how to extract useful randomness from unreliable sources
play

How to extract useful randomness from unreliable sources Divesh - PowerPoint PPT Presentation

Oct 14, 2022 •531 likes •782 views

How to extract useful randomness from unreliable sources Divesh Aggarwal Maciej Obremski Joo Ribeiro Luisa Siniscalchi Ivan Visconti University of Salerno CQT & National University of Singapore Imperial College London University of

  1. How to extract useful randomness from unreliable sources Divesh Aggarwal Maciej Obremski João Ribeiro Luisa Siniscalchi Ivan Visconti University of Salerno CQT & National University of Singapore Imperial College London University of Salerno → Aarhus University Eurocrypt 2020

  2. Randomness and cryptography Perfect Cryptography randomness In practice, randomness sources are not perfect! Weaker assumption: min-entropy lower bound bits of min-entropy

  3. Randomness extraction bits of min-entropy Ext (Ideally) IMPOSSIBLE! (arbitrary weak k-source) (statistically close to uniform) Multi-source extraction: combine several independent weak sources (e.g., sampled from di ff erent devices/locations)

  4. Multi-source randomness extraction + independence Need to trust several devices at di ff erent locations! (especially when dealing with public randomness!) What happens if some sources are corrupted?

  5. SHELA sources: Multi-source randomness extraction without trust -SHELA source: S omewhere- H onest E ntropic L ook A head 1. Adversary chooses blocks to corrupt

  6. SHELA sources: Multi-source randomness extraction without trust -SHELA source: S omewhere- H onest E ntropic L ook A head 1. Adversary chooses blocks to corrupt 2. Adversary fixes corrupted block based on previous samples Adversary knows positions and distributions of honest blocks Honest ’s are independent of each other and satisfy

  7. Some other adversarial source models Old: Santha-Vazirani sources Bit-fixing sources [Dodis 2001]: Bias-control limited sources Recent: [Austrin, Chung, Mahmoody, Pass, Seth 2014]: p-tampering attacks [Bentov, Gabizon, Zuckerman 2016]: p-resettable sources [Chattopadhyay, Goodman, Goyal, Li 2019]: Multi sources w/ local dependence [Dodis, Vaikuntanathan, Wichs 2019]: Extractor-dependent sources [Ball, Goldreich, Malkin 2019]: Somewhat-dependent sources

  8. Can we extract perfect randomness from SHELA sources? No Regime of interest: (constant fraction of corruptions), larger than some constant impossibility for impossibility for SHELA sources p-resettable sources must have error [Bentov, Gabizon, Zuckerman 2016] Follows from impossibility for Holds even if honest blocks are uniform! special subset of Santha-Vazirani sources Can we extract “useful” randomness from SHELA sources?

  9. The next best thing: somewhere-random sources -SR source: S omewhere- R andom Guarantee: There exist such that Interested in convex combinations of SR sources convSR sources convSR sources are very useful! SHELA great convSR sources

  10. SR sources and one-sided error Always outputs YES randomized algorithm Only guaranteed under uniform randomness! with one-side error Outputs NO with probability 2/3, YES otherwise SR source YES if all output YES Also one-sided error! NO otherwise Runtime: wish to: i) Minimize ii) Maximize length of ’s

  11. Crypto applications of SR sources Overall: non-interactive primitives with a “somewhere-random CRS” We construct (from generic complexity assumptions): • Non-interactive witness indistinguishable proof systems • Non-interactive commitments Elsewhere: • Publicly-verifiable proof systems [Scafuro, Siniscalchi, Visconti 2019]

  12. “Somewhere-extraction” from SHELA sources Goal: Design such that for every -SHELA source , Want: #output blocks and error small , output block length large Naive approach: apply 2-source extractor to every pair of blocks of Why? If and are honest, then Cons: i) ii) Non-negligible error when Can we do better?

