**Non-Malleable Extractors with Shorter Seeds and Their Applications**

*Yanqing Yao and Zhoujun Li*

**Abstract: **Motivated by the problem of how to communicate over a public channel with an active adversary, Dodis and Wichs (STOC’09) introduced the notion of a non-malleable extractor. A non-malleable extractor nmExt : {0, 1}^n × {0, 1}^d \rightarrow {0, 1}^m takes two inputs, a weakly random W and a uniformly random seed S, and outputs a string which is nearly uniform, given S as well as nmExt(W,A(S)), for an arbitrary function A with A(S) \neq S.

In this paper, by developing the combination and permutation techniques, we improve the error estimation of the extractor of Raz (STOC'05), which plays an extremely important role in the constraints of the non-malleable extractor parameters including seed length. Then we present an improved explicit construction of non-malleable extractors. Though our construction is the same as that given by Cohen, Raz and Segev (CCC’12), the parameters are improved. More precisely, we construct an explicit (1016, 1/2)-non-malleable extractor nmExt:{0, 1}^n × {0, 1}^d \rightarrow {0, 1} with n = 1024 and seed length d = 19, while Cohen et al. showed that the seed length should be no less than 46/63 +66. Therefore, our method beats the condition “2.01 · log n \leq d \leq n” proposed by Cohen et al., since d is just 1.9 · log n in our construction. We also improve the parameters of the general explicit construction given by Cohen et al. and simplify the constraints on the parameters. Finally, we give their applications to non-malleable codes and privacy amplification.

**Category / Keywords: **extractors; non-malleable extractors; seed length; non-malleable codes; privacy amplification protocol

**Date: **received 28 Feb 2014, last revised 5 May 2015

**Contact author: **yaoyanqing1984 at gmail com, yaoyanqing1984@buaa edu cn, lizj@buaa edu cn

**Available format(s): **PDF | BibTeX Citation

**Version: **20150505:060726 (All versions of this report)

**Discussion forum: **Show discussion | Start new discussion

[ Cryptology ePrint archive ]