Randomness extractor

Randomness extractor

A randomness extractor is a function which, when applied to a high-entropy source (such as radioactive decay, or thermal noise), generates a random output that is shorter, yet uniformly distributed. In other words, outputting a completely random sample from a semi-random input. [http://portal.acm.org/citation.cfm?coll=GUIDE&dl=GUIDE&id=796582]

The goal of this process is to generate a truly random output stream, which could then be considered as being a true random number generator (TRNG).

The only restriction for successful application of the extractor is that the high-entropy source is nondeterministic, in other words, there is no way in which the source can be fully controlled, calculated or predicted.

No single randomness extractor currently exists that has been proven to work when applied to "any" type of high-entropy source.

Examples

Von Neumann extractor

Perhaps the earliest example is due to John Von Neumann. His extractor took successive pairs of consecutive bits from the input stream. If the two bits matched, no output was generated. If the bits differed, the value of the first bit was output. The Von Neumann extractor can be shown to produce a uniform output even if the distribution of input bits is not uniform so long as each bit has the same probability of being one and there is no correlation between successive bits. [John von Neumann. Various techniques used in connection with random digits. Applied Math Series, 12:36–38, 1951.]

Cryptographic hash

Another approach is to fill a buffer with bits from the input stream and then apply a cryptographic hash to the buffer and use its output. This approach generally depends on assumed properties of the hash function.

Applications

Randomness extractors are used most widely in cryptographic applications, whereby a cryptographic hash function would be applied to a high-entropy source to yield an encrypted result. The result is expected to be truly random, however due to the fact that the source in most cases is a known or constructed input, the security and/or 'randomness' of the source data can never be guaranteed.

Randomness extractors have played a part in recent developments in quantum cryptography, where photons are used by the randomness extractor to generate secure random bits. [http://newsroom.spie.org/x4741.xml?highlight=x535]

Randomness extraction is also used in some branches of complexity theory.

References

* [http://www.cs.haifa.ac.il/~ronen/online_papers/survey.ps Recent developments in explicit constructions of extractors] , Ronen Shaltiel

ee also

* Decorrelation
* Extractor
* Hardware random number generator


Wikimedia Foundation. 2010.

Игры ⚽ Нужно решить контрольную?

Look at other dictionaries:

  • Extractor — This article is about the extractor in mathematics, for other usage of this word see: extractor (firearms). An (N,M,D,K,epsilon) extractor is a bipartite graph with N nodes on the left and M nodes on the right such that each node on the left has… …   Wikipedia

  • Hardware random number generator — This SSL Accelerator computer card uses a hardware random number generator to generate cryptographic keys to encrypt data sent over computer networks. In computing, a hardware random number generator is an apparatus that generates random numbers… …   Wikipedia

  • Problème de l'aiguille de Kakeya —  Ne doit pas être confondu avec Aiguille de Buffon. Aiguille montrée en rotation à l intérieur d une deltoïde (qui est donc un ensemble de Kakeya). À chaque étape de sa rotation, l aiguille est en contact avec la courbe en trois points  …   Wikipédia en Français

  • Min-entropy — In probability theory or information theory, the min entropy of a discrete random event x with possible states (or outcomes) 1... n and corresponding probabilities p1... pn is The base of the logarithm is just a scaling constant; for a… …   Wikipedia

  • Hyper-encryption — is a form of encryption invented by Michael Rabin which uses a high bandwidth source of public random bits, together with a secret key that is shared by only the sender and recipient(s) of the message. It uses the assumptions of Ueli Maurer s… …   Wikipedia

  • Decorrelation — is a general term for any process that is used to reduce autocorrelation within a signal, or cross correlation within a set of signals, while preserving other aspects of the signal. A frequently used method of decorrelation is the use of a… …   Wikipedia

  • Whitening transformation — The whitening transformation is a decorrelation method that converts the covariance matrix S of a set of samples into the identity matrix I. This effectively creates new random variables that are uncorrelated and have the same variances as the… …   Wikipedia

  • Leftover hash-lemma — Imagine that you have a secret key X that has n uniform random bits, and you would like to use this secret key to encrypt a message. Unfortunately, you were a bit careless with the key, and know that an adversary was able to learn about t < n… …   Wikipedia

  • Pseudorandomness — A pseudorandom process is a process that appears random but is not. Pseudorandom sequences typically exhibit statistical randomness while being generated by an entirely deterministic causal process. Such a process is easier to produce than a… …   Wikipedia

  • Proof of knowledge — In cryptography, a proof of knowledge is an interactive proof in which the prover succeeds convincing a verifier that it knows something. What it means for a machine to know something is defined in terms of computation. A machine knows something …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”