Computational Extractors and Pseudorandomness

  • Dana Dachman-Soled
  • Rosario Gennaro
  • Hugo Krawczyk
  • Tal Malkin
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7194)

Abstract

Computational extractors are efficient procedures that map a source of sufficiently high min-entropy to an output that is computationally indistinguishable from uniform. By relaxing the statistical closeness property of traditional randomness extractors one hopes to improve the efficiency and entropy parameters of these extractors, while keeping their utility for cryptographic applications. In this work we investigate computational extractors and consider questions of existence and inherent complexity from the theoretical and practical angles, with particular focus on the relationship to pseudorandomness.

An obvious way to build a computational extractor is via the “extract-then-prg” method: apply a statistical extractor and use its output to seed a PRG. This approach carries with it the entropy cost inherent to implementing statistical extractors, namely, the source entropy needs to be substantially higher than the PRG’s seed length. It also requires a PRG and thus relies on one-way functions.

We study the necessity of one-way functions in the construction of computational extractors and determine matching lower and upper bounds on the “black-box efficiency” of generic constructions of computational extractors that use a one-way permutation as an oracle. Under this efficiency measure we prove a direct correspondence between the complexity of computational extractors and that of pseudorandom generators, showing the optimality of the extract-then-prg approach for generic constructions of computational extractors and confirming the intuition that to build a computational extractor via a PRG one needs to make up for the entropy gap intrinsic to statistical extractors.

On the other hand, we show that with stronger cryptographic primitives one can have more entropy- and computationally-efficient constructions. In particular, we show a construction of a very practical computational extractor from any weak PRF without resorting to statistical extractors.

Keywords

Statistical Extractor Pseudorandom Generator Oracle Access Probability Ensemble Strong Extractor 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. [BDK+11]
    Barak, B., Dodis, Y., Krawczyk, H., Pereira, O., Pietrzak, K., Standaert, F.-X., Yu, Y.: Leftover Hash Lemma, Revisited. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 1–20. Springer, Heidelberg (2011)Google Scholar
  2. [DGH+04]
    Dodis, Y., Gennaro, R., Håstad, J., Krawczyk, H., Rabin, T.: Randomness Extraction and Key Derivation Using the CBC, Cascade and HMAC Modes. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 494–510. Springer, Heidelberg (2004)Google Scholar
  3. [DGKM11]
    Dachman-Soled, D., Gennaro, R., Krawczyk, H., Malkin, T.: Computational extractors and pseudorandomness (2011), full version of this paper eprint.iacr.org/2011/708
  4. [GGKT05]
    Gennaro, R., Gertner, Y., Katz, J., Trevisan, L.: Bounds on the efficiency of generic cryptographic constructions. SIAM J. Comput. 35(1), 217–246 (2005)MathSciNetCrossRefMATHGoogle Scholar
  5. [GKR04]
    Gennaro, R., Krawczyk, H., Rabin, T.: Secure Hashed Diffie-Hellman over Non-DDH Groups. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 361–381. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  6. [Gol90]
    Goldreich, O.: A note on computational indistinguishability. Inf. Process. Lett. 34(6), 277–281 (1990)MathSciNetCrossRefMATHGoogle Scholar
  7. [HILL99]
    Håstad, J., Impagliazzo, R., Levin, L., Luby, M.: A pseudorandom generator from any one-way function. SIAM J. on Computing 28(4) (1999)Google Scholar
  8. [IR89]
    Impagliazzo, R., Rudich, S.: Limits on the provable consequences of one-way permutations. In: Proc. 21st Annual ACM Symposium on Theory of Computing (STOC), pp. 44–61 (1989)Google Scholar
  9. [IW97]
    Impagliazzo, R., Widgerson, A.: P = bpp unless e has subexponential circuits: derandomizing the xor lemma. In: Proceedings of the Twenty-Ninth Annual Symposium on Theory of Computing, pp. 220–229 (1997)Google Scholar
  10. [KLR09]
    Kalai, Y.T., Li, X., Rao, A.: 2-source extractors under computational assumptions and cryptography with defective randomness. In: FOCS, pp. 617–626 (2009)Google Scholar
  11. [Kra10]
    Krawczyk, H.: Cryptographic Extraction and Key Derivation: The HKDF Scheme. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 631–648. Springer, Heidelberg (2010)Google Scholar
  12. [NW88]
    Nisan, N., Wigderson, A.: Hardness vs. randomness. In: Proc. 29th IEEE Symposium on Foundations of Computer Science (FOCS), pp. 2–11. IEEE Computer Society Press (1988)Google Scholar
  13. [NZ96]
    Nisan, N., Zuckerman, D.: Randomness is linear in space. J. Comput. Syst. Sci. 52(1), 43–52 (1996)MathSciNetCrossRefMATHGoogle Scholar
  14. [Pie09]
    Pietrzak, K.: A Leakage-Resilient Mode of Operation. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 462–482. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  15. [RTS00]
    Radhakrishnan, J., Ta-Shma, A.: Bounds for dispersers, extractors, and depth-two superconcentrators. SIAM J. Discrete Math. 13(1), 2–24 (2000)MathSciNetCrossRefMATHGoogle Scholar
  16. [RTV04]
    Reingold, O., Trevisan, L., Vadhan, S.P.: Notions of Reducibility between Cryptographic Primitives. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 1–20. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  17. [Sha02]
    Shaltiel, R.: Recent developments in explicit constructions of extractors. Bulletin of the EATCS 77, 67–95 (2002)MathSciNetMATHGoogle Scholar
  18. [Tre01]
    Trevisan, L.: Extractors and pseudorandom generators. Journal of the ACM 48(4), 860–879 (2001)MathSciNetCrossRefMATHGoogle Scholar
  19. [TV00]
    Trevisan, L., Vadhan, S.P.: Extracting randomness from samplable distributions. In: FOCS, pp. 32–42 (2000)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Dana Dachman-Soled
    • 1
  • Rosario Gennaro
    • 2
  • Hugo Krawczyk
    • 3
  • Tal Malkin
    • 4
  1. 1.Microsoft Research NewEngland, USA
  2. 2.IBM ResearchUSA
  3. 3.IBM ResearchIsrael
  4. 4.Columbia UniversityUSA

Personalised recommendations