Non-Malleable Condensers for Arbitrary Min-Entropy, and Almost Optimal Protocols for Privacy Amplification

TL;DR

This paper introduces the first explicit non-malleable condensers for any min-entropy level, enabling near-optimal privacy amplification protocols with minimal entropy loss and round complexity, even against active adversaries.

Contribution

It constructs the first non-malleable condensers for arbitrary min-entropy, leading to improved privacy amplification protocols with optimal entropy loss and round complexity.

Findings

Achieves 2-round privacy amplification with optimal entropy loss for s=Ω(√k).

Generalizes to protocols with O(s/√k) rounds for s=Ω(k).

Provides a better non-malleable condenser for linear min-entropy.

Abstract

Recently, the problem of privacy amplification with an active adversary has received a lot of attention. Given a shared n-bit weak random source X with min-entropy k and a security parameter s, the main goal is to construct an explicit 2-round privacy amplification protocol that achieves entropy loss O(s). Dodis and Wichs \cite{DW09} showed that optimal protocols can be achieved by constructing explicit non-malleable extractors. However, the best known explicit non-malleable extractor only achieves k=0.49n \cite{Li12b} and evidence in \cite{Li12b} suggests that constructing explicit non-malleable extractors for smaller min-entropy may be hard. In an alternative approach, Li \cite{Li12} introduced the notion of a non-malleable condenser and showed that explicit non-malleable condensers also give optimal privacy amplification protocols. In this paper, we give the first construction of non-malleable condensers for arbitrary min-entropy. Using our construction, we obtain a 2-round privacy amplification protocol with optimal entropy loss for security parameter up to s=\Omega(\sqrt{k}). This is the first protocol that simultaneously achieves optimal round complexity and optimal entropy loss for arbitrary min-entropy k. We also generalize this result to obtain a protocol that runs in O(s/\sqrt{k}) rounds with optimal entropy loss, for security parameter up to s=\Omega(k). This significantly improves the protocol in \cite{ckor}. Finally, we give a better non-malleable condenser for linear min-entropy, and in this case obtain a 2-round protocol with optimal entropy loss for security parameter up to s=\Omega(k), which improves the entropy loss and communication complexity of the protocol in \cite{Li12b}.