Abstract
We revisit the classical problem: given a memoryless source having a certain amount of Shannon Entropy, how many random bits can be extracted? This question appears in works studying random number generators built from physical entropy sources.
Some authors proposed to use a heuristic estimate obtained from the Asymptotic Equipartition Property, which yields roughly n extractable bits, where n is the total Shannon entropy amount. However best precise results of this form give only \(n-O(\sqrt{\log (1/\epsilon ) n})\) bits, where \(\epsilon \) is the distance of the extracted bits from uniform. In this paper we show a matching \( n-\varOmega (\sqrt{\log (1/\epsilon ) n})\) upper bound. Therefore, the loss of \(\varTheta (\sqrt{\log (1/\epsilon ) n})\) bits is necessary. As we show, this theoretical bound is of practical relevance. Namely, applying the imprecise AEP heuristic to a mobile phone accelerometer one might overestimate extractable entropy even by \(100\,\%\), no matter what the extractor is. Thus, the “AEP extracting heuristic” should not be used without taking the precise error into account.
M. Skorski–This work was partly supported by the WELCOME/2010-4/2 grant founded within the framework of the EU Innovative Economy Operational Programme.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Consider simply a n-bit distribution X which puts the weight 0.5 on the string \(0^{n}\) and is uniform elsewhere.
- 2.
Because \(\epsilon \approx 2^{-kn}\) provides exponential security which is already overkill in most cases.
References
Bouda, J., Krhovjak, J., Matyas, V., Svenda, P.: Towards true random number generation in mobile environments. In: Jøsang, A., Maseng, T., Knapskog, S.J. (eds.) NordSec 2009. LNCS, vol. 5838, pp. 179–189. Springer, Heidelberg (2009)
Bucci, M., Luzzi, R.: Design of testable random bit generators. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 147–156. Springer, Heidelberg (2005)
Benjamin, J., Paul, K.: The intel random number generator (1999)
Barak, B., Shaltiel, R., Tromer, E.: True random number generators secure in a changing environment. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 166–180. Springer, Heidelberg (2003)
Coron, J.-S.: On the security of random sources (1999)
Carter, J.L., Wegman, M.N.: Universal classes of hash functions. J. Comput. Syst. Sci. 18(2), 143–154 (1979)
Dichtl, M., Golić, J.D.: High-speed true random number generation with logic gates only. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 45–62. Springer, Heidelberg (2007)
Hstad, J., Impagliazzo, R., Levin, L.A., Luby, M.: Pseudo-random generation from one-way functions. In: Proceedings of the 20th STOC, pp. 12–24 (1988)
Hastad, J., Impagliazzo, R., Levin, L.A., Luby, M.: A pseudorandom generator from any one-way function. SIAM J. Comput. 28(4), 1364–1396 (1999)
Han, Y., Jiao, J., Weissman, T.: Adaptive estimation of shannon entropy. CoRR abs/1502.00326 (2015)
Holenstein, T.: Pseudorandom generators from one-way functions: A simple construction for any hardness. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 443–461. Springer, Heidelberg (2006)
—–: On the randomness of repeated experiment
Hotbits project homepage. www.fourmilab.ch/hotbits/
Kelsey, J., McKay, K.A., Turan, M.S.: Predictive models for min-entropy estimation. IACR Cryptology ePrint Arch. 2015, 600 (2015)
Lauradoux, C., Ponge, J., Röck, A.: Online Entropy Estimation for Non-Binary Sources and Applications on iPhone. Rapport de recherche, Inria, June 2011
Lacharme, P., Röck, A., Strubel, V., Videau, M.: The linux pseudorandom number generator revisited, Cryptology ePrint Archive, Report 2012/251 (2012). http://eprint.iacr.org/
McKay, B.D.: On littlewood’s estimate for the binomial distribution. In: Advances in Applied Probability
Pgp project homepage. http://www.pgpi.org
Random.org project homepage. www.random.org
Radhakrishnan, J., Ta-Shma, A.: Bounds for dispersers, extractors, and depth-two superconcentrators. SIAM J. Discrete Math. 13, 2000 (2000)
Renner, R., Wolf, S.: Smooth Renyi entropy and applications. ISIT 2004, 232 (2004)
Shaltiel, R.: An introduction to randomness extractors. In: Aceto, L., Henzinger, M., Sgall, J. (eds.) ICALP 2011, Part II. LNCS, vol. 6756, pp. 21–41. Springer, Heidelberg (2011)
Voris, J., Saxena, N., Halevi, T.: Accelerometers and randomness: Perfect together. In: WiSec 2011, pp. 115–126. ACM (2011)
Bong, H., Young, C., Kim, S., Yeom, Y.: Online test based on mutual information for true random number generators. J. Korean Math. Soc. 504, 879–897 (2013)
Acknowledgments
The author is grateful to the organizers of the 8th Annual North American School of Information Theory in San Diego, and the organizers of the conference LATINCRYPT 2015 in Guadalajara, for the opportunity to present preliminary versions of this work.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Skorski, M. (2016). How Much Randomness Can Be Extracted from Memoryless Shannon Entropy Sources?. In: Kim, Hw., Choi, D. (eds) Information Security Applications. WISA 2015. Lecture Notes in Computer Science(), vol 9503. Springer, Cham. https://doi.org/10.1007/978-3-319-31875-2_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-31875-2_7
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-31874-5
Online ISBN: 978-3-319-31875-2
eBook Packages: Computer ScienceComputer Science (R0)