An (n, k)-bit-fixing source is a distribution X over {0, 1} n such that there is a subset of k variables in X1,..., Xn which are uniformly distributed and independent of each other, and the remaining n − k variables are fixed. A deterministic bit-fixing source extractor is a function E: {0, 1} n → {0, 1} m which on an arbitrary (n, k)-bit-fixing source outputs m bits that are statisticallyclose to uniform. Recently, Kamp and Zuckerman [44th FOCS, 2003] gave a construction of a deterministic bit-fixing source extractor that extracts Ω(k2 /n) bits and requires k> √ n. In this paper we give constructions of deterministic bit-fixing source extractors that extract (1 − o(1))k bits whenever k> (log n) c for some universal constant c> 0. Thus, our constructions extract almost all the randomness from bit-fixing sources and work even when k is small. For k ≫ √ n the extracted bits have statistical distance 2−nΩ(1) from uniform, and for k ≤ √ n the extracted bits have statistical distance k−Ω(1) from uniform. Our technique gives a general method to transform deterministic bit-fixing source extractors that extract few bits into extractors which extract almost all the bits.

Let C be a class of distributions over {0, 1}^n. A deterministic randomness extractor for C isa function E: {0, 1}n! {0, 1}m such that for any X in C the distribution E(X) is statisticallyclose to the uniform distribution. A long line of research deals with explicit constructions of such extractors for various classes C while trying to maximize m.In this paper we give a general transformation that transforms a deterministic extractor Ethat extracts &quot;few &quot; bits into an extractor E0 that extracts &quot;almost all the bits present in the source distribution&quot;. More precisely, we prove a general theorem saying that if E and C satisfycertain properties, then we can transform E into an extractor E0.Our methods build on (and generalize) a technique of Gabizon, Raz and Shaltiel (FOCS 2004) that present such a transformation for the very restricted class C of &quot;oblivious bit-fixing sources&quot;. The high level idea is to find properties of E and C which allow &quot;recycling &quot; the outputof E so that it can be &quot;reused &quot; to operate on the source distribution. An obvious obstacle is that the output of E is correlated with the source distribution.Using our transformation we give an explicit construction of a two-source extractor E:{0, 1}n * {0, 1}n! {0, 1}m such that for every two independent distributions X1 and X2 over{ 0, 1}n with min-entropy at least k = (1/2 + ffi)n and ffl < = 2- log 4 n, E(X 1, X2) is ffl-close to the uniform distribution on m = 2k- Cffi log(1/ffl) bits. This result is optimal except for the preciseconstant Cffi and improves previous results by Chor and Goldreich (SICOMP 1988), Vazirani(Combinatorica 1987) and Dodis et al. (RANDOM 2004).

An (N,M,T)-OR-disperser is a bipartite multigraph G = (V,W,E) with|V | = N, and |W | = M, having the following expansion property: any subset of V having at least T vertices has a neighbor set of size at least M/2. For any pair of constants ξ,λ,1 ≥ ξ>λ ≥ 0, any sufficiently large N, andforany (log N)ξ (log N)λ T ≥ 2, M ≤ 2, we give an explicit elementary construction of an (N,M,T)-OR-disperser such that the out-degree of any vertex in V is at most polylogarithmic in N. Using this with known applications of OR-dispersers yields several results. First, our construction implies that the complexity class Strong-RP defined by Sipser, equals RP. Second, for any fixed η>0, we give the first polynomial-time simulation of RP algorithms using the output of any “η-minimally random ” source. For any integral R>0, such a source accepts a single request for an R-bit string and generates the string according to a distribution that assigns probability at most 2−Rη to any string. It is minimally random in the sense that any weaker source is

Abstract. We provide an exposition of three lemmas that relate general properties of distributions over bit strings to the exclusive-or (xor) of values of certain bit locations. The first XOR-Lemma, commonly attributed to Umesh Vazirani (1986), relates the statistical distance of a distribution from the uniform distribution over bit strings to the maximum bias of the xor of certain bit positions. The second XOR-Lemma, due to Umesh and Vijay Vazirani (19th STOC, 1987), is a computational analogue of the first. It relates the pseudorandomness of a distribution to the difficulty of predicting the xor of bits in particular or random positions. The third Lemma, due to Goldreich and Levin (21st STOC, 1989), relates the difficulty of retrieving a string and the unpredictability of the xor of random bit positions. The most notable XOR Lemma – that is the so-called Yao XOR Lemma – is not discussed here. We focus on the proofs of the aforementioned three lemma. Our exposition deviates from the original proofs, yielding proofs that are believed to be simpler, of wider applicability, and establishing somewhat stronger quantitative results. Credits for these improved proofs are due to several researchers.

