**How to Extract Useful Randomness from Unreliable Sources**

*Divesh Aggarwal and Maciej Obremski and Joćo Ribeiro and Luisa Siniscalchi and Ivan Visconti*

**Abstract: **For more than 30 years, cryptographers have been looking for public sources of uniform randomness in order to use them as a set-up to run appealing cryptographic protocols without relying on trusted third parties. Unfortunately, nowadays it is fair to assess that assuming the existence of physical phenomena producing public uniform randomness is far from reality.

It is known that uniform randomness cannot be extracted from a single weak source. A well-studied way to overcome this is to consider several independent weak sources. However, this means we must trust the various sampling processes of weak randomness from physical processes.

Motivated by the above state of affairs, this work considers a set-up where players can access multiple potential sources of weak randomness, several of which may be jointly corrupted by a computationally unbounded adversary. We introduce SHELA (Somewhere Honest Entropic Look Ahead) sources to model this situation.

We show that there is no hope of extracting uniform randomness from a SHELA source. Instead, we focus on the task of Somewhere-Extraction (i.e., outputting several candidate strings, some of which are uniformly distributed -- yet we do not know which). We give explicit constructions of Somewhere-Extractors for SHELA sources with good parameters.

Then, we present applications of the above somewhere-extractor where the public uniform randomness can be replaced by the output of such extraction from corruptible sources, greatly outperforming trivial solutions. The output of somewhere-extraction is also useful in other settings, such as a suitable source of random coins for many randomized algorithms.

In another front, we comprehensively study the problem of Somewhere-Extraction from a weak source, resulting in a series of bounds. Our bounds highlight the fact that, in most regimes of parameters (including those relevant for applications), SHELA sources significantly outperform weak sources of comparable parameters both when it comes to the process of Somewhere-Extraction, or in the task of amplification of success probability in randomized algorithms. Moreover, the low quality of somewhere-extraction from weak sources excludes its use in various efficient applications.

**Category / Keywords: **foundations / Deterministic randomness extraction; Somewhere-extractors; Somewhere-random sources; Unreliable sources; SHELA; Non-interactive protocols from unreliable CRS

**Original Publication**** (with major differences): **IACR-EUROCRYPT-2020

**Date: **received 5 Oct 2019, last revised 26 Jan 2020

**Contact author: **divesh at comp nus edu sg, obremski math at gmail com, j lourenco-ribeiro17 at imperial ac uk, lsiniscalchi at unisa it, visconti at unisa it

**Available format(s): **PDF | BibTeX Citation

**Version: **20200126:234633 (All versions of this report)

**Short URL: **ia.cr/2019/1156

[ Cryptology ePrint archive ]