Nonmalleable Extractors And Codes, With Their Many Tampered Extensions

Randomness extractors and error correcting codes are fundamental objects in computer science. Recently, there have been several natural generalizations of these objects, in the context and study of tamper-resilient cryptography. These are seeded nonmalleable extractors, introduced by Dodis and Wichs (STOC 2009); seedless nonmalleable extractors, introduced by Cheraghchi and Guruswami (TCC 2014); and nonmalleable codes, introduced by Dziembowski, Pietrzak, and Wichs (J. ACM, 2018). Besides being interesting on their own, they also have important applications in cryptography, e.g., privacy amplification with an active adversary, explicit nonmalleable codes, etc., and often have unexpected connections to their nontampered analogues. However, the known constructions are far behind their nontampered counterparts. Indeed, the best known seeded nonmalleable extractor requires min-entropy rate at least 0.49 [X. Li, in Proceedings of the 53rd Annual IEEE Symposium on Foundations of Computer Science, 2012, pp. 688-697], while explicit construction of nonmalleable two-source extractors was not known even if both sources have full min-entropy and was left as an open problem in [M. Cheraghchi and V. Guruswami, J. Cryptology, 30 (2017), pp. 191-241]. In this paper we make progress towards solving the above problems and other related generalizations. Our contributions are as follows: (i) We construct an explicit seeded nonmalleable extractor for min-entropy k >= log(2)n. This dramatically improves all previous results and gives a simpler two-round privacy amplification protocol with optimal entropy loss, matching the best known result in [X. Li, in Theory of Cryptography (TCC 2015), Springer, 2015, pp. 502-531]. In fact, we construct more general seeded nonmalleable extractors (that can handle multiple adversaries) which were used in the recent construction of explicit two-source extractors for polylogarithmic min-entropy [E. Chattopadhyay and D. Zuckerman, Ann. of Math. (2), 189 (2019), pp. 653-705]. (ii) We construct the first explicit nonmalleable two-source extractor for min-entropy k >= n - n(Omega(1)), with output size n(Omega(1)) and error 2(-n Omega(1)), thus resolving the open question in [M. Cheraghchi and V. Guruswami, J. Cryptology, 30 (2017), pp. 191-241]. (iii) We motivate and initiate the study of two natural generalizations of seedless nonmalleable extractors and nonmalleable codes, where the sources or the codeword may be tampered many times. For this, we construct the first explicit nonmalleable two-source extractor with tampering degree t up to n(Omega(1)). By using the connection in [M. Cheraghchi and V. Guruswami, J. Cryptology, 30 (2017), pp. 191-241] and providing efficient sampling algorithms, we obtain the first explicit nonmalleable codes with tampering degree t up to n(Omega(1)). We call these stronger notions one-many and many-many nonmalleable codes. This provides a stronger information theoretic analogue of a primitive known as continuous nonmalleable codes. Our basic technique used in all of our constructions can be seen as inspired, in part, by the techniques previously used to construct cryptographic nonmalleable commitments.