Paper 2019/1339

Extracting Randomness from Extractor-Dependent Sources

Yevgeniy Dodis, Vinod Vaikuntanathan, and Daniel Wichs

Abstract

We revisit the well-studied problem of extracting nearly uniform randomness from an arbitrary source of sufficient min-entropy. Strong seeded extractors solve this problem by relying on a public random seed, which is unknown to the source. Here, we consider a setting where the seed is reused over time and the source may depend on prior calls to the extractor with the same seed. Can we still extract nearly uniform randomness? In more detail, we assume the seed is chosen randomly, but the source can make arbitrary oracle queries to the extractor with the given seed before outputting a sample. We require that the sample has entropy and differs from any of the previously queried values. The extracted output should look uniform even to a distinguisher that gets the seed. We consider two variants of the problem, depending on whether the source only outputs the sample, or whether it can also output some correlated public auxiliary information that preserves the sample's entropy. Our results are: * Without Auxiliary Information: We show that every pseudo-random function (PRF) with a sufficiently high security level is a good extractor in this setting, even if the distinguisher is computationally unbounded. We further show that the source necessarily needs to be computationally bounded and that such extractors imply one-way functions. * With Auxiliary Information: We construct secure extractors in this setting, as long as both the source and the distinguisher are computationally bounded. We give several constructions based on different intermediate primitives, yielding instantiations based on the DDH, DLIN, LWE or DCR assumptions. On the negative side, we show that one cannot prove security against computationally unbounded distinguishers in this setting under any standard assumption via a black-box reduction. Furthermore, even when restricting to computationally bounded distinguishers, we show that there exist PRFs that are insecure as extractors in this setting and that a large class of constructions cannot be proven secure via a black-box reduction from standard assumptions.

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
A minor revision of an IACR publication in EUROCRYPT 2020
Keywords
Randomness Extractors
Contact author(s)
wichs @ ccs neu edu
dodis @ cs nyu edu
vinod nathan @ gmail com
History
2020-02-19: revised
2019-11-22: received
See all versions
Short URL
https://ia.cr/2019/1339
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/1339,
      author = {Yevgeniy Dodis and Vinod Vaikuntanathan and Daniel Wichs},
      title = {Extracting Randomness from Extractor-Dependent Sources},
      howpublished = {Cryptology ePrint Archive, Paper 2019/1339},
      year = {2019},
      note = {\url{https://eprint.iacr.org/2019/1339}},
      url = {https://eprint.iacr.org/2019/1339}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.