  13. Better somewhere-extraction from SHELA sources

  14. Better somewhere-extraction from SHELA sources unbalanced 2-source extractors (left source: low entropy, right source: high entropy)

  15. Better somewhere-extraction from SHELA sources left source right source unbalanced 2-source extractors (left source: low entropy, right source: high entropy)

  16. Better somewhere-extraction from SHELA sources left source right source unbalanced 2-source extractors (left source: low entropy, right source: high entropy)

  17. Better somewhere-extraction from SHELA sources left source right source unbalanced 2-source extractors (left source: low entropy, right source: high entropy)

  18. Better somewhere-extraction from SHELA sources left source right source unbalanced 2-source extractors (left source: low entropy, right source: high entropy)

  19. Better somewhere-extraction from SHELA sources left source right source unbalanced 2-source extractors (left source: low entropy, right source: high entropy)

  20. Better somewhere-extraction from SHELA sources left source right source unbalanced 2-source extractors (left source: low entropy, right source: high entropy) i) ii) whp over fixing of , is -close to -convSR source in contains enough min-entropy works with only independent 2 honest blocks! high min-entropy independent high min-entropy contains enough min-entropy given

  21. Somewhere-extraction from low-entropy SHELA sources Want: Somewhere-extractor for -SHELA, for arbitrarily small constant Idea: Combine previous high-entropy construction with somewhere-condensers [Raz 2005], [Barak, Kindler, Shaltiel, Sudakov, Wigderson 2005], [Zuckerman 2007], [Li 2011] Essentially the same parameters: works with only 2 honest blocks!

  22. Somewhere-extraction from a weak source Can we extract useful convSR sources without exploiting structure of SHELA sources? Treat as -SHELA source weak -source Naive somewhere-extractor: any strong seeded extractor SR source Problem: Superpolynomial #blocks if error is negligible! Can we do better?

  23. Somewhere-extraction from a weak source No! Can we extract useful convSR sources without exploiting structure of SHELA sources? Treat as -SHELA source weak -source Somewhere-extractor for -sources with error , output block length If isn’t small and is negligible, #output blocks need superpolynomial #output blocks Proof: Somewhere-extractor disperser, so can apply well-known lower bounds [Radhakrishnan, Ta-Shma 2000] Open Q: Prove analogous result when

  24. Summing up • SHELA sources model multiple randomness sources corrupted by strong adversary • Can’t extract perfect randomness • Can extract great SR sources from low-entropy SHELA sources (only need 2 honest blocks!) • SR sources are very useful (algorithms + crypto) • Can’t extract useful SR sources without exploiting structure of SHELA source Thanks for watching!

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Backpacking Pain Points Sore shoulders Unreliable energy sources 12.2 million

Backpacking Pain Points Sore shoulders Unreliable energy sources 12.2 million

Backpacking Pain Points Sore shoulders Unreliable energy sources 12.2 million backpackers in US Our Solution Linear Bearings Floating Pack Spring/Damper System Charging Battery Can we reduce peak forces felt by a

504 views • 21 slides
Fake News Online Types of Fake News Clickbait Unreliable sources Misleading

Fake News Online Types of Fake News Clickbait Unreliable sources Misleading

Fake News Online Types of Fake News Clickbait Unreliable sources Misleading Information Satire/ Parody Biased News Clickbait Headline trying to attract attention and make readers click to find out more Creates

855 views • 13 slides
Sources of Randomness in Digital Devices and Their Testability Viktor F ISCHER Univ Lyon,

Sources of Randomness in Digital Devices and Their Testability Viktor F ISCHER Univ Lyon,

Sources Characterization Dedicated tests Conclusions Sources of Randomness in Digital Devices and Their Testability Viktor F ISCHER Univ Lyon, UJM-Saint-Etienne, CNRS Laboratoire Hubert Curien UMR 5516 F-42023, SAINT-ETIENNE, France

882 views • 30 slides
the entropy generation rates of physical sources of randomness Joseph D. Hart 1,2,* , Thomas E.

the entropy generation rates of physical sources of randomness Joseph D. Hart 1,2,* , Thomas E.

The im impact of dig igitization on the entropy generation rates of physical sources of randomness Joseph D. Hart 1,2,* , Thomas E. Murphy 2,3 , Rajarshi Roy 2,3,4 , Gerry Baumgartner 5 1 Dept. of Physics 2 Institute for Research in Electronics

918 views • 33 slides
Computing over Unreliable Computing over Unreliable C C Communication Networks Communication

Computing over Unreliable Computing over Unreliable C C Communication Networks Communication

Computing over Unreliable Computing over Unreliable C C Communication Networks Communication Networks i i i i N N k k Nicola Elia Joint work with Jing Wang D Dept. of Electrical and Computer Engineering t f El t i l d C t E i i

