Non-Malleable Extractors
Gil CohenWeizmann Institute
Joint work withRan Raz and Gil Segev
2𝑛
2𝑑
2𝑘
Seeded Extractors
10
Seeded Extractor
Seeded Extractors
2𝑛
2𝑑
000111 10 2𝑘
Seeded Extractor
2𝑑
Strong SeededExtractor
2𝑘00
0110
11
Seeded Extractors
2𝑛
2𝑑
000111
2𝑘
Seeded Extractor
2𝑑
000
101
100
111
…… No limitation
Small-Bias Set
10
Non-Malleable Extractors [DodisWichs09]
Seeded Extractor Strong SeededExtractor
2𝑑
2𝑘
Non-MalleableExtractor
0
1
0
0
1
𝐴 (𝑠 ) 𝑠
The Explicit Construction of [DodisLiWooleyZuckerman11]
• Conditional efficiency
The Explicit Construction of [DodisLiWooleyZuckerman11]
• Conditional efficiency
The Explicit Construction of [DodisLiWooleyZuckerman11]
• Conditional efficiency
The Explicit Construction of [DodisLiWooleyZuckerman11]
• Conditional efficiency
Main Result
• Unconditionally efficient
Main Result
• Unconditionally efficient
Main Result
• Unconditionally efficient
Main Result
• Unconditionally efficient
Explicit Constructions [Li12]
Moreover, Bourgain’s extractor is non-malleable.
Raz’s Theorem [Raz05]
is a
Proof Idea
𝑊
𝑠 𝐴 (𝑠 )𝑍1𝑍 2⋯
Proof Idea
𝑊
𝑠 𝐴 (𝑠 )
𝐸𝑥𝑡 (𝑊 ;𝑠 )𝐸𝑥𝑡 (𝑊 ; 𝐴 (𝑠 ) )
is typically biased (say towards 0).
Proof Idea
𝑊
𝑠 𝐴 (𝑠 )
𝐸𝑥𝑡 (𝑊 ;𝑠 )𝐸𝑥𝑡 (𝑊 ; 𝐴 (𝑠 ) )
is typically biased (say towards 0).
Proof Idea
𝑠 𝐴 (𝑠 )
𝑠𝐴 (𝑠 )
𝑏𝑖𝑎𝑠 (𝑌𝑠 )
Proof Idea
𝑠 𝐴 (𝑠 )
𝑠𝐴 (𝑠 )
𝑏𝑖𝑎𝑠 (𝑌𝑠 )Acyclic
Many verticesAverage edge weight is large
Proof Idea
𝑠 𝐴 (𝑠 )
𝑠𝐴 (𝑠 )
𝑏𝑖𝑎𝑠 (𝑌𝑠 )Acyclic
Many verticesAverage edge weight is large
Proof Idea
⋯ 𝑍 𝑠⊕ 𝑍𝐴 (𝑠 )⋯
Small-Bias Set
[Raz05] implies that this is also an
extractor𝑊
stands in contradiction!
𝑌 𝑠=E 𝑥𝑡 (𝑊 ; 𝑠 )⊕𝐸𝑥𝑡 (𝑊 ; 𝐴 (𝑠) )
? Construct a non-malleable extractor for smaller min-entropies, or prove this is hard.
? Waiting for applications to complexity (as apposed to cryptography).
Open Questions