Non-Malleable Extractors and Codes, with their Many Tampered Extensions

摘要

Randomness extractors and error correcting codes are fundamental objects incomputer science. Recently, there have been several natural generalizations ofthese objects, in the context and study of tamper resilient cryptography. Theseare seeded non-malleable extractors, introduced in [DW09]; seedlessnon-malleable extractors, introduced in [CG14b]; and non-malleable codes,introduced in [DPW10]. However, explicit constructions of non-malleable extractors appear to behard, and the known constructions are far behind their non-tamperedcounterparts. In this paper we make progress towards solving the above problems. Ourcontributions are as follows. (1) We construct an explicit seeded non-malleable extractor for min-entropy$k \geq \log^2 n$. This dramatically improves all previous results and gives asimpler 2-round privacy amplification protocol with optimal entropy loss,matching the best known result in [Li15b]. (2) We construct the first explicit non-malleable two-source extractor formin-entropy $k \geq n-n^{\Omega(1)}$, with output size $n^{\Omega(1)}$ anderror $2^{-n^{\Omega(1)}}$. (3) We initiate the study of two natural generalizations of seedlessnon-malleable extractors and non-malleable codes, where the sources or thecodeword may be tampered many times. We construct the first explicitnon-malleable two-source extractor with tampering degree $t$ up to$n^{\Omega(1)}$, which works for min-entropy $k \geq n-n^{\Omega(1)}$, withoutput size $n^{\Omega(1)}$ and error $2^{-n^{\Omega(1)}}$. We show that we canefficiently sample uniformly from any pre-image. By the connection in [CG14b],we also obtain the first explicit non-malleable codes with tampering degree $t$up to $n^{\Omega(1)}$, relative rate $n^{\Omega(1)}/n$, and error$2^{-n^{\Omega(1)}}$.