Abstract
Most entropy notions \({H(.)}\) like Shannon or min-entropy satisfy a chain rule stating that for random variables \({X,Z,}\) and \({A}\) we have \({H(X|Z,A)\ge H(X|Z)-|A|}\). That is, by conditioning on \({A}\) the entropy of \({X}\) can decrease by at most the bitlength \({|A|}\) of \({A}\). Such chain rules are known to hold for some computational entropy notions like Yao’s and unpredictability-entropy. For HILL entropy, the computational analogue of min-entropy, the chain rule is of special interest and has found many applications, including leakage-resilient cryptography, deterministic encryption, and memory delegation. These applications rely on restricted special cases of the chain rule. Whether the chain rule for conditional HILL entropy holds in general was an open problem for which we give a strong negative answer: we construct joint distributions \({(X,Z,A)}\), where \({A}\) is a distribution over a single bit, such that the HILL entropy H HILL \({(X|Z)}\) is large but H HILL \({(X|Z,A)}\) is basically zero.
Our counterexample just makes the minimal assumption that \({{\mathbf{NP}} \nsubseteq{\mathbf{P/poly}}}\). Under the stronger assumption that injective one-way function exist, we can make all the distributions efficiently samplable.
Finally, we show that some more sophisticated cryptographic objects like lossy functions can be used to sample a distribution constituting a counterexample to the chain rule making only a single invocation to the underlying object.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
B. Barak, R. Shaltiel & A. Wigderson (2003). Computational Analogues of Entropy. In RANDOM-APPROX 2003, S. Arora, K. Jansen, J. D. P. Rolim & A. Sahai, editors, volume 2764 of LNCS, 200–215. Springer.
R. Bendlin, J. B. Nielsen, P. S. Nordholt & C. Orlandi (2011). Lower and Upper Bounds for Deniable Public-Key Encryption. In ASIACRYPT 2011, D. H. Lee & X. Wang, editors, volume 7073 of LNCS, 125–142. Springer.
Blum M., Micali S. (1984) How to generate cryptographically strong sequences of pseudorandom bits. SIAM Journal on Computing 13(4): 850–864
R. Canetti, C. Dwork, M. Naor & R. Ostrovsky (1997). Deniable Encryption. In CRYPTO 1997, B. S. Kaliski Jr., editor, volume 1294 of LNCS, 90–104. Springer.
K.-M. Chung, Y. T. Kalai, F.-H. Liu & R. Raz (2011). Memory Delegation. In CRYPTO 2011, P. Rogaway, editor, volume 6841 of LNCS, 151–168. Springer.
Dodis Y., Ostrovsky R., Reyzin L., Smith A. (2008) Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data. SIAM Journal on Computing 38(1): 97–139
M. Dürmuth & D. M. Freeman (2011). Deniable Encryption with Negligible Detection Probability: An Interactive Construction. In EUROCRYPT 2011, K. G. Paterson, editor, volume 6632 of LNCS, 610–626. Springer. Full version including a description of the flaw available at: http://eprint.iacr.org/2011/066.pdf.
S. Dziembowski & K. Pietrzak (2008). Leakage-Resilient Cryptography. In FOCS 2008, 293–302. IEEE Computer Society.
B. Fuller, A. O’Neill & L. Reyzin (2012). A Unified Approach to Deterministic Encryption: New Constructions and a Connection to Computational Entropy. In TCC 2012, R. Cramer, editor, volume 7194 of LNCS, 582–599. Springer.
S. Garg, C. Gentry, S. Halevi, M. Raykova, A. Sahai & B. Waters (2013). Candidate Indistinguishability Obfuscation and Functional Encryption for all Circuits. In FOCS, 40–49. IEEE Computer Society.
C. Gentry & D. Wichs (2011). Separating succinct non-interactive arguments from all falsifiable assumptions. In 43rd ACM STOC, L. Fortnow & S. P. Vadhan, editors, 99–108. ACM Press, San Jose, California, USA.
