We study the two party problem of randomly selecting a common string among all the strings of length n. We want the protocol to have the property that the output distribution has high Shannon entropy or high min entropy, even when one of the two parties is dishonest and deviates from the protocol. We develop protocols that achieve high, close to n, Shannon entropy and simultaneously min entropy close to n/2. In the literature the randomness guarantee is usually expressed in terms of “resilience”. The notion of Shannon entropy is not directly comparable to that of resilience, but we establish a connection between the two that allows us to compare our protocols with the existing ones. We construct an explicit protocol that yields Shannon entropy $$n - O(1)$$ and has $$O(\log ^* n)$$ rounds, improving over the protocol of Goldreich et al. (SIAM J Comput 27: 506–544, 1998) that also achieves this entropy but needs O(n) rounds. Both these protocols need $$O(n^2)$$ bits of communication. Next we reduce the number of rounds and the length of communication in our protocols. We show the existence, non-explicitly, of a protocol that has 6 rounds, O(n) bits of communication and yields Shannon entropy $$n- O(\log n)$$ and min entropy $$n/2 - O(\log n)$$ . Our protocol achieves the same Shannon entropy bound as, also non-explicit, protocol of Gradwohl et al. (in: Dwork (ed) Advances in Cryptology—CRYPTO ‘06, 409–426, Technical Report , 2006), however achieves much higher min entropy: $$n/2 - O(\log n)$$ versus $$O(\log n)$$ . Finally we exhibit a very simple 3-round explicit “geometric” protocol with communication length O(n). We connect the security parameter of this protocol with the well studied Kakeya problem motivated by Harmonic Analysis and Analytic Number Theory. We prove that this protocol has Shannon entropy $$n-o(n)$$ . Its relation to the Kakeya problem follows a new and different approach to the random selection problem than any of the previously known protocols.

中文翻译：

---

高熵随机选择协议

我们研究了在所有长度为 n 的字符串中随机选择一个公共字符串的两方问题。我们希望协议具有输出分布具有高香农熵或高最小熵的特性，即使两方之一不诚实并偏离协议。我们开发的协议可以实现接近 n 的高香农熵和接近 n/2 的最小熵。在文献中，随机性保证通常用“弹性”来表示。香农熵的概念不能直接与弹性的概念相比较，但我们在两者之间建立了联系，使我们能够将我们的协议与现有的协议进行比较。我们构建了一个显式协议，该协议产生香农熵 $$n - O(1)$$ 并且具有 $$O(\log ^* n)$$ 轮，改进了 Goldreich 等人的协议。(SIAM J Comput 27: 506–544, 1998) 也实现了这个熵，但需要 O(n) 轮。这两种协议都需要 $$O(n^2)$$ 位的通信。接下来，我们减少协议中的轮数和通信长度。我们非明确地展示了一个协议的存在性，该协议具有 6 轮，O(n) 位通信并产生香农熵 $$n- O(\log n)$$ 和最小熵 $$n/2 - O (\log n)$$ 。我们的协议实现了与 Gradwohl 等人的非显式协议相同的香农熵边界。(in: Dwork (ed) Advances in Cryptology—CRYPTO '06, 409–426, Technical Report , 2006)，然而实现了更高的最小熵：$$n/2 - O(\log n)$$ vs $$O (\log n)$$ 。最后，我们展示了一个非常简单的 3 轮显式“几何”协议，通信长度为 O(n)。我们将此协议的安全参数与由谐波分析和解析数论激发的经过充分研究的 Kakeya 问题联系起来。我们证明该协议具有香农熵 $$no(n)$$ 。它与 Kakeya 问题的关系遵循一种新的和不同的随机选择问题方法，而不是任何先前已知的协议。