833 views • 42 slides
Firmware Insider Bluetooth Randomness is Mostly Random RANDOMNESS IS MY PASSION Jrn

Firmware Insider Bluetooth Randomness is Mostly Random RANDOMNESS IS MY PASSION Jrn

Firmware Insider Bluetooth Randomness is Mostly Random RANDOMNESS IS MY PASSION Jrn Tillmanns, Jiska Classen, Felix Rohrbach, Matthias Hollick Technische Universitt Darmstadt, Germany ??? 2 How to acquire randomness? A: 42 B: Random

562 views • 32 slides
Lecture 19 Randomness, Pseudo Randomness, and Confidentiality Stephen Checkoway University

Lecture 19 Randomness, Pseudo Randomness, and Confidentiality Stephen Checkoway University

Lecture 19 Randomness, Pseudo Randomness, and Confidentiality Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides from Miller and Baileys ECE 422 Randomness and Pseudorandomness Review Problem:

1.69k views • 33 slides
Randomness Some content taken from Silence on the Wire by Michal Zalewski Todays Agenda

Randomness Some content taken from Silence on the Wire by Michal Zalewski Todays Agenda

Randomness Some content taken from Silence on the Wire by Michal Zalewski Todays Agenda Randomness in Private Key Generation Randomness in Election (fraud) Randomness in Coin Flipping What is random? Chosen without method

693 views • 35 slides
Unreliable Datagram Extension to QUIC draft-pauly-quic-datagram-00 Tommy Pauly , Eric Kinnear,

Unreliable Datagram Extension to QUIC draft-pauly-quic-datagram-00 Tommy Pauly , Eric Kinnear,

Unreliable Datagram Extension to QUIC draft-pauly-quic-datagram-00 Tommy Pauly , Eric Kinnear, David Schinazi QUIC IETF 103, November 2018, Bangkok 1 Why unreliable QUIC frames? Several application use cases take advantage of unreliable

346 views • 10 slides
Ex Extract ractio ion The British Pharmacopoeia contain a number of extraction of vegetable

Ex Extract ractio ion The British Pharmacopoeia contain a number of extraction of vegetable

Ex Extract ractio ion The British Pharmacopoeia contain a number of extraction of vegetable drugs. Also, the starting material for some products such as steroids may come from natural sources Extraction can be defined as: the removal of

716 views • 58 slides
Randomness and analysis: a tutorial Part I: Randomness notions and almost everywhere theorems

Randomness and analysis: a tutorial Part I: Randomness notions and almost everywhere theorems

Randomness and analysis: a tutorial Part I: Randomness notions and almost everywhere theorems Andr e Nies CCC 2015, Kochel am See 1/1 Di ff erentiability Di ff erentiability of a function f at a real z means that the rate of change

1.19k views • 108 slides
Extractors for circuit sources Emanuele Viola December 20, 2011 Abstract We obtain the first

Extractors for circuit sources Emanuele Viola December 20, 2011 Abstract We obtain the first

Extractors for circuit sources Emanuele Viola December 20, 2011 Abstract We obtain the first deterministic extractors for sources generated (or sampled) by small circuits of bounded depth. Our main results are: (1) We extract k ( k/nd ) O

785 views • 21 slides
15-251 Great Theoretical Ideas in Computer Science Lecture 21: Introduction to Randomness and

15-251 Great Theoretical Ideas in Computer Science Lecture 21: Introduction to Randomness and

15-251 Great Theoretical Ideas in Computer Science Lecture 21: Introduction to Randomness and Probability Theory Review April 4th, 2017 Randomness and the Universe Randomness and the Universe Does the universe have true randomness?

693 views • 52 slides
Randomness in Computing L ECTURE 1 Randomness in Computing Course information Verifying

Randomness in Computing L ECTURE 1 Randomness in Computing Course information Verifying

Randomness in Computing L ECTURE 1 Randomness in Computing Course information Verifying polynomial identities Probability Amplification Probability Review Sofya Raskhodnikova 1/21/2020 Sofya Raskhodnikova;Randomness in Computing

348 views • 21 slides
Counting Words: Non- Randomness Pre-Processing and Non-Randomness The End Marco Baroni &

Counting Words: Non- Randomness Pre-Processing and Non-Randomness The End Marco Baroni &