We investigate the feasibility of a variety of cryptographic tasks with imperfect randomness. The kind of imperfect randomness we consider are entropy sources, such as those considered by Santha and Vazirani, Chor and Goldreich, and Zuckerman. We show the following: Certain cryptographic tasks like bit commitment, encryption, secret sharing, zero-knowledge, noninteractive zero-knowledge, and secure two-party computation for any non-trivial function are impossible to realize if parties have access to entropy sources with slightly less-than-perfect entropy, i.e., sources with imperfect randomness. These results are unconditional and do not rely on any unproven assumption. On the other hand, based on stronger variants of standard assumptions, secure signature schemes are possible with imperfect entropy sources. As another positive result, we show (without any unproven assumption) that interactive proofs can be made sound with respect to imperfect entropy sources. 1.

A \Gamma 2 1 \Delta --OT 2 (one-out-of-two Bit Oblivious Transfer) is a technique by which a party S owning two secret bits b 0 ; b 1 , can transfer one of them b c to another party R, who chooses c. This is done in a way that does not release any bias about b ¯ c to R nor any bias about c to S. One interesting extension of this transfer is the \Gamma 2 1 \Delta --OT k 2 (one-out-of-two String O.T.) in which the two secrets q 0 ; q 1 are elements of GF k (2) instead of bits. A reduction of \Gamma 2 1 \Delta --OT k 2 to \Gamma 2 1 \Delta --OT 2 presented in [BCR86] uses O(k log 2 3 ) calls to \Gamma 2 1 \Delta --OT 2 and thus raises an interesting combinatorial question: how many calls to \Gamma 2 1 \Delta --OT 2 are necessary and sufficient to achieve a \Gamma 2 1 \Delta --OT k 2 ? In the current paper we answer this question quite precisely. We accomplish this reduction using \Theta(k) calls to \Gamma 2 1 \Delta --OT 2 . First, we show by probabilist...

In this paper, we give two explicit constructions of extractors, both of which work for a source of any min-entropy on strings of length n. The first extracts any constant fraction of the min-entropy using O(log 2 n) additional random bits. The second extracts all the min-entropy using O(log 3 n) additional random bits. Both constructions use fewer truly random bits than any previous construction which works for all min-entropies and extracts a constant fraction of the min-entropy. The extractors are obtained by observing that a weaker notion of "combinatorial design" suffices for the Nisan--Wigderson pseudorandom generator [NW94], which underlies the recent extractor of Trevisan [Tre98]. We give near-optimal constructions of such "weak designs" which achieve much better parameters than possible with the notion of designs used by Nisan--Wigderson and Trevisan. 1 Introduction Roughly speaking, an extractor is a function which extracts truly random bits from a weakly random source,...

Let Fq be the field of q elements. An (n, k)-affine extractor is a mapping D: F n q → {0, 1} such that for any k-dimensional affine subspace X ⊆ F n q, D(x) is an almost unbiased bit when x is chosen uniformly from X. Loosely speaking, the problem of explicitly constructing affine extractors gets harder as q gets smaller and easier as k gets larger. This is reflected in previous results: When q is ‘large enough’, specifically q = Ω(n 2), Gabizon and Raz [3] construct affine extractors for any k ≥ 1. In the ‘hardest case’, i.e. when q = 2, Bourgain [2] constructs affine extractors for k ≥ δn for any constant (and even slightly sub-constant) δ> 0. Our main result is the following: Fix any k ≥ 2 and let d = 5n/k. Then whenever q> 2 · d 2 and p = char(Fq)> d, we give an explicit (n, k)-affine extractor. For example, when k = δn for constant δ> 0, we get an extractor for a field of constant size Ω ( () 1 2). δ Thus our result may be viewed as a ‘field-size/dimension ’ tradeoff for affine extractors. Although for large k we are not able to improve (or even match) the previous result of [2], our construction and proof have the advantage of being very simple: Assume n is prime and d is odd, and fix any non-trivial linear map T: Fn q ↦ → Fq. Define QR: Fq ↦ → {0, 1} by QR(x) = 1 if and only if x is a quadratic residue. Then, the function D: F n q ↦ → {0, 1} defined by D(x) � QR(T (x d)) is an (n, k)-affine extractor. Our proof uses a result of Heur, Leung and Xiang [4] giving a lower bound on the dimension of products of subspaces. 1

Abstract. We give an introduction to the area of “randomness extraction” and survey the main concepts of this area: deterministic extractors, seeded extractors and multiple sources extractors. For each one we briefly discuss background, definitions, explicit constructions and applications. 1

this article mention all of the amazing research in computational complexity theory. We survey various areas in complexity choosing papers more for their historical value than necessarily the importance of the results. We hope that this gives an insight into the richness and depth of this still quite young eld