Randomness Condensers for Efficiently Samplable, Seed-Dependent Sources

  • Yevgeniy Dodis
  • Thomas Ristenpart
  • Salil Vadhan
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7194)


We initiate a study of randomness condensers for sources that are efficiently samplable but may depend on the seed of the condenser. That is, we seek functions Cond : {0,1} n ×{0,1} d  → {0,1} m such that if we choose a random seed S ← {0,1} d , and a source \(X={\mathcal A}(S)\) is generated by a randomized circuit \(\mathcal A\) of size t such that X has min-entropy at least k given S, then Cond(X;S) should have min-entropy at least some k′ given S. The distinction from the standard notion of randomness condensers is that the source X may be correlated with the seed S (but is restricted to be efficiently samplable). Randomness extractors of this type (corresponding to the special case where k′ = m) have been implicitly studied in the past (by Trevisan and Vadhan, FOCS ‘00).

We show that:

  • Unlike extractors, we can have randomness condensers for samplable, seed-dependent sources whose computational complexity is smaller than the size t of the adversarial sampling algorithm \(\mathcal A\). Indeed, we show that sufficiently strong collision-resistant hash functions are seed-dependent condensers that produce outputs with min-entropy \(k' = m - {\mathcal O}(\log t)\), i.e. logarithmic entropy deficiency.

  • Randomness condensers suffice for key derivation in many cryptographic applications: when an adversary has negligible success probability (or negligible “squared advantage” [3]) for a uniformly random key, we can use instead a key generated by a condenser whose output has logarithmic entropy deficiency.

  • Randomness condensers for seed-dependent samplable sources that are robust to side information generated by the sampling algorithm imply soundness of the Fiat-Shamir Heuristic when applied to any constant-round, public-coin interactive proof system.