Pre-processing and non-randomness Baroni & Evert Pre-Processing Counting Words: Non- Randomness Pre-Processing and Non-Randomness The End Marco Baroni & Stefan Evert M alaga, 11 August 2006 Outline Pre-processing and

879 views • 55 slides
Physical Randomness Extractors Kai-Min Chung Academia Sinica, Taiwan Xiaodi Wu Yaoyun Shi

Physical Randomness Extractors Kai-Min Chung Academia Sinica, Taiwan Xiaodi Wu Yaoyun Shi

Physical Randomness Extractors Kai-Min Chung Academia Sinica, Taiwan Xiaodi Wu Yaoyun Shi MIT/UC Berkeley University of Michigan Presented in QIP14 as plenary talk (joint with [MS14]) 1 Randomness Randomness is a vital resource

391 views • 17 slides
Extracting Metadata from Stata Datasets Suzanna Vidmar and Luke Stevens Clinical Epidemiology and

Extracting Metadata from Stata Datasets Suzanna Vidmar and Luke Stevens Clinical Epidemiology and

Extracting Metadata from Stata Datasets Suzanna Vidmar and Luke Stevens Clinical Epidemiology and Biosta;s;cs Unit Murdoch Childrens Research Ins;tute Da Data sharing and s a sharing and storag age e To enable data sharing, the data

704 views • 51 slides
Malicious PDF Detection is important! 129 Adobe Reader CVE's in 2015 Up from 44 in 2014

Malicious PDF Detection is important! 129 Adobe Reader CVE's in 2015 Up from 44 in 2014

Extract Me If You Can: Abusing PDF Parsers in Malware Detectors Curtis Carmony, Mu Zhang, Xunchao Hu, Abhishek Vasisht Bhaskar, and Heng Yin Department of EECS, Syracuse University College of Engineering L.C.Smith and Computer Science Malicious

628 views • 48 slides
Back to the Whiteboard: a Principled Approach for the Assessment and Design of Memory Forensic

Back to the Whiteboard: a Principled Approach for the Assessment and Design of Memory Forensic

Back to the Whiteboard: a Principled Approach for the Assessment and Design of Memory Forensic Techniques Fabio Pagani and Davide Balzarotti Usenix Security 19 Memory Forensics - Introduction Infected Machine Memory Dump Analysis

648 views • 47 slides
for scalable information extraction Pablo Barrio , Columbia University Gonalo Simes, INESC-ID

for scalable information extraction Pablo Barrio , Columbia University Gonalo Simes, INESC-ID

Learning to rank adaptively for scalable information extraction Pablo Barrio , Columbia University Gonalo Simes, INESC-ID and IST, University of Lisbon Helena Galhardas, INESC-ID and IST, University of Lisbon Luis Gravano, Columbia

682 views • 30 slides
Learning to Extract Folktale Keywords Dolf Trieschnigg, Dong

Learning to Extract Folktale Keywords Dolf Trieschnigg, Dong

Folktales As Classifiable Texts Learning to Extract Folktale Keywords Dolf Trieschnigg, Dong Nguyen and Marit Theune Once upon a time There was

421 views • 23 slides
Does Automated Refactoring Obviate Systematic Editing? Na Meng*

Does Automated Refactoring Obviate Systematic Editing? Na Meng*

Does Automated Refactoring Obviate Systematic Editing? Na Meng* Lisa Hua* Miryung Kim + Kathryn S. McKinley The University of Texas at

340 views • 19 slides
Automatic Extraction of Sliced Object State Machines for Component Interfaces Tao Xie David

Automatic Extraction of Sliced Object State Machines for Component Interfaces Tao Xie David

Automatic Extraction of Sliced Object State Machines for Component Interfaces Tao Xie David Notkin Dept. of Computer Science & Engineering University of Washington, Seattle SAVCBS 04 Oct. 2004 1 Motivation Software components

303 views • 29 slides
Extracting Descriptions of Location Relations from Implicit Textual Networks Andreas Spitz,

Extracting Descriptions of Location Relations from Implicit Textual Networks Andreas Spitz,

Extracting Descriptions of Location Relations from Implicit Textual Networks Andreas Spitz, Gloria Feher, Michael Gertz Heidelberg University, Institute of Computer Science Database Systems Research Group { spitz,gertz }

747 views • 38 slides

More recommend