O. Goldreich (2000). Foundations of Cryptography: Basic Tools. Cambridge University Press, New York, NY, USA. ISBN 0521791723.
O. Goldreich (2008). Computational Complexity: A Conceptual Perspective. Cambridge University Press. ISBN 9781139472746. URL http://books.google.at/books?id=EuguvA-w5OEC.
Håstad J., Impagliazzo R., Levin L. A., Luby M. (1999) A Pseudorandom Generator from any One-way Function. SIAM Journal on Computing 28(4): 1364–1396
T. Holenstein (2005). Key agreement from weak bit agreement. In 37th ACM STOC, H. N. Gabow & R. Fagin, editors, 664–673. ACM Press, Baltimore, Maryland, USA.
C.-Y. Hsiao, C.-J. Lu & L. Reyzin (2007). Conditional Computational Entropy, or Toward Separating Pseudoentropy from Compressibility. In EUROCRYPT 2007, M. Naor, editor, volume 4515 of LNCS, 169–186. Springer.
R. Impagliazzo (1995). Hard-Core Distributions for Somewhat Hard Problems. In FOCS, 538–545.
D. Jetchev & K. Pietrzak (2014). How to Fake Auxiliary Input. In TCC 2014, Y. Lindell, editor, volume 8349 of LNCS, 566–590. Springer.
S. Krenn, K. Pietrzak & A. Wadia (2013). A Counterexample to the Chain Rule for Conditional HILL Entropy - And What Deniable Encryption Has to Do with It. In TCC 2013, Amit Sahai, editor, volume 7785 of LNCS, 23–39. Springer.
Naor M. (1991) Bit Commitment Using Pseudorandomness. Journal of Cryptology 4(2): 151–158
C. Peikert & B. Waters (2008). Lossy Trapdoor Functions and Their Applications. In 40th ACM STOC, C. Dwork, editor, 187–196. ACM.
O. Reingold, L. Trevisan, M. Tulsiani & S. P. Vadhan (2008). Dense Subsets of Pseudorandom Sets. In FOCS 08, 76–85. IEEE Computer Society.
L. Reyzin (2011). Some Notions of Entropy for Cryptography. In ICITS 2011, S. Fehr, editor, volume 6673 of LNCS, 138–142. Springer.
A. Sahai & B. Waters (2013). How to Use Indistinguishability Obfuscation: Deniable Encryption, and More. Cryptology ePrint Archive, Report 2013/454. http://eprint.iacr.org/.
M. Skorski (2013). Modulus Computational Entropy. CoRR abs/1302.2128.
L. Trevisan, M. Tulsiani & S. P. Vadhan (2009). Regularity, Boosting, and Efficiently Simulating Every High-Entropy Distribution. In IEEE Conference on Computational Complexity, 126–136.
S. P. Vadhan & C. J. Zheng (2012). Characterizing pseudoentropy and simplifying pseudorandom generator constructions. In 44th ACM STOC, H. J. Karloff & T. Pitassi, editors, 817–836. ACM Press, New York, NY, USA.
S. P. Vadhan & C. J. Zheng (2013). A Uniform Min-Max Theorem with Applications in Cryptography. In CRYPTO 2013, Part I, R. Canetti & J. A. Garay, editors, volume 8042 of LNCS, 93–110. Springer, Berlin, Germany, Santa Barbara, CA, USA.
Valiant L. G., Vazirani V. V. (1986) NP is as Easy as Detecting Unique Solutions. Theor. Comput. Sci. 47(3): 85–93
A. C. Yao (1982). Theory and Applications of Trapdoor Functions (Extended Abstract). In FOCS 1982, 80–91. IEEE Computer Society.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Krenn, S., Pietrzak, K., Wadia, A. et al. A counterexample to the chain rule for conditional HILL entropy. comput. complex. 25, 567–605 (2016). https://doi.org/10.1007/s00037-015-0120-9
Received:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00037-015-0120-9