Eshan Chattopadhyay

Non-malleable Codes against Constant Split-State Tampering

Non-malleable codes were introduced by Dziembowski, Pietrzak and Wichs [1] as an elegant generalization of the classical notions of error detection, where the corruption of a codeword is viewed as a tampering function acting on it. Informally, a non-malleable code with respect to a family of tampering functions F consists of a randomized encoding function Enc and a deterministic decoding function Dec such that for any m, Dec(Enc(m)) = m. Further, for any tampering function f ∈ F and any message m, Dec(f(Enc(m))) is either m or is ∈-close to a distribution Df independent of m, where ∈ is called the error. Of particular importance are non-malleable codes in the C-split-state model. In this model, the codeword is partitioned into C equal sized blocks and the tampering function family consists of functions (f1, . . . , fC) such that fi acts on the ith block. For C = 1 there cannot exist non-malleable codes. For C = 2, the best known explicit construction is by Aggarwal, Dodis and Lovett [2] who achieve rate = Ω(n-6/7) and error = 2-Ω(n-1/7), where n is the block length of the code. In our main result, we construct efficient non-malleable codes in the C-split-state model for C = 10 that achieve constant rate and error = 2-Ω(n). These are the first explicit codes of constant rate in the C-split-state model for any C = o(n), that do not rely on any unproven assumptions. We also improve the error in the explicit nonmalleable codes constructed in the bit tampering model by Cheraghchi and Guruswami [3]. Our constructions use an elegant connection found between seedless non-malleable extractors and non-malleable codes by Cheraghchi and Guruswami [3]. We explicitly construct such seedless non-malleable extractors for 10 independent sources and deduce our results on non-malleable codes based on this connection. Our constructions of extractors use encodings and a new variant of the sumproduct theorem.

Explicit two-source extractors and resilient functions

We explicitly construct an extractor for two independent sources on n bits, each with polylogarithmic min-entropy. Our extractor outputs one bit and has polynomially small error. The best previous extractor, by Bourgain, required each source to have min-entropy .499n. A key ingredient in our construction is an explicit construction of a monotone, almost-balanced Boolean functions that are resilient to coalitions. In fact, our construction is stronger in that it gives an explicit extractor for a generalization of non-oblivious bit-fixing sources on n bits, where some unknown n-q bits are chosen almost polylogarithmic-wise independently, and the remaining q bits are chosen by an adversary as an arbitrary function of the n-q bits. The best previous construction, by Viola, achieved q quadratically smaller than our result. Our explicit two-source extractor directly implies improved constructions of a K-Ramsey graph over N vertices, improving bounds obtained by Barak et al. and matching independent work by Cohen.

Non-malleable extractors and codes, with their many tampered extensions

Randomness extractors and error correcting codes are fundamental objects in computer science. Recently, there have been several natural generalizations of these objects, in the context and study of tamper resilient cryptography. These are seeded non-malleable extractors, introduced by Dodis and Wichs; seedless non-malleable extractors, introduced by Cheraghchi and Guruswami; and non-malleable codes, introduced by Dziembowski, Pietrzak and Wichs. Besides being interesting on their own, they also have important applications in cryptography, e.g, privacy amplification with an active adversary, explicit non-malleable codes etc, and often have unexpected connections to their non-tampered analogues. However, the known constructions are far behind their non-tampered counterparts. Indeed, the best known seeded non-malleable extractor requires min-entropy rate at least 0.49; while explicit constructions of non-malleable two-source extractors were not known even if both sources have full min-entropy, and was left as an open problem by Cheraghchi and Guruswami. In this paper we make progress towards solving the above problems and other related generalizations. Our contributions are as follows. (1) We construct an explicit seeded non-malleable extractor for polylogarithmic min-entropy. This dramatically improves all previous results and gives a simpler 2-round privacy amplification protocol with optimal entropy loss, matching the best known result. In fact, we construct more general seeded non-malleable extractors (that can handle multiple adversaries) which were used in the recent construction of explicit two-source extractors for polylogarithmic min-entropy. (2) We construct the first explicit non-malleable two-source extractor for almost full min-entropy thus resolving the open question posed by Cheraghchi and Guruswami. (3) We motivate and initiate the study of two natural generalizations of seedless non-malleable extractors and non-malleable codes, where the sources or the codeword may be tampered many times. By using the connection found by Cheraghchi and Guruswami and providing efficient sampling algorithms, we obtain the first explicit non-malleable codes with tampering degree t, with near optimal rate and error. We call these stronger notions one-many and many-manynon-malleable codes. This provides a stronger information theoretic analogue of a primitive known as continuous non-malleable codes. Our basic technique used in all of our constructions can be seen as inspired, in part, by the techniques previously used to construct cryptographic non-malleable commitments.

