Generating quasi-random sequences from semi-random sources
Journal of Computer and System Sciences
Unbiased bits from sources of weak randomness and probabilistic communication complexity
SIAM Journal on Computing - Special issue on cryptography
A hard-core predicate for all one-way functions
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
Weak Random Sources, Hitting Sets, and BPP Simulations
SIAM Journal on Computing
On the (non)Universality of the One-Time Pad
FOCS '02 Proceedings of the 43rd Symposium on Foundations of Computer Science
On the Impossibility of Private Key Cryptography with Weakly Random Keys
CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Privacy Amplification Secure Against Active Adversaries
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Extracting randomness from samplable distributions
FOCS '00 Proceedings of the 41st Annual Symposium on Foundations of Computer Science
Exposure-resilient cryptography
Exposure-resilient cryptography
On the (Im)possibility of Cryptography with Imperfect Randomness
FOCS '04 Proceedings of the 45th Annual IEEE Symposium on Foundations of Computer Science
Deterministic extractors for small-space sources
Proceedings of the thirty-eighth annual ACM symposium on Theory of computing
Random polynomial time is equal to slightly-random polynomial time
SFCS '85 Proceedings of the 26th Annual Symposium on Foundations of Computer Science
Separating sources for encryption and secret sharing
TCC'06 Proceedings of the Third conference on Theory of Cryptography
How to Encrypt with a Malicious Random Number Generator
Fast Software Encryption
Non-malleable extractors and symmetric key cryptography from weak secrets
Proceedings of the forty-first annual ACM symposium on Theory of computing
Hedged Public-Key Encryption: How to Protect against Bad Randomness
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Obfuscating point functions with multibit output
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
On the security of pseudorandomized information-theoretically secure schemes
ICITS'09 Proceedings of the 4th international conference on Information theoretic security
ICITS'12 Proceedings of the 6th international conference on Information Theoretic Security
Public-Key encryption with lazy parties
SCN'12 Proceedings of the 8th international conference on Security and Cryptography for Networks
Hi-index | 0.00 |
Most cryptographic primitives require randomness (for example, to generate their secret keys). Usually, one assumes that perfect randomness is available, but, conceivably, such primitives might be built under weaker, more realistic assumptions. This is known to be true for many authentication applications, when entropy alone is typically sufficient. In contrast, all known techniques for achieving privacy seem to fundamentally require (nearly) perfect randomness. We ask the question whether this is just a coincidence, or, perhaps, privacy inherently requires true randomness? We completely resolve this question for the case of (information-theoretic) private-key encryption, where parties wish to encrypt a b-bit value using a shared secret key sampled from some imperfect source of randomness S. Our main result shows that if such n-bit source S allows for a secure encryption of b bits, where b log n, then one can deterministically extract nearly b almost perfect random bits from S. Further, the restriction that b log n is nearly tight: there exist sources S allowing one to perfectly encrypt (log n - loglog n) bits, but not to deterministically extract even a single slightly unbiased bit. Hence, to a large extent, true randomness is inherent for encryption: either the key length must be exponential in the message length b, or one can deterministically extract nearly b almost unbiased random bits from the key. In particular, the one-time pad scheme is essentially "universal". Our technique also extends to related computational primitives which are perfectly-binding, such as perfectly-binding commitment and computationally secure private- or public-key encryption, showing the necessity to efficiently extract almost b pseudorandom bits.