Theory of Cryptography Conference

TCC 2016: Theory of Cryptography pp 159-179

Simulating Auxiliary Inputs, Revisited

Conference paper

DOI: 10.1007/978-3-662-53641-4_7

Volume 9985 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Skórski M. (2016) Simulating Auxiliary Inputs, Revisited. In: Hirt M., Smith A. (eds) Theory of Cryptography. TCC 2016. Lecture Notes in Computer Science, vol 9985. Springer, Berlin, Heidelberg


For any pair (XZ) of correlated random variables we can think of Z as a randomized function of X. If the domain of Z is small, one can make this function computationally efficient by allowing it to be only approximately correct. In folklore this problem is known as simulating auxiliary inputs. This idea of simulating auxiliary information turns out to be a very usefull tool, finding applications in complexity theory, cryptography, pseudorandomness and zero-knowledge. In this paper we revisit this problem, achieving the following results:
  1. (a)

    We present a novel boosting algorithm for constructing the simulator. This boosting proof is of independent interest, as it shows how to handle “negative mass” issues when constructing probability measures by shifting distinguishers in descent algorithms. Our technique essentially fixes the flaw in the TCC’14 paper “How to Fake Auxiliary Inputs”.

  2. (b)

    The complexity of our simulator is better than in previous works, including results derived from the uniform min-max theorem due to Vadhan and Zheng. To achieve \((s,\epsilon )\)-indistinguishability we need the complexity \(O\left( s\cdot 2^{5\ell }\epsilon ^{-2}\right) \) in time/circuit size, which improve previous bounds by a factor of \(\epsilon ^{-2}\). In particular, with we get meaningful provable security for the EUROCRYPT’09 leakage-resilient stream cipher instantiated with a standard 256-bit block cipher, like \(\mathsf {AES256}\).


Our boosting technique utilizes a two-step approach. In the first step we shift the current result (as in gradient or sub-gradient descent algorithms) and in the separate step we fix the biggest non-negative mass constraint violation (if applicable).


Simulating auxiliary inputs Boosting Leakage-resilient cryptography Stream ciphers Computational indistinguishability 

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  1. 1.University of WarsawWarsawPoland