当前位置:
X-MOL 学术
›
SIAM J. Comput.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
Nonmalleable Extractors and Codes, with Their Many Tampered Extensions
SIAM Journal on Computing ( IF 1.2 ) Pub Date : 2020-10-20 , DOI: 10.1137/18m1176622 Eshan Chattopadhyay , Vipul Goyal , Xin Li
SIAM Journal on Computing ( IF 1.2 ) Pub Date : 2020-10-20 , DOI: 10.1137/18m1176622 Eshan Chattopadhyay , Vipul Goyal , Xin Li
SIAM Journal on Computing, Volume 49, Issue 5, Page 999-1040, January 2020.
Randomness extractors and error correcting codes are fundamental objects in computer science. Recently, there have been several natural generalizations of these objects, in the context and study of tamper-resilient cryptography. These are seeded nonmalleable extractors, introduced by Dodis and Wichs (STOC 2009); seedless nonmalleable extractors, introduced by Cheraghchi and Guruswami (TCC 2014); and nonmalleable codes, introduced by Dziembowski, Pietrzak, and Wichs (J. ACM, 2018). Besides being interesting on their own, they also have important applications in cryptography, e.g., privacy amplification with an active adversary, explicit nonmalleable codes, etc., and often have unexpected connections to their nontampered analogues. However, the known constructions are far behind their nontampered counterparts. Indeed, the best known seeded nonmalleable extractor requires min-entropy rate at least 0.49 [X. Li, in Proceedings of the 53rd Annual IEEE Symposium on Foundations of Computer Science, 2012, pp. 688--697], while explicit construction of nonmalleable two-source extractors was not known even if both sources have full min-entropy and was left as an open problem in [M. Cheraghchi and V. Guruswami, J. Cryptology, 30 (2017), pp. 191--241]. In this paper we make progress towards solving the above problems and other related generalizations. Our contributions are as follows: (i) We construct an explicit seeded nonmalleable extractor for min-entropy $k \geq \log^2 n$. This dramatically improves all previous results and gives a simpler two-round privacy amplification protocol with optimal entropy loss, matching the best known result in [X. Li, in Theory of Cryptography (TCC 2015), Springer, 2015, pp. 502--531]. In fact, we construct more general seeded nonmalleable extractors (that can handle multiple adversaries) which were used in the recent construction of explicit two-source extractors for polylogarithmic min-entropy [E. Chattopadhyay and D. Zuckerman, Ann. of Math. (2), 189 (2019), pp. 653--705]. (ii) We construct the first explicit nonmalleable two-source extractor for min-entropy $k \geq n-n^{\Omega(1)}$, with output size $n^{\Omega(1)}$ and error $2^{-n^{\Omega(1)}}$, thus resolving the open question in [M. Cheraghchi and V. Guruswami, J. Cryptology, 30 (2017), pp. 191--241]. (iii) We motivate and initiate the study of two natural generalizations of seedless nonmalleable extractors and nonmalleable codes, where the sources or the codeword may be tampered many times. For this, we construct the first explicit nonmalleable two-source extractor with tampering degree $t$ up to $n^{\Omega(1)}$. By using the connection in [M. Cheraghchi and V. Guruswami, J. Cryptology, 30 (2017), pp. 191--241] and providing efficient sampling algorithms, we obtain the first explicit nonmalleable codes with tampering degree $t$ up to $n^{\Omega(1)}$. We call these stronger notions one-many and many-many nonmalleable codes. This provides a stronger information theoretic analogue of a primitive known as continuous nonmalleable codes. Our basic technique used in all of our constructions can be seen as inspired, in part, by the techniques previously used to construct cryptographic nonmalleable commitments.
