Nearly-Linear Time Seeded Extractors With Short Seeds

Seeded extractors are fundamental objects in pseudorandomness and cryptography, and a deep line of work has designed polynomial-time seeded extractors with nearly-optimal parameters. However, existing constructions of seeded extractors with short seed length and large output length run in time <i...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:IEEE transactions on information theory Ročník 71; číslo 11; s. 9028 - 9054
Hlavní autoři: Doron, Dean, Ribeiro, Joao
Médium: Journal Article
Jazyk:angličtina
Vydáno: IEEE 01.11.2025
Témata:
Agricultural machinery
Circuits
Complexity theory
Computational modeling
Cryptography
Data mining
nearly-linear time algorithms
Privacy
privacy amplification
Random access memory
Runtime
Seeded randomness extractors
short seeds
ISSN:0018-9448, 1557-9654
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:Seeded extractors are fundamental objects in pseudorandomness and cryptography, and a deep line of work has designed polynomial-time seeded extractors with nearly-optimal parameters. However, existing constructions of seeded extractors with short seed length and large output length run in time <inline-formula> <tex-math notation="LaTeX">\Omega (n \log (1/\varepsilon)) </tex-math></inline-formula> and often slower, where n is the input source length and <inline-formula> <tex-math notation="LaTeX">\varepsilon </tex-math></inline-formula> is the error of the extractor. Since cryptographic applications of extractors require <inline-formula> <tex-math notation="LaTeX">\varepsilon </tex-math></inline-formula> to be small, the resulting runtime makes these extractors impractical. Motivated by this, we explore constructions of strong seeded extractors with short seeds computable in nearly-linear time <inline-formula> <tex-math notation="LaTeX">O(n \log ^{c} n) </tex-math></inline-formula>, for any error <inline-formula> <tex-math notation="LaTeX">\varepsilon </tex-math></inline-formula>. We show that an appropriate combination of modern condensers and classical approaches for constructing seeded extractors for high min-entropy sources yields such extractors. More precisely, we obtain strong extractors for n -bit sources with any min-entropy k and any target error <inline-formula> <tex-math notation="LaTeX">\varepsilon </tex-math></inline-formula> with seed length <inline-formula> <tex-math notation="LaTeX">d=O(\log (n/\varepsilon)) </tex-math></inline-formula> and output length <inline-formula> <tex-math notation="LaTeX">m=(1-\eta)k </tex-math></inline-formula> for an arbitrarily small constant <inline-formula> <tex-math notation="LaTeX">\eta \gt 0 </tex-math></inline-formula>, running in nearly-linear time. When k or <inline-formula> <tex-math notation="LaTeX">\varepsilon </tex-math></inline-formula> are very small, our construction requires a reasonable one-time preprocessing step. These extractors directly yield privacy amplification protocols with nearly-linear time complexity (possibly after a one-time preprocessing step), large output length, and low communication complexity. As a second contribution, we give an instantiation of Trevisan's extractor that can be evaluated in truly linear time in the RAM model, as long as the number of output bits is at most <inline-formula> <tex-math notation="LaTeX">\frac {n}{\log (1/\varepsilon)\mathrm {polylog}(n)} </tex-math></inline-formula>. Previous fast implementations of Trevisan's extractor ran in <inline-formula> <tex-math notation="LaTeX">\widetilde {O}(n) </tex-math></inline-formula> time in this setting.
ISSN:0018-9448
1557-9654
DOI:10.1109/TIT.2025.3605160