1 source 33 X1X1 XtXt Y X t+1 Z LIFT: marginal uniform + seeded quantum extractor -> quantum-proof uniform

34 34

35 Entropy measure: problematic [KK12] 35 X1X1 X2X2 adversary

Download ppt "New Results of Quantum-proof Randomness Extractors Xiaodi Wu (MIT) 1 st Trustworthy Quantum Information Workshop Ann Arbor, USA 1 based on work w/ Kai-Min."

Similar presentations

On the Complexity of Parallel Hardness Amplification for One-Way Functions Chi-Jen Lu Academia Sinica, Taiwan.

On the Complexity of Parallel Hardness Amplification for One-Way Functions Chi-Jen Lu Academia Sinica, Taiwan.
An Introduction to Randomness Extractors Ronen Shaltiel University of Haifa Daddy, how do computers get random bits?

An Introduction to Randomness Extractors Ronen Shaltiel University of Haifa Daddy, how do computers get random bits?
Pseudorandomness from Shrinkage David Zuckerman University of Texas at Austin Joint with Russell Impagliazzo and Raghu Meka.

Pseudorandomness from Shrinkage David Zuckerman University of Texas at Austin Joint with Russell Impagliazzo and Raghu Meka.
Deterministic Extractors for Small Space Sources Jesse Kamp, Anup Rao, Salil Vadhan, David Zuckerman.

Deterministic Extractors for Small Space Sources Jesse Kamp, Anup Rao, Salil Vadhan, David Zuckerman.
Linear-Degree Extractors and the Inapproximability of Max Clique and Chromatic Number David Zuckerman University of Texas at Austin.

Linear-Degree Extractors and the Inapproximability of Max Clique and Chromatic Number David Zuckerman University of Texas at Austin.
Randomness Extractors: Motivation, Applications and Constructions Ronen Shaltiel University of Haifa.

Randomness Extractors: Motivation, Applications and Constructions Ronen Shaltiel University of Haifa.
Short seed extractors against quantum storage Amnon Ta-Shma Tel-Aviv University 1.

Short seed extractors against quantum storage Amnon Ta-Shma Tel-Aviv University 1.
Extracting Randomness From Few Independent Sources Boaz Barak, IAS Russell Impagliazzo, UCSD Avi Wigderson, IAS.

Extracting Randomness From Few Independent Sources Boaz Barak, IAS Russell Impagliazzo, UCSD Avi Wigderson, IAS.
Extracting Randomness David Zuckerman University of Texas at Austin.

Extracting Randomness David Zuckerman University of Texas at Austin.
Approximate List- Decoding and Hardness Amplification Valentine Kabanets (SFU) joint work with Russell Impagliazzo and Ragesh Jaiswal (UCSD)

Approximate List- Decoding and Hardness Amplification Valentine Kabanets (SFU) joint work with Russell Impagliazzo and Ragesh Jaiswal (UCSD)
Randomness Extraction and Privacy Amplification with quantum eavesdroppers Thomas Vidick UC Berkeley Based on joint work with Christopher Portmann, Anindya.

Randomness Extraction and Privacy Amplification with quantum eavesdroppers Thomas Vidick UC Berkeley Based on joint work with Christopher Portmann, Anindya.
Simple extractors for all min- entropies and a new pseudo- random generator Ronen Shaltiel Chris Umans.

Simple extractors for all min- entropies and a new pseudo- random generator Ronen Shaltiel Chris Umans.
Expander Graphs, Randomness Extractors and List-Decodable Codes Salil Vadhan Harvard University Joint work with Venkat Guruswami (UW) & Chris Umans (Caltech)

Expander Graphs, Randomness Extractors and List-Decodable Codes Salil Vadhan Harvard University Joint work with Venkat Guruswami (UW) & Chris Umans (Caltech)
Extractors: applications and constructions Avi Wigderson IAS, Princeton Randomness.

Extractors: applications and constructions Avi Wigderson IAS, Princeton Randomness.
Robust Randomness Expansion Upper and Lower Bounds Matthew Coudron, Thomas Vidick, Henry Yuen arXiv:1305.6626.

Robust Randomness Expansion Upper and Lower Bounds Matthew Coudron, Thomas Vidick, Henry Yuen arXiv:
1 Adam O’Neill Leonid Reyzin Boston University A Unified Approach to Deterministic Encryption and a Connection to Computational Entropy Benjamin Fuller.

1 Adam O’Neill Leonid Reyzin Boston University A Unified Approach to Deterministic Encryption and a Connection to Computational Entropy Benjamin Fuller.
Local correlation breakers and applications Gil Cohen.

Local correlation breakers and applications Gil Cohen.
Serge Fehr & Christian Schaffner CWI Amsterdam, The Netherlands 1 Randomness Extraction via ± -Biased Masking in the Presence of a Quantum Attacker TCC.

Serge Fehr & Christian Schaffner CWI Amsterdam, The Netherlands 1 Randomness Extraction via ± -Biased Masking in the Presence of a Quantum Attacker TCC.
NON-MALLEABLE EXTRACTORS AND SYMMETRIC KEY CRYPTOGRAPHY FROM WEAK SECRETS Yevgeniy Dodis and Daniel Wichs (NYU) STOC 2009.

NON-MALLEABLE EXTRACTORS AND SYMMETRIC KEY CRYPTOGRAPHY FROM WEAK SECRETS Yevgeniy Dodis and Daniel Wichs (NYU) STOC 2009.
Derandomized parallel repetition theorems for free games Ronen Shaltiel, University of Haifa.

Derandomized parallel repetition theorems for free games Ronen Shaltiel, University of Haifa.

Similar presentations

Ads by Google