On Extracting Private Randomness over a Public Channel

We introduce the notion of a super-strong extractor. Given two independent weak random sources X,Y , such extractor EXT(·, ·) has the property that EXT(X,Y ) is statistically random even if one is given Y . Namely, 〈Y, EXT(X,Y )〉 ≈ 〈Y,R〉. Super-strong extractors generalize the notion of strong extractors [16], which assume that Y is truly random, and extractors from two weak random sources [26, 7] which only assure that EXT(X,Y ) ≈ R. We show that super-extractors have many natural applications to design of cryptographic systems in a setting when different parties have independent weak sources of randomness, but have to communicate over an insecure channel. For example, they allow one party to “help” other party extract private randomness: the “helper” simply sends Y , and the “client” gets private randomness EXT(X,Y ). In particular, it allows two parties to derive a nearly random key after initial agreement on only a weak shared key, without using ideal local randomness. We show that optimal super-strong extractors exist, which are capable of extracting all the randomness from X , as long as Y has a logarithmic amount of min-entropy. This generalizes a similar result from strong extractors, and improves upon previously known bounds [7] for a weaker problem of randomness extraction from two independent random sources. We also give explicit super-strong extractors which work provided the sum of the min-entropies of X and Y is at least their block length. Finally, we consider the setting of our problem where the public communication channels are not authenticated. Using the results of [13], we show that non-trivial authentication is possible when the min-entropy rate of the shared secret key is at least a half. Combining this with our explicit super-extractor construction, we get the first privacy amplification protocol over an adversarially controlled channel, where player do not have ideal local randomness. Department of Computer Science, New York University, 251 Mercer Street, New York, NY 10012, USA. Email: [email protected]. Parially supported by the NSF CAREER Award. Department of Mathematics, New York University, 251 Mercer Street, New York, NY 10012, USA. Email: [email protected]. The work of this author was funded by a doctoral fellowship from CNPq, Brazil.