TY - GEN
T1 - New imperfect random source with applications to coin-flipping
AU - Dodis, Yevgeniy
PY - 2001
Y1 - 2001
N2 - We introduce a new imperfect random source that realistically generalizes the SV-source of Sántha and Vazirani [SV86] and the bit-fixing source of Lichtenstein, Linial and Saks [LLS89]. Our source is expected to generate a known sequence of (possibly dependent) random variables (for example, a stream of unbiased random bits). However, the realizations/observations of these variables could be imperfect in the following two ways: (1) inevitably, each of the observations could be slightly biased (due to noise, small measurements errors, imperfections of the source, etc.), which is characterized by the statistical noise parameter δ ε [0 1/2[, and (2) few of the observations could be completely incorrect (due to very poor measurement, improper setup, unlikely but certain internal correlations, etc.), which is characterized by the \number of errors" parameter b 0. While the SV-source considered only scenario (1), and the bit-fixing source | only scenario (2), we believe that our combined source is more realistic in modeling the problem of extracting quasi-random bits from physical sources. Unfortunately, we show that dealing with the combination of scenarios (1) and (2) is dramatically more difficult (at least from the point of randomness extraction) than dealing with each scenario individually. For example, if b (1), the adversary controlling our source can force the outcome of any bit extraction procedure to a constant with probability 1-o(1), irrespective of the random variables, their correlation and the number of observations. We also apply our source to the question of producing n-player collective coin-flipping protocols secure against adaptive adversaries. While the optimal non-adaptive adversarial threshold for such protocols is known to be n=2 [BN00], the optimal adaptive threshold is conjectured by Ben-Or and Linial [BL90] to be only O(pn). We give some evidence towards this conjecture by showing that there exists no black-box transformation from a non-adaptively secure coin-flipping protocol (with arbitrary conceivable parameters) resulting in an adaptively secure protocol tolerating (pn) faulty players.
AB - We introduce a new imperfect random source that realistically generalizes the SV-source of Sántha and Vazirani [SV86] and the bit-fixing source of Lichtenstein, Linial and Saks [LLS89]. Our source is expected to generate a known sequence of (possibly dependent) random variables (for example, a stream of unbiased random bits). However, the realizations/observations of these variables could be imperfect in the following two ways: (1) inevitably, each of the observations could be slightly biased (due to noise, small measurements errors, imperfections of the source, etc.), which is characterized by the statistical noise parameter δ ε [0 1/2[, and (2) few of the observations could be completely incorrect (due to very poor measurement, improper setup, unlikely but certain internal correlations, etc.), which is characterized by the \number of errors" parameter b 0. While the SV-source considered only scenario (1), and the bit-fixing source | only scenario (2), we believe that our combined source is more realistic in modeling the problem of extracting quasi-random bits from physical sources. Unfortunately, we show that dealing with the combination of scenarios (1) and (2) is dramatically more difficult (at least from the point of randomness extraction) than dealing with each scenario individually. For example, if b (1), the adversary controlling our source can force the outcome of any bit extraction procedure to a constant with probability 1-o(1), irrespective of the random variables, their correlation and the number of observations. We also apply our source to the question of producing n-player collective coin-flipping protocols secure against adaptive adversaries. While the optimal non-adaptive adversarial threshold for such protocols is known to be n=2 [BN00], the optimal adaptive threshold is conjectured by Ben-Or and Linial [BL90] to be only O(pn). We give some evidence towards this conjecture by showing that there exists no black-box transformation from a non-adaptively secure coin-flipping protocol (with arbitrary conceivable parameters) resulting in an adaptively secure protocol tolerating (pn) faulty players.
UR - http://www.scopus.com/inward/record.url?scp=84879512073&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84879512073&partnerID=8YFLogxK
U2 - 10.1007/3-540-48224-5_25
DO - 10.1007/3-540-48224-5_25
M3 - Conference contribution
AN - SCOPUS:84879512073
SN - 3540422870
SN - 9783540422877
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 297
EP - 309
BT - Automata, Languages and Programming - 28th International Colloquium, ICALP 2001, Proceedings
A2 - Orejas, Fernando
A2 - Spirakis, Paul G.
A2 - van Leeuwen, Jan
PB - Springer Verlag
T2 - 28th International Colloquium on Automata, Languages and Programming, ICALP 2001
Y2 - 8 July 2001 through 12 July 2001
ER -