Doubly-Affine Extractors, and Their Applications

Authors Yevgeniy Dodis, Kevin Yeo

Thumbnail PDF


  • Filesize: 0.8 MB
  • 23 pages

Document Identifiers

Author Details

Yevgeniy Dodis
  • New York University, NY, USA
Kevin Yeo
  • Google, New York, NY, USA
  • Columbia University, New York, NY, USA

Cite AsGet BibTex

Yevgeniy Dodis and Kevin Yeo. Doubly-Affine Extractors, and Their Applications. In 2nd Conference on Information-Theoretic Cryptography (ITC 2021). Leibniz International Proceedings in Informatics (LIPIcs), Volume 199, pp. 13:1-13:23, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2021)


In this work we challenge the common misconception that information-theoretic (IT) privacy is too impractical to be used in the real-world: we propose to build simple and reusable IT-encryption solutions whose only efficiency penalty (compared to computationally-secure schemes) comes from a large secret key size, which is often a rather minor inconvenience, as storage is cheap. In particular, our solutions are stateless and locally computable at the optimal rate, meaning that honest parties do not maintain state and read only (optimally) small portions of their large keys with every use. Moreover, we also propose a novel architecture for outsourcing the storage of these long keys to a network of semi-trusted servers, trading the need to store large secrets with the assumption that it is hard to simultaneously compromise too many publicly accessible ad-hoc servers. Our architecture supports everlasting privacy and post-application security of the derived one-time keys, resolving two major limitations of a related model for outsourcing key storage, called bounded storage model. Both of these results come from nearly optimal constructions of so called doubly-affine extractors: locally-computable, seeded extractors Ext(X,S) which are linear functions of X (for any fixed seed S), and protect against bounded affine leakage on X. This holds unconditionally, even if (a) affine leakage may adaptively depend on the extracted key R = Ext(X,S); and (b) the seed S is only computationally secure. Neither of these properties are possible with general-leakage extractors.

Subject Classification

ACM Subject Classification
  • Security and privacy → Information-theoretic techniques
  • extractors
  • information-theoretic privacy
  • everlasting privacy