中文翻译:
不可篡改的提取器和代码,具有许多被篡改的扩展名
SIAM计算杂志,第49卷,第5期,第999-1040页,2020年1月。
随机性提取器和纠错码是计算机科学中的基本对象。最近,在防篡改密码学的背景下和研究中,这些对象已经有了几种自然概括。这些是种子播种的,由Dodis和Wichs引进(STOC 2009);Cheraghchi和Guruswami引进的无核非可摘提取器(TCC 2014); 和非恶意代码,由Dziembowski,Pietrzak和Wichs引入(J. ACM,2018)。除了它们本身很有趣之外,它们还在密码学中具有重要的应用,例如,具有主动对手的隐私放大,明确的不可恶意代码等,并且经常与它们的未篡改类似物有意外的联系。但是,已知的结构远远落后于其未篡改的结构。确实,最有名的播种不可剥皮的提取器要求最小熵率至少为0.49 [X. Li,在“第53届IEEE计算机科学基础年度研讨会论文集,2012,第688--697页”中,尽管未知的两源提取器的显式构造仍然未知,即使这两个源都具有完全的最小熵并且被留下。作为[M. Cheraghchi和V.Guruswami,J.Cryptology,30(2017),第191--241页]。在本文中,我们在解决上述问题和其他相关概括方面取得了进展。我们的贡献如下:(i)为最小熵$ k \ geq \ log ^ 2 n $构建一个显式种子的不可恶意提取器。这极大地改善了所有先前的结果,并提供了一种更简单的两轮隐私放大协议,具有最佳的熵损失,与[X. ,密码学理论(TCC 2015),施普林格,2015年,第502--531页]。实际上,我们构建了更通用的种子式非恶意提取器(可以处理多个对手),这些提取器最近用于多对数最小熵[E. Chattopadhyay和D.Zuckerman,Ann。数学。(2),189(2019),第653--705页]。(ii)我们为最小熵$ k \ geq nn ^ {\ Omega(1)} $构造第一个显式不可恶意的两源提取器,输出大小为$ n ^ {\ Omega(1)} $,错误为$ 2 ^ {-n ^ {\ Omega(1)}} $,从而解决了[M. Cheraghchi和V.Guruswami,J.Cryptology,30(2017),第191--241页]。(iii)我们激发并启动了对无种子的不可恶意提取程序和不可恶意代码的两种自然概括的研究,其中,源或代码字可能遭到多次篡改。为了这,我们构造了第一个显式不可篡改的两源提取器,其篡改程度为$ t $至$ n ^ {\ Omega(1)} $。通过使用[M. Cheraghchi and V. Guruswami,J. Cryptology,30(2017),pp。191--241],并提供有效的采样算法,我们获得了第一个显式的不可篡改代码,篡改度为$ t $至$ n ^ {\ Omega( 1)} $。我们将这些更强的概念称为一对和许多不可篡改的代码。这提供了被称为连续不可恶意代码的原语的更强的信息理论模拟。我们在所有构造中使用的基本技术都可以看作是部分地受到以前用于构造密码不可篡改承诺的技术的启发。Cheraghchi and V. Guruswami,J. Cryptology,30(2017),pp。191--241],并提供有效的采样算法,我们获得了第一个显式的不可篡改代码,篡改度为$ t $至$ n ^ {\ Omega( 1)} $。我们将这些更强的概念称为一对和许多不可篡改的代码。这提供了被称为连续不可恶意代码的原语的更强的信息理论模拟。我们在所有构造中使用的基本技术都可以看作是部分地受到以前用于构造密码不可篡改承诺的技术的启发。Cheraghchi and V. Guruswami,J. Cryptology,30(2017),pp。191--241],并提供有效的采样算法,我们获得了第一个显式的不可篡改代码,篡改度为$ t $至$ n ^ {\ Omega( 1)} $。我们将这些更强的概念称为一对和许多不可篡改的代码。这提供了被称为连续不可恶意代码的原语的更强的信息理论模拟。我们在所有构造中使用的基本技术都可以看作是部分地受到以前用于构造密码不可篡改承诺的技术的启发。这提供了被称为连续不可恶意代码的原语的更强的信息理论模拟。我们在所有构造中使用的基本技术都可以看作是部分地受到以前用于构造密码不可篡改承诺的技术的启发。这提供了被称为连续不可恶意代码的原语的更强的信息理论模拟。我们在所有构造中使用的基本技术都可以看作是部分地受到以前用于构造密码不可篡改承诺的技术的启发。
更新日期:2020-11-12
Randomness extractors and error correcting codes are fundamental objects in computer science. Recently, there have been several natural generalizations of these objects, in the context and study of tamper-resilient cryptography. These are seeded nonmalleable extractors, introduced by Dodis and Wichs (STOC 2009); seedless nonmalleable extractors, introduced by Cheraghchi and Guruswami (TCC 2014); and nonmalleable codes, introduced by Dziembowski, Pietrzak, and Wichs (J. ACM, 2018). Besides being interesting on their own, they also have important applications in cryptography, e.g., privacy amplification with an active