Explicit Non-malleable Extractors, Multi-source Extractors, and Almost Optimal Privacy Amplification Protocols

We make progress in the following three problems: 1. Constructing optimal seeded non-malleable extractors, 2. Constructing optimal privacy amplification protocols with an active adversary, for any possible security parameter, 3. Constructing extractors for independent weak random sources, when the min-entropy is extremely small (i.e., near logarithmic). For the first two problems, the best known non-malleable extractors by Chattopadhyay, Goyal and Li, and by Cohen all require seed length and min-entropy with quadratic loss in parameters. As a result, the best known explicit privacy amplification protocols with an active adversary, which achieve two rounds of communication and optimal entropy loss was sub-optimal in the min-entropy of the source. In this paper we give an explicit non-malleable extractor that works for nearly optimal seed length and min-entropy, and yields a two-round privacy amplification protocol with optimal entropy loss for almost all ranges of the security parameter. For the third problem, we improve upon a very recent result by Cohen and Schulman and give an explicit extractor that uses an absolute constant number of sources, each with almost logarithmic min-entropy. The key ingredient in all our constructions is a generalized, and much more efficient version of the independence preserving merger introduced by Cohen, which we call non-malleable independence preserving merger. Our construction of the merger also simplifies that of Cohen and Schulman, and may be of independent interest.

Non-malleable codes and extractors for small-depth circuits, and affine functions

Non-malleable codes were introduced by Dziembowski, Pietrzak and Wichs as an elegant relaxation of error correcting codes, where the motivation is to handle more general forms of tampering while still providing meaningful guarantees. This has led to many elegant constructions and applications in cryptography. However, most works so far only studied tampering in the split-state model where different parts of the codeword are tampered independently, and thus do not apply to many other natural classes of tampering functions. The only exceptions are the work of Agrawal et al. which studied non-malleable codes against bit permutation composed with bit-wise tampering, and the works of Faust et al. and Ball et al., which studied non-malleable codes against local functions. However, in both cases each tampered bit only depends on a subset of input bits. In this work, we study the problem of constructing non-malleable codes against more general tampering functions that act on the entire codeword. We give the first efficient constructions of non-malleable codes against tampering functions and affine tampering functions. These are the first explicit non-malleable codes against tampering functions where each tampered bit can depend on all input bits. We also give efficient non-malleable codes against t-local functions for t=o(√n), where a t-local function has the property that any output bit depends on at most t input bits. In the case of deterministic decoders, this improves upon the results of Ball et al, which can handle t≤ n1/4. All our results on non-malleable codes are obtained by using the connection between non-malleable codes and seedless non-malleable extractors discovered by Cheraghchi and Guruswami. Therefore, we also give the first efficient constructions of seedless non-malleable extractors against tampering functions, t-local tampering functions for t=o(√n), and affine tampering functions. To derive our results on non-malleable codes, we design efficient algorithms to almost uniformly sample from the pre-image of any given output of our non-malleable extractor.

Extractors for sumset sources

We propose a new model of weak random sources which we call sumset sources. A sumset source X is the sum of C independent sources, with each source on n bits source having min-entropy k. We show that extractors for this class of sources can be used to give extractors for most classes of weak sources that have been studied previously, including independent sources, affine sources (which generalizes oblivious bit-fixing sources), small space sources, total entropy independent sources, and interleaved sources. This provides a unified approach for randomness extraction. A known extractor for this class of sources, prior to our work, is the Paley graph function introduced by Chor and Goldreich, which works for the sum of 2 independent sources, where one has min-entropy at least 0.51n and the other has logarithmic min-entropy. To the best of our knowledge, the only other known construction is from the work of Kamp, Rao, Vadhan and Zuckerman, which can extract from the sum of exponentially many independent sources. Our main result is an explicit extractor for the sum of C independent sources for some large enough constant C, where each source has polylogarithmic min-entropy. We then use this extractor to obtain improved extractors for other well studied classes of sources including small-space sources, affine sources and interleaved sources.