  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    PDF Downloads


  1. Joël Alwen, Yevgeniy Dodis, and Daniel Wichs. Leakage-resilient public-key cryptography in the bounded-retrieval model. In CRYPTO 2009, 2009. Google Scholar
  2. Yonatan Aumann, Yan Zong Ding, and Michael O Rabin. Everlasting security in the bounded storage model. IEEE Transactions on Information Theory, 2002. Google Scholar
  3. Boaz Barak, Yevgeniy Dodis, Hugo Krawczyk, Olivier Pereira, Krzysztof Pietrzak, François-Xavier Standaert, and Yu Yu. Leftover hash lemma, revisited. In Annual Cryptology Conference, pages 1-20. Springer, 2011. Google Scholar
  4. Mihir Bellare and Wei Dai. Defending against key exfiltration: Efficiency improvements for big-key cryptography via large-alphabet subkey prediction. In CCS, 2017. Google Scholar
  5. Mihir Bellare, Daniel Kane, and Phillip Rogaway. Big-key symmetric encryption: Resisting key exfiltration. In CRYPTO, 2016. Google Scholar
  6. Mihir Bellare and Chanathip Namprempre. Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In ASIACRYPT, 2000. Google Scholar
  7. Mihir Bellare and John Rompel. Randomness-efficient oblivious sampling. In FOCS'94, 1994. Google Scholar
  8. Michael Ben-Or, Shafi Goldwasser, and Avi Wigderson. Completeness theorems for non-cryptographic fault-tolerant distributed computation. In Proceedings of the twentieth annual ACM symposium on Theory of computing, pages 1-10, 1988. Google Scholar
  9. Ran Canetti, Guy Even, and Oded Goldreich. Lower bounds for sampling algorithms for estimating the average. Information Processing Letters, 1995. Google Scholar
  10. Yevgeniy Dodis. Shannon impossibility, revisited. In ICITS, 2012. Google Scholar
  11. Yevgeniy Dodis, Ariel Elbaz, Roberto Oliveira, and Ran Raz. Improved randomness extraction from two independent sources. In APPROX-RANDOM, 2004. Google Scholar
  12. Yevgeniy Dodis, Bhavana Kanukurthi, Jonathan Katz, Leonid Reyzin, and Adam Smith. Robust fuzzy extractors and authenticated key agreement from close secrets. IEEE Transactions on Information Theory, 58(9):6207-6222, 2012. Google Scholar
  13. Yevgeniy Dodis and Kevin Yeo. Doubly-affine extractors, and their applications. Cryptology ePrint Archive, Report 2021/637, 2021. URL:
  14. Danny Dolev, Cynthia Dwork, Orli Waarts, and Moti Yung. Perfectly secure message transmission. Journal of the ACM (JACM), 40(1):17-47, 1993. Google Scholar
  15. Stefan Dziembowski and Ueli Maurer. Tight security proofs for the bounded-storage model. In STOC, 2002. Google Scholar
  16. Ariel Gabizon and Ran Raz. Deterministic extractors for affine sources over large fields. Combinatorica, 2008. Google Scholar
  17. Oded Goldreich. A sample of samplers: A computational perspective on sampling. In Studies in Complexity and Cryptography. Miscellanea on the Interplay between Randomness and Computation. Springer, 2011. Google Scholar
  18. Venkatesan Guruswami, Christopher Umans, and Salil Vadhan. Unbalanced expanders and randomness extractors from parvaresh-vardy codes. Journal of the ACM (JACM), 56(4):1-34, 2009. Google Scholar
  19. Danny Harnik and Moni Naor. On everlasting security in the hybrid bounded storage model. In International Colloquium on Automata, Languages, and Programming, pages 192-203. Springer, 2006. Google Scholar
  20. Johan Håstad, Russell Impagliazzo, Leonid A Levin, and Michael Luby. A pseudorandom generator from any one-way function. SIAM Journal on Computing, 1999. Google Scholar
  21. Stefan Heule, Marc Nunkesser, and Alexander Hall. Hyperloglog in practice: algorithmic engineering of a state of the art cardinality estimation algorithm. In EDBT, 2013. Google Scholar
  22. Chi-Jen Lu. Encryption against storage-bounded adversaries from on-line strong extractors. Journal of Cryptology, 2004. Google Scholar
  23. Ueli M Maurer. Conditionally-perfect secrecy and a provably-secure randomized cipher. Journal of Cryptology, 1992. Google Scholar
  24. Noam Nisan and David Zuckerman. Randomness is linear in space. Journal of Computer and System Sciences, 1996. Google Scholar
  25. Martin Ohsmann. Fast transforms of toeplitz matrices. Linear algebra and its applications, 231:181-192, 1995. Google Scholar
  26. Jaikumar Radhakrishnan and Amnon Ta-Shma. Bounds for dispersers, extractors, and depth-two superconcentrators. SIAM Journal on Discrete Mathematics, 2000. Google Scholar
  27. Adi Shamir. How to share a secret. Communications of the ACM, 22(11):612-613, 1979. Google Scholar
  28. Claude E Shannon. Communication theory of secrecy systems. Bell system technical journal, 1949. Google Scholar
  29. Victor Shoup and Rosario Gennaro. Securing threshold cryptosystems against chosen ciphertext attack. Journal of Cryptology, 2002. Google Scholar
  30. Salil P Vadhan. Constructing locally computable extractors and cryptosystems in the bounded-storage model. Journal of Cryptology, 17(1):43-77, 2004. Google Scholar
  31. David Zuckerman. Randomness-optimal oblivious sampling. Random Structures & Algorithms, 1997. Google Scholar