adversary, explicit nonmalleable codes, etc., and often have unexpected connections to their nontampered analogues. However, the known constructions are far behind their nontampered counterparts. Indeed, the best known seeded nonmalleable extractor requires min-entropy rate at least 0.49 [X. Li, in Proceedings of the 53rd Annual IEEE Symposium on Foundations of Computer Science, 2012, pp. 688--697], while explicit construction of nonmalleable two-source extractors was not known even if both sources have full min-entropy and was left as an open problem in [M. Cheraghchi and V. Guruswami, J. Cryptology, 30 (2017), pp. 191--241]. In this paper we make progress towards solving the above problems and other related generalizations. Our contributions are as follows: (i) We construct an explicit seeded nonmalleable extractor for min-entropy $k \geq \log^2 n$. This dramatically improves all previous results and gives a simpler two-round privacy amplification protocol with optimal entropy loss, matching the best known result in [X. Li, in Theory of Cryptography (TCC 2015), Springer, 2015, pp. 502--531]. In fact, we construct more general seeded nonmalleable extractors (that can handle multiple adversaries) which were used in the recent construction of explicit two-source extractors for polylogarithmic min-entropy [E. Chattopadhyay and D. Zuckerman, Ann. of Math. (2), 189 (2019), pp. 653--705]. (ii) We construct the first explicit nonmalleable two-source extractor for min-entropy $k \geq n-n^{\Omega(1)}$, with output size $n^{\Omega(1)}$ and error $2^{-n^{\Omega(1)}}$, thus resolving the open question in [M. Cheraghchi and V. Guruswami, J. Cryptology, 30 (2017), pp. 191--241]. (iii) We motivate and initiate the study of two natural generalizations of seedless nonmalleable extractors and nonmalleable codes, where the sources or the codeword may be tampered many times. For this, we construct the first explicit nonmalleable two-source extractor with tampering degree $t$ up to $n^{\Omega(1)}$. By using the connection in [M. Cheraghchi and V. Guruswami, J. Cryptology, 30 (2017), pp. 191--241] and providing efficient sampling algorithms, we obtain the first explicit nonmalleable codes with tampering degree $t$ up to $n^{\Omega(1)}$. We call these stronger notions one-many and many-many nonmalleable codes. This provides a stronger information theoretic analogue of a primitive known as continuous nonmalleable codes. Our basic technique used in all of our constructions can be seen as inspired, in part, by the techniques previously used to construct cryptographic nonmalleable commitments.
