We study the maximum corruption threshold $t$ which allows for unconditional randomness extraction in our model:
- With respect to feasibility, we give protocols for $t$ corruptions and $n=6t+1$ or $n=5t$ parties depending on whether the adversary learns secret values forwarded to corrupted parties immediately once they are sent or only once the corrupted party is executed, respectively. Both settings are motivated by practical implementations of secret value forwarding. To design such protocols, we go beyond the committee-based approach that is sufficient for random corruptions in YOSO but turns out to be sub-optimal for chosen corruptions.
- To complement our protocols, we show that low-error randomness extraction is impossible with corruption threshold $t$ and $n \leq 4t$ parties in both settings above. This also provides a separation between chosen and random corruptions, since the latter allows for randomness extraction with close to $n/2$ random corruptions.
Category / Keywords: foundations / Randomness extraction, YOSO, Worst-case corruptions Date: received 23 Feb 2022 Contact author: jbn at cs au dk, jlourenc at cs cmu edu, obremski math at gmail com Available format(s): PDF | BibTeX Citation Note: Randomized author ordering Version: 20220225:080948 (All versions of this report) Short URL: ia.cr/2022/237