New extractors for interleaved sources

We study how to extract randomness from a C-interleaved source, that is, a source comprised of C independent sources whose bits or symbols are interleaved. We describe a simple approach for constructing such extractors that yields: For some δ > 0, c > 0, explicit extractors for 2-interleaved sources on {0, 1}2n when one source has min-entropy at least (1 - δ)n and the other has min-entropy at least c log n. The best previous construction, by Raz and Yehudayoff [36], worked only when both sources had entropy rate 1 - δ. For some c > 0 and any large enough prime p, explicit extractors for 2-interleaved sources on [p]2n when one source has min-entropy rate at least .51 and the other source has min-entropy rate at least (c log n)/n. We use these to obtain the following applications: We introduce the class of any-order-small-space sources, generalizing the class of small-space sources studied by Kamp et al. [22]. We construct extractors for such sources with min-entropy rate close to 1/2. Using the Raz-Yehudayoff construction would require entropy rate close to 1. For any large enough prime p, we exhibit an explicit function f: [p]2n → {0, 1} such that the randomized best-partition communication complexity of f with error 1/2 - 2-Ω(n) is at least .24n log p. Previously this was known only for a tiny constant instead of .24, for p = 2 [36]. We introduce non-malleable extractors in the interleaved model. For any large enough prime p, we give an explicit construction of a weak-seeded non-malleable extractor for sources over [p]n with min-entropy rate .51. Nothing was known previously, even for almost full min-entropy.

An Explicit VC-Theorem for Low-Degree Polynomials

Let X ⊆ R n and let \({\cal C}\) be a class of functions mapping ℝ n → { − 1,1}. The famous VC-Theorem states that a random subset S of X of size \(O(\frac{d}{\epsilon^{2}} \log \frac{d}{\epsilon})\), where d is the VC-Dimension of \({\cal C}\), is (with constant probability) an e-approximation for \({\cal C}\) with respect to the uniform distribution on X. In this work, we revisit the problem of constructing S explicitly. We show that for any X ⊆ ℝ n and any Boolean function class \({\cal C}\) that is uniformly approximated by degree k polynomials, an e-approximation S can be be constructed deterministically in time poly(n k ,1/e,|X|) provided that \(\epsilon =\Omega\left(W \cdot \sqrt{\frac{\log{|X|}}{|X|}}\right)\) where W is the weight of the approximating polynomial. Previous work due to Chazelle and Matousek suffers an d O(d) factor in the running time and results in superpolynomial-time algorithms, even in the case where k = O(1).

Improved pseudorandomness for unordered branching programs through local monotonicity

We present an explicit pseudorandom generator with seed length Õ((logn)w+1) for read-once, oblivious, width w branching programs that can read their input bits in any order. This improves upon the work of Impagliazzo, Meka and Zuckerman (FOCS’12) where they required seed length n1/2+o(1). A central ingredient in our work is the following bound that we prove on the Fourier spectrum of branching programs. For any width w read-once, oblivious branching program B:{0,1}n→ {0,1}, any k ∈ {1,…,n}, [complex formula not displayed] This settles a conjecture posed by Reingold, Steinke and Vadhan (RANDOM’13). Our analysis crucially uses a notion of local monotonicity on the edge labeling of the branching program. We carry critical parts of our proof under the assumption of local monotonicity and show how to deduce our results for unrestricted branching programs.

Pseudorandom generators from polarizing random walks

We propose a new framework for constructing pseudorandom generators for n-variate Boolean functions. It is based on two new notions. First, we introduce fractional pseudorandom generators, which are pseudorandom distributions taking values in [-1, 1]n. Next, we use a fractional pseudorandom generator as steps of a random walk in [-1, 1]n that converges to {-1, 1}n. We prove that this random walk converges fast (in time logarithmic in n) due to polarization. As an application, we construct pseudorandom generators for Boolean functions with bounded Fourier tails. We use this to obtain a pseudorandom generator for functions with sensitivity s, whose seed length is polynomial in s. Other examples include functions computed by branching programs of various sorts or by bounded depth circuits.