基于字符和的隐私放大和非延展性提取器

Y. Dodis, Xin Li, T. Wooley, David Zuckerman
{"title":"基于字符和的隐私放大和非延展性提取器","authors":"Y. Dodis, Xin Li, T. Wooley, David Zuckerman","doi":"10.1137/120868414","DOIUrl":null,"url":null,"abstract":"In studying how to communicate over a public channel with an active adversary, Dodis and Wichs introduced the notion of a non-malleable extractor. A non-malleable extractor dramatically strengthens the notion of a strong extractor. A strong extractor takes two inputs, a weakly-random $x$ and a uniformly random seed $y$, and outputs a string which appears uniform, even given $y$. For a non-malleable extractor $\\nm$, the output $\\nm(x,y)$ should appear uniform given $y$ as well as $\\nm(x,\\adv(y))$, where $\\adv$ is an arbitrary function with $\\adv(y) \\neq y$. We show that an extractor introduced by Chor and Gold reich is non-malleable when the entropy rate is above half. It outputs a linear number of bits when the entropy rate is $1/2 + \\alpha$, for any $\\alpha>0$. Previously, no nontrivial parameters were known for any non-malleable extractor. To achieve a polynomial running time when outputting many bits, we rely on a widely-believed conjecture about the distribution of prime numbers in arithmetic progressions. Our analysis involves a character sum estimate, which may be of independent interest. Using our non-malleable extractor, we obtain protocols for ``privacy amplification & quot;: key agreement between two parties who share a weakly-random secret. Our protocols work in the presence of an active adversary with unlimited computational power, and have asymptotically optimal entropy loss. When the secret has entropy rate greater than $1/2$, the protocol follows from a result of Dodis and Wichs, and takes two rounds. When the secret has entropy rate $\\delta$ for any constant~$\\delta>0$, our new protocol takes a constant (polynomial in $1/\\delta$) number of rounds. Our protocols run in polynomial time under the above well-known conjecture about primes.","PeriodicalId":326048,"journal":{"name":"2011 IEEE 52nd Annual Symposium on Foundations of Computer Science","volume":"126 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-02-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"72","resultStr":"{\"title\":\"Privacy Amplification and Non-malleable Extractors via Character Sums\",\"authors\":\"Y. Dodis, Xin Li, T. Wooley, David Zuckerman\",\"doi\":\"10.1137/120868414\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In studying how to communicate over a public channel with an active adversary, Dodis and Wichs introduced the notion of a non-malleable extractor. A non-malleable extractor dramatically strengthens the notion of a strong extractor. A strong extractor takes two inputs, a weakly-random $x$ and a uniformly random seed $y$, and outputs a string which appears uniform, even given $y$. For a non-malleable extractor $\\\\nm$, the output $\\\\nm(x,y)$ should appear uniform given $y$ as well as $\\\\nm(x,\\\\adv(y))$, where $\\\\adv$ is an arbitrary function with $\\\\adv(y) \\\\neq y$. We show that an extractor introduced by Chor and Gold reich is non-malleable when the entropy rate is above half. It outputs a linear number of bits when the entropy rate is $1/2 + \\\\alpha$, for any $\\\\alpha>0$. Previously, no nontrivial parameters were known for any non-malleable extractor. To achieve a polynomial running time when outputting many bits, we rely on a widely-believed conjecture about the distribution of prime numbers in arithmetic progressions. Our analysis involves a character sum estimate, which may be of independent interest. Using our non-malleable extractor, we obtain protocols for ``privacy amplification & quot;: key agreement between two parties who share a weakly-random secret. Our protocols work in the presence of an active adversary with unlimited computational power, and have asymptotically optimal entropy loss. When the secret has entropy rate greater than $1/2$, the protocol follows from a result of Dodis and Wichs, and takes two rounds. When the secret has entropy rate $\\\\delta$ for any constant~$\\\\delta>0$, our new protocol takes a constant (polynomial in $1/\\\\delta$) number of rounds. Our protocols run in polynomial time under the above well-known conjecture about primes.\",\"PeriodicalId\":326048,\"journal\":{\"name\":\"2011 IEEE 52nd Annual Symposium on Foundations of Computer Science\",\"volume\":\"126 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-02-26\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"72\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 IEEE 52nd Annual Symposium on Foundations of Computer Science\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1137/120868414\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 IEEE 52nd Annual Symposium on Foundations of Computer Science","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1137/120868414","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 72

