当前位置:
X-MOL 学术
›
arXiv.cs.CR
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
On the Efficient Estimation of Min-Entropy
arXiv - CS - Cryptography and Security Pub Date : 2020-09-21 , DOI: arxiv-2009.09570 Yongjune Kim, Cyril Guyot, Young-Sik Kim
arXiv - CS - Cryptography and Security Pub Date : 2020-09-21 , DOI: arxiv-2009.09570 Yongjune Kim, Cyril Guyot, Young-Sik Kim
The min-entropy is an important metric to quantify randomness of generated
random numbers in cryptographic applications; it measures the difficulty of
guessing the most-likely output. One of the important min-entropy estimator is
the compression estimator of NIST Special Publication (SP) 800-90B, which
relies on Maurer's universal test. In this paper, we propose two kinds of
min-entropy estimators to improve computational complexity and estimation
accuracy by leveraging two variations of Maurer's test: Coron's test (for
Shannon entropy) and Kim's test (for Renyi entropy). First, we propose a
min-entropy estimator based on Coron's test which is computationally efficient
than the compression estimator while maintaining the estimation accuracy. The
secondly proposed estimator relies on Kim's test that computes the Renyi
entropy. This proposed estimator improves estimation accuracy as well as
computational complexity. We analytically characterize an interesting trade-off
relation between theoretical gap of accuracy and variance of min-entropy
estimates, which depends on the order of Renyi entropy. By taking into account
this trade-off relation, we observe that the order of two is a proper
assignment since the proposed estimator based on the collision entropy (i.e.,
the Renyi entropy of order two) provides the most accurate estimates. Moreover,
the proposed estimator based on the collision entropy has a closed-form
solution whereas both the compression estimator and the proposed estimator
based on Coron's test do not have closed-from solutions. Numerical evaluations
demonstrate that the first proposed estimator achieves the same accuracy as the
compression estimator with much less computations. Moreover, the second
estimator can even improve the accuracy as well as reduce the computational
complexity.
中文翻译:
关于最小熵的有效估计
最小熵是量化密码应用中生成的随机数的随机性的重要指标;它衡量猜测最可能的输出的难度。重要的最小熵估计器之一是 NIST Special Publication (SP) 800-90B 的压缩估计器,它依赖于 Maurer 的通用测试。在本文中,我们提出了两种最小熵估计器,以通过利用 Maurer 检验的两种变体来提高计算复杂度和估计精度:Coron 检验(针对香农熵)和 Kim 检验(针对 Renyi 熵)。首先,我们提出了一个基于 Coron 测试的最小熵估计器,它在保持估计精度的同时比压缩估计器计算效率更高。第二个提议的估计器依赖于 Kim' s 计算 Renyi 熵的检验。这个提议的估计器提高了估计精度以及计算复杂度。我们分析了准确度的理论差距和最小熵估计的方差之间的有趣权衡关系,这取决于 Renyi 熵的阶数。通过考虑这种权衡关系,我们观察到二阶是适当的分配,因为基于碰撞熵(即二阶 Renyi 熵)的建议估计量提供了最准确的估计。此外,基于碰撞熵的建议估计器具有封闭形式的解,而压缩估计器和基于 Coron 测试的建议估计器都没有封闭解。数值评估表明,第一个提议的估计器以更少的计算实现了与压缩估计器相同的精度。此外,第二个估计器甚至可以提高准确性并降低计算复杂度。
更新日期:2020-09-22
中文翻译:
关于最小熵的有效估计
最小熵是量化密码应用中生成的随机数的随机性的重要指标;它衡量猜测最可能的输出的难度。重要的最小熵估计器之一是 NIST Special Publication (SP) 800-90B 的压缩估计器,它依赖于 Maurer 的通用测试。在本文中,我们提出了两种最小熵估计器,以通过利用 Maurer 检验的两种变体来提高计算复杂度和估计精度:Coron 检验(针对香农熵)和 Kim 检验(针对 Renyi 熵)。首先,我们提出了一个基于 Coron 测试的最小熵估计器,它在保持估计精度的同时比压缩估计器计算效率更高。第二个提议的估计器依赖于 Kim' s 计算 Renyi 熵的检验。这个提议的估计器提高了估计精度以及计算复杂度。我们分析了准确度的理论差距和最小熵估计的方差之间的有趣权衡关系,这取决于 Renyi 熵的阶数。通过考虑这种权衡关系,我们观察到二阶是适当的分配,因为基于碰撞熵(即二阶 Renyi 熵)的建议估计量提供了最准确的估计。此外,基于碰撞熵的建议估计器具有封闭形式的解,而压缩估计器和基于 Coron 测试的建议估计器都没有封闭解。数值评估表明,第一个提议的估计器以更少的计算实现了与压缩估计器相同的精度。此外,第二个估计器甚至可以提高准确性并降低计算复杂度。
京公网安备 11010802027423号