中文翻译:
不可篡改的提取器和代码,具有许多被篡改的扩展名
SIAM计算杂志,第49卷,第5期,第999-1040页,2020年1月。
随机性提取器和纠错码是计算机科学中的基本对象。最近,在防篡改密码学的背景下和研究中,这些对象已经有了几种自然概括。这些是种子播种的,由Dodis和Wichs引进(STOC 2009);Cheraghchi和Guruswami引进的无核非可摘提取器(TCC 2014); 和非恶意代码,由Dziembowski,Pietrzak和Wichs引入(J. ACM,2018)。除了它们本身很有趣之外,它们还在密码学中具有重要的应用,例如,具有主动对手的隐私放大,明确的不可恶意代码等,并且经常与它们的未篡改类似物有意外的联系。但是,已知的结构远远落后于其未篡改的结构。确实,最有名的播种不可剥皮的提取器要求最小熵率至少为0.49 [X. Li,在“第53届IEEE计算机科学基础年度研讨会论文集,2012,第688--697页”中,尽管未知的两源提取器的显式构造仍然未知,即使这两个源都具有完全的最小熵并且被留下。作为[M. Cheraghchi和V.Guruswami,J.Cryptology,30(2017),第191--241页]。在本文中,我们在解决上述问题和其他相关概括方面取得了进展。我们的贡献如下:(i)为最小熵$ k \ geq \ log ^ 2 n $构建一个显式种子的不可恶意提取器。这极大地改善了所有先前的结果,并提供了一种更简单的两轮隐私放大协议,具有最佳的熵损失,与[X. ,密码学理论(TCC 2015),施普林格,2015年,第502--531页]。实际上,我们构建了更通用的种子式非恶意提取器(可以处理多个对手),这些提取器最近用于多对数最小熵[E. Chattopadhyay和D.Zuckerman,Ann。数学。(2),189(2019),第653--705页]。(ii)我们为最小熵$ k \ geq nn ^ {\ Omega(1)} $构造第一个显式不可恶意的两源提取器,输出大小为$ n ^ {\ Omega(1)} $,错误为$ 2 ^ {-n ^ {\ Omega(1)}} $,从而解决了[M. Cheraghchi和V.Guruswami,J.Cryptology,30(2017),第191--241页]。(iii)我们激发并启动了对无种子的不可恶意提取程序和不可恶意代码的两种自然概括的研究,其中,源或代码字可能遭到多次篡改。为了这,我们构造了第一个显式不可篡改的两源提取器,其篡改程度为$ t $至$ n ^ {\ Omega(1)} $。通过使用[M. Cheraghchi and V. Guruswami,J. Cryptology,30(2017),pp。191--241],并提供有效的采样算法,我们获得了第一个显式的不可篡改代码,篡改度为$ t $至$ n ^ {\ Omega( 1)} $。我们将这些更强的概念称为一对和许多不可篡改的代码。这提供了被称为连续不可恶意代码的原语的更强的信息理论模拟。我们在所有构造中使用的基本技术都可以看作是部分地受到以前用于构造密码不可篡改承诺的技术的启发。Cheraghchi and V. Guruswami,J. Cryptology,30(2017),pp。191--241],并提供有效的采样算法,我们获得了第一个显式的不可篡改代码,篡改度为$ t $至$ n ^ {\ Omega( 1)} $。我们将这些更强的概念称为一对和许多不可篡改的代码。这提供了被称为连续不可恶意代码的原语的更强的信息理论模拟。我们在所有构造中使用的基本技术都可以看作是部分地受到以前用于构造密码不可篡改承诺的技术的启发。Cheraghchi and V. Guruswami,J. Cryptology,30(2017),pp。191--241],并提供有效的采样算法,我们获得了第一个显式的不可篡改代码,篡改度为$ t $至$ n ^ {\ Omega( 1)} $。我们将这些更强的概念称为一对和许多不可篡改的代码。这提供了被称为连续不可恶意代码的原语的更强的信息理论模拟。我们在所有构造中使用的基本技术都可以看作是部分地受到以前用于构造密码不可篡改承诺的技术的启发。这提供了被称为连续不可恶意代码的原语的更强的信息理论模拟。我们在所有构造中使用的基本技术都可以看作是部分地受到以前用于构造密码不可篡改承诺的技术的启发。这提供了被称为连续不可恶意代码的原语的更强的信息理论模拟。我们在所有构造中使用的基本技术都可以看作是部分地受到以前用于构造密码不可篡改承诺的技术的启发。
京公网安备 11010802027423号