摘要

在研究如何通过公共通道与活跃的对手进行通信时,多迪斯和威克斯引入了不可延展性提取器的概念。非延展性萃取器大大加强了强萃取器的概念。强提取器接受两个输入,一个弱随机$x$和一个均匀随机种子$y$,并输出一个看起来均匀的字符串,即使给定$y$。对于不可延展性提取器$\nm$,在给定$y$和$\nm(x,\adv(y))$的情况下,输出$\nm(x,y)$应该是一致的,其中$\adv$是带有$\adv(y) \neq y$的任意函数。我们证明了Chor和Gold reich引入的提取器在熵率大于一半时是不可延展性的。对于任意$\alpha>0$,当熵率为$1/2 + \alpha$时,它输出一个线性位数。以前,对于任何非延展性提取器,没有已知的重要参数。为了在输出多个比特时实现多项式的运行时间,我们依赖于一个关于等差数列中素数分布的普遍猜想。我们的分析涉及一个特征和估计,这可能是独立的兴趣。使用我们的不可延展性提取器,我们获得了共享弱随机秘密的双方之间的“隐私放大”密钥协议。我们的协议在具有无限计算能力的活跃对手存在的情况下工作,并且具有渐近最优熵损失。当秘密的熵率大于$1/2$时,协议遵循Dodis和Wichs的结果,并进行两轮。当秘密对于任意常数$\delta>0$具有熵率$\delta$时,我们的新协议采用常数($1/\delta$中的多项式)轮数。在上述素数猜想下,我们的协议在多项式时间内运行。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Privacy Amplification and Non-malleable Extractors via Character Sums
In studying how to communicate over a public channel with an active adversary, Dodis and Wichs introduced the notion of a non-malleable extractor. A non-malleable extractor dramatically strengthens the notion of a strong extractor. A strong extractor takes two inputs, a weakly-random $x$ and a uniformly random seed $y$, and outputs a string which appears uniform, even given $y$. For a non-malleable extractor $\nm$, the output $\nm(x,y)$ should appear uniform given $y$ as well as $\nm(x,\adv(y))$, where $\adv$ is an arbitrary function with $\adv(y) \neq y$. We show that an extractor introduced by Chor and Gold reich is non-malleable when the entropy rate is above half. It outputs a linear number of bits when the entropy rate is $1/2 + \alpha$, for any $\alpha>0$. Previously, no nontrivial parameters were known for any non-malleable extractor. To achieve a polynomial running time when outputting many bits, we rely on a widely-believed conjecture about the distribution of prime numbers in arithmetic progressions. Our analysis involves a character sum estimate, which may be of independent interest. Using our non-malleable extractor, we obtain protocols for ``privacy amplification & quot;: key agreement between two parties who share a weakly-random secret. Our protocols work in the presence of an active adversary with unlimited computational power, and have asymptotically optimal entropy loss. When the secret has entropy rate greater than $1/2$, the protocol follows from a result of Dodis and Wichs, and takes two rounds. When the secret has entropy rate $\delta$ for any constant~$\delta>0$, our new protocol takes a constant (polynomial in $1/\delta$) number of rounds. Our protocols run in polynomial time under the above well-known conjecture about primes.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
A Randomized Rounding Approach to the Traveling Salesman Problem Welfare and Profit Maximization with Production Costs Which Networks are Least Susceptible to Cascading Failures? Computing Blindfolded: New Developments in Fully Homomorphic Encryption The 1D Area Law and the Complexity of Quantum States: A Combinatorial Approach
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1