Serge Fehr & Christian Schaffner CWI Amsterdam, The
Netherlands 1 Randomness Extraction via -Biased Masking in the
Presence of a Quantum Attacker TCC 2008, 21/3/2008 New York, USA
TexPoint fonts used in EMF. Read the TexPoint manual before you
delete this box.: A A AAAA A A A A
Slide 2
Agenda 2 Motivation Main Result Applications Related Work
Slide 3
3 X=01101001 Z =10011 Key K X=01101001 random source Motivating
Example
Slide 4
4 X=01101001 Z =10011 Key K X=01101001 F(X)=0011.. H 1 (X|KZ) m
Key K 2-universal F(X)=? Left-Over Hash Lemma F(X)=0011.. m F Key K
can be reused!
Slide 5
5 Z =10011 imperfect random source X=01101011 Key K X=01111001
Imperfect Source
Slide 6
Information Reconciliation 6 X=01101011 Key K X=01111001 Z
=10011 F(X)=0011.. decode C = Y X Y = X C F(X)=? C 2 R C X=01101011
Key K H 1 (X|KZ) m + |syn(X)|
Slide 7
Reusability Problem 7 X=01101011 Key K X=01111001 Z =10011
F(X)=0011.. decode C = Y X Y = X C F(X)=? C 2 R C X=01101011 Key K
H 1 (X|KZ) m + |syn(X)| Problem: K cannot be reused!
Slide 8
Solution 8 X=01101011 Key K X=01111001 Z =10011 decode C = Y X
Y = X C C 2 R C X=01101011 Key K H 1 (X|KZ) m + |syn(X)| K can be
safely reused! Y = ? [Dodis, Smith 05]
Slide 9
The Quantum Case 9 ZZ imperfect random source X=01101011 Key K
X=01111001 101
Slide 10
Two-Universal Hashing 10 X=01101011 Key K X=01111001
F(X)=0011.. decode C = Y X Y = X C F(X)=? C 2 R C X=01101011 Key K
H 1 (X|K Z ) m + |syn(X)| ZZ 101
Slide 11
Problem 11 X=01101011 Key K X=01111001 decode C = Y X Y = X C C
2 R C X=01101011 Key K H 1 (X|K Z ) m + |syn(X)| K can be safely
reused! Y = ? [Dodis, Smith 05] ZZ ? 101
Slide 12
Agenda 12 Motivation Main Result Applications Related Work
Slide 13
Classical Theorem 13 random variable A in {0,1} n is -biased if
for all {A i } -biased family over {0,1} n joint distribution P XZ
where X in {0,1} n and Z some side information Then, for uniform I
[Dodis, Smith 05] {0,1} n = Z I,I, A I X = ?