Hash Function Side Information Proof System Random Oracle Random Oracle Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Aiello, W., Bhatt, S.N., Ostrovsky, R., Rajagopalan, S.: Fast Verification of Any Remote Procedure Call: Short Witness-Indistinguishable One-Round Proofs for NP. In: Montanari, U., Rolim, J.D.P., Welzl, E. (eds.) ICALP 2000. LNCS, vol. 1853, pp. 463–474. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  2. 2.
    Barak, B.: How to go beyond the black-box simulation barrier. In: 42nd Annual Symposium on Foundations of Computer Science, pp. 106–115. IEEE, Las Vegas (2001), preliminary full version Google Scholar
  3. 3.
    Barak, B., Dodis, Y., Krawczyk, H., Pereira, O., Pietrzak, K., Standaert, F.-X., Yu, Y.: Leftover Hash Lemma, Revisited. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 1–20. Springer, Heidelberg (2011)Google Scholar
  4. 4.
    Barak, B., Lindell, Y., Vadhan, S.: Lower bounds for non-black-box zero knowledge. Journal of Computer and System Sciences 72(2), 321–391 (2006), special Issue on FOCS 2003 MathSciNetCrossRefzbMATHGoogle Scholar
  5. 5.
    Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: Denning, D., Pyle, R., Ganesan, R., Sandhu, R., Ashby, V. (eds.) First ACM Conference on Computer and Communication Security, November 3-5, pp. 62–73. ACM (1993)Google Scholar
  6. 6.
    Blum, M.: Coin flipping by telephone. In: Proc. 1982 IEEE COMPCON, High Technology in the Information Age, pp. 133–137 (1982)Google Scholar
  7. 7.
    Capalbo, M., Reingold, O., Vadhan, S., Wigderson, A.: Randomness conductors and constant-degree lossless expanders. In: 34th Annual ACM Symposium on Theory of Computing (STOC 2002), pp. 659–668. ACM, Montréal (2002); joint session with CCC 2002 CrossRefGoogle Scholar
  8. 8.
    Chor, B., Goldreich, O.: Unbiased bits from sources of weak randomness and probabilistic communication complexity. SIAM Journal on Computing 17(2), 230–261 (1988)MathSciNetCrossRefzbMATHGoogle Scholar
  9. 9.
    Chor, B., Goldreich, O., Håstad, J., Friedman, J., Rudich, S., Smolensky, R.: The bit extraction problem or t-resilient functions. In: Proceedings of the 26th IEEE Symposium on Foundation of Computer Science, pp. 396–407 (1985)Google Scholar
  10. 10.
    Cramer, R., Damgård, I., Schoenmakers, B.: Proof of Partial Knowledge and Simplified Design of Witness Hiding Protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174–187. Springer, Heidelberg (1994)Google Scholar
  11. 11.
    Dodis, Y., Elbaz, A., Oliveira, R., Raz, R.: Improved Randomness Extraction from Two Independent Sources. In: Jansen, K., Khanna, S., Rolim, J.D.P., Ron, D. (eds.) APPROX 2004 and RANDOM 2004. LNCS, vol. 3122, pp. 334–344. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  12. 12.
    Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. SIAM Journal on Computing 38(1), 97–139 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  13. 13.
    Dodis, Y., Ristenpart, T., Vadhan, S.: Randomness condensers for efficiently samplable, seed-dependent sources, full version of this paper. Available from authors’ websitesGoogle Scholar
  14. 14.
    Dwork, C., Naor, M., Reingold, O., Stockmeyer, L.: Magic functions. In: 40th Annual Symposium on Foundations of Computer Science, pp. 523–534. IEEE, New York (1999)Google Scholar
  15. 15.
    Fiat, A., Shamir, A.: How to Prove Yourself: Practical Solutions to Identification and Signature Problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)Google Scholar
  16. 16.
    Goldreich, O., Krawczyk, H.: On the composition of zero-knowledge proof systems. SIAM Journal on Computing 25(1), 169–192 (1996)MathSciNetCrossRefzbMATHGoogle Scholar
  17. 17.
    Goldwasser, S., Kalai, Y.T.: On the (in)security of the Fiat-Shamir paradigm. In: 44th Annual Symposium on Foundations of Computer Science, pp. 102–113. IEEE, Cambridge (2003)CrossRefGoogle Scholar
  18. 18.
    Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM Journal on Computing 18, 186–208 (1989)MathSciNetCrossRefzbMATHGoogle Scholar
  19. 19.
    Guillou, L.C., Quisquater, J.-J.: A “Paradoxical” Identity-Based Signature Scheme Resulting from Zero-Knowledge. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 216–231. Springer, Heidelberg (1990)Google Scholar
  20. 20.
    Guruswami, V., Umans, C., Vadhan, S.P.: Unbalanced expanders and randomness extractors from parvaresh–vardy codes. J. ACM 56(4) (2009)Google Scholar
  21. 21.
    Gutterman, Z., Pinkas, B., Reinman, T.: Analysis of the linux random number generator. In: 27th IEEE Symposium on Security and Privacy, pp. 371–385. IEEE Computer Society (2006)Google Scholar
  22. 22.
    Kalai, Y.T., Raz, R.: Probabilistically Checkable Arguments. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 143–159. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  23. 23.
    Kamp, J., Rao, A., Vadhan, S.P., Zuckerman, D.: Deterministic extractors for small-space sources. In: Kleinberg, J.M. (ed.) STOC, May 21-23, pp. 691–700. ACM, Seattle (2006)Google Scholar
  24. 24.
    Koenig, R., Maurer, U.: Extracting randomness from generalized symbol-fixing and Markov sources. In: Proceedings of 2004 IEEE International Symposium on Information Theory, p. 232 (June 2004)Google Scholar
  25. 25.
    Koenig, R., Maurer, U.: Generalized Strong Extractors and Deterministic Privacy Amplification. In: Smart, N.P. (ed.) Cryptography and Coding 2005. LNCS, vol. 3796, pp. 322–339. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  26. 26.
    Lichtenstein, D., Linial, N., Saks, M.: Some extremal problems arising from discrete control processes. Combinatorica 9(3), 269–287 (1989)MathSciNetCrossRefzbMATHGoogle Scholar
  27. 27.
    Nisan, N., Zuckerman, D.: Randomness is linear in space. Journal of Computer and System Sciences 52(1), 43–53 (1996)MathSciNetCrossRefzbMATHGoogle Scholar
  28. 28.
    Raz, R., Reingold, O.: On recycling the randomness of states in space bounded computation. In: Annual ACM Symposium on Theory of Computing, Atlanta, GA, pp. 159–168 (electronic). ACM, New York (1999), Google Scholar
  29. 29.
    Reingold, O., Shaltiel, R., Wigderson, A.: Extracting randomness via repeated condensing. SIAM Journal on Computing 35(5), 1185–1209 (electronic) (2006), MathSciNetCrossRefzbMATHGoogle Scholar
  30. 30.
    Santha, M., Vazirani, U.V.: Generating quasi-random sequences from semi-random sources. J. Comput. Syst. Sci. 33(1), 75–87 (1986)MathSciNetCrossRefzbMATHGoogle Scholar
  31. 31.
    Schnorr, C.P.: Efficient signature generation by smart cards. Journal of Cryptology 4(3), 161–174 (1991)MathSciNetCrossRefzbMATHGoogle Scholar
  32. 32.
    Shamir, A., Tauman, Y.: Improved Online/Offline Signature Schemes. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 355–367. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  33. 33.
    Ta-Shma, A., Umans, C., Zuckerman, D.: Lossless condensers, unbalanced expanders, and extractors. Combinatorica 27(2), 213–240 (2007), MathSciNetCrossRefzbMATHGoogle Scholar
  34. 34.
    Trevisan, L., Vadhan, S.: Extracting randomness from samplable distributions. In: 41st Annual Symposium on Foundations of Computer Science, pp. 32–42. IEEE, Redondo Beach (2000)Google Scholar
  35. 35.
    Viola, E.: Extractors for circuit sources. In: IEEE Symposium on Foundations of Computer Science, FOCS (2011)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Yevgeniy Dodis
    • 1
  • Thomas Ristenpart
    • 2
  • Salil Vadhan
    • 3
  1. 1.New York UniversityUSA
  2. 2.University of Wisconsin-MadisonUSA
  3. 3.Harvard UniversityUSA

Personalised recommendations