Overcoming Weak Expectations

  • Yevgeniy Dodis
  • Yu Yu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7785)


Recently, there has been renewed interest in basing cryptographic primitives on weak secrets, where the only information about the secret is some non-trivial amount of (min-) entropy. From a formal point of view, such results require to upper bound the expectation of some function f(X), where X is a weak source in question. We show an elementary inequality which essentially upper bounds such ‘weak expectation’ by two terms, the first of which is independent of f, while the second only depends on the ‘variance’ of f under uniform distribution. Quite remarkably, as relatively simple corollaries of this elementary inequality, we obtain some ‘unexpected’ results, in several cases noticeably simplifying/improving prior techniques for the same problem.

Examples include non-malleable extractors, leakage-resilient symmetric encryption, alternative to the dense model theorem, seed-dependent condensers and improved entropy loss for the leftover hash lemma.


Hash Function Entropy Loss Hash Family Indistinguishability Application Choose Plaintext Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Barak, B., Dodis, Y., Krawczyk, H., Pereira, O., Pietrzak, K., Standaert, F.-X., Yu, Y.: Leftover Hash Lemma, Revisited. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 1–20. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  2. 2.
    Barak, B., Halevi, S.: A model and architecture for pseudo-random generation with applications to /dev/random. In: Proceedings of the 12th ACM Conference on Computer and Communication Security, pp. 203–212 (2005)Google Scholar
  3. 3.
    Barak, B., Shaltiel, R., Tromer, E.: True Random Number Generators Secure in a Changing Environment. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 166–180. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. 4.
    Boyen, X., Dodis, Y., Katz, J., Ostrovsky, R., Smith, A.: Secure Remote Authentication Using Biometric Data. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 147–163. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  5. 5.
    Brakerski, Z., Goldreich, O.: From absolute distinguishability to positive distinguishability. In: Electronic Colloquium on Computational Complexity (ECCC), vol. 16, p. 31 (2009)Google Scholar
  6. 6.
    Carter, J.L., Wegman, M.N.: Universal classes of hash functions. Journal of Computer and System Sciences 18, 143–154 (1979)MathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    Cohen, G., Raz, R., Segev, G.: Non-malleable extractors with short seeds and applications to privacy amplification. In: Proceedings of the 27th Computational Complexity, pp. 110–124 (2012)Google Scholar
  8. 8.
    Dedić, N., Harnik, D., Reyzin, L.: Saving Private Randomness in One-Way Functions and Pseudorandom Generators. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 607–625. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  9. 9.
    Dodis, Y., Katz, J., Reyzin, L., Smith, A.: Robust Fuzzy Extractors and Authenticated Key Agreement from Close Secrets. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 232–250. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  10. 10.
    Dodis, Y., Li, X., Wooley, T.D., Zuckerman, D.: Privacy amplification and non-malleable extractors via character sums. In: Proceedings of the 52nd IEEE Symposium on Foundation of Computer Science, pp. 668–677 (2011)Google Scholar
  11. 11.
    Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. SIAM Journal on Computing 38(1), 97–139 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Dodis, Y., Ristenpart, T., Vadhan, S.: Randomness Condensers for Efficiently Samplable, Seed-Dependent Sources. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 618–635. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  13. 13.
    Dodis, Y., Smith, A.: Correcting errors without leaking partial information. In: Proceedings of the Thirty-Seventh Annual ACM Symposium on Theory of Computing, Baltimore, Maryland, May 22-24, pp. 654–663 (2005)Google Scholar
  14. 14.
    Dodis, Y., Wichs, D.: Non-malleable extractors and symmetric key cryptography from weak secrets. In: Mitzenmacher, M. (ed.) Proceedings of the 41st Annual ACM Symposium on Theory of Computing, Bethesda, MD, USA, pp. 601–610. ACM (2009)Google Scholar
  15. 15.
    Dodis, Y., Yu, Y.: Overcoming weak expectactions (2012), full version of this paper
  16. 16.
    Dziembowski, S., Pietrzak, K.: Leakage-resilient cryptography. In: Proceedings of the 49th IEEE Symposium on Foundation of Computer Science, pp. 293–302 (2008)Google Scholar
  17. 17.
    Fuller, B., O’Neill, A., Reyzin, L.: A Unified Approach to Deterministic Encryption: New Constructions and a Connection to Computational Entropy. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 582–599. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  18. 18.
    Gennaro, R., Krawczyk, H., Rabin, T.: Secure Hashed Diffie-Hellman over Non-DDH Groups. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 361–381. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  19. 19.
    Håstad, J., Impagliazzo, R., Levin, L.A., Luby, M.: Construction of pseudorandom generator from any one-way function. SIAM Journal on Computing 28(4), 1364–1396 (1999)MathSciNetCrossRefzbMATHGoogle Scholar
  20. 20.
    Krawczyk, H.: Cryptographic Extraction and Key Derivation: The HKDF Scheme. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 631–648. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  21. 21.
    Li, X.: Non-malleable extractors, two-source extractors and privacy amplification. In: Proceedings of the 53rd IEEE Symposium on Foundation of Computer Science, pp. 688–697 (2012)Google Scholar
  22. 22.
    Maurer, U.M., Wolf, S.: Privacy Amplification Secure against Active Adversaries. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 307–321. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  23. 23.
    Naor, M., Reingold, O.: Synthesizers and their application to the parallel construction of pseudo-random functions. J. Comput. Syst. Sci. 58(2), 336–375 (1999)MathSciNetCrossRefzbMATHGoogle Scholar
  24. 24.
    Pietrzak, K.: A Leakage-Resilient Mode of Operation. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 462–482. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  25. 25.
    Raz, R., Reingold, O.: On recycling the randomness of states in space bounded computation. In: Proceedings of the 31st ACM Symposium on the Theory of Computing, pp. 159–168 (1999)Google Scholar
  26. 26.
    Reingold, O., Shaltiel, R., Wigderson, A.: Extracting randomness via repeated condensing. SIAM J. Comput. 35(5), 1185–1209 (2006)MathSciNetCrossRefzbMATHGoogle Scholar
  27. 27.
    Reingold, O., Trevisan, L., Tulsiani, M., Vadhan, S.P.: Dense subsets of pseudorandom sets. In: Proceedings of the 49th IEEE Symposium on Foundation of Computer Science, pp. 76–85 (2008)Google Scholar
  28. 28.
    Tao, T., Ziegler, T.: The primes contain arbitrarily long polynomial progressions (2006),
  29. 29.
    Trevisan, L., Vadhan, S.: Extracting randomness from samplable distributions. In: 41st Annual Symposium on Foundations of Computer Science, Redondo Beach, California, pp. 32–42. IEEE (November 2000)Google Scholar

Copyright information

© International Association for Cryptologic Research 2013

Authors and Affiliations

  • Yevgeniy Dodis
    • 1
  • Yu Yu
    • 2
  1. 1.New York UniversityUSA
  2. 2.Institute for Interdisciplinary Information SciencesTsinghua UniversityHong Kong

Personalised recommendations