An Entropy Lower Bound for Non-Malleable Extractors (1801.03200v1)
Abstract: A $(k,\varepsilon)$-non-malleable extractor is a function ${\sf nmExt} : {0,1}n \times {0,1}d \to {0,1}$ that takes two inputs, a weak source $X \sim {0,1}n$ of min-entropy $k$ and an independent uniform seed $s \in {0,1}d$, and outputs a bit ${\sf nmExt}(X, s)$ that is $\varepsilon$-close to uniform, even given the seed $s$ and the value ${\sf nmExt}(X, s')$ for an adversarially chosen seed $s' \neq s$. Dodis and Wichs~(STOC 2009) showed the existence of $(k, \varepsilon)$-non-malleable extractors with seed length $d = \log(n-k-1) + 2\log(1/\varepsilon) + 6$ that support sources of entropy $k > \log(d) + 2 \log(1/\varepsilon) + 8$. We show that the foregoing bound is essentially tight, by proving that any $(k,\varepsilon)$-non-malleable extractor must satisfy the entropy bound $k > \log(d) + 2 \log(1/\varepsilon) - \log\log(1/\varepsilon) - C$ for an absolute constant $C$. In particular, this implies that non-malleable extractors require min-entropy at least $\Omega(\log\log(n))$. This is in stark contrast to the existence of strong seeded extractors that support sources of entropy $k = O(\log(1/\varepsilon))$. Our techniques strongly rely on coding theory. In particular, we reveal an inherent connection between non-malleable extractors and error correcting codes, by proving a new lemma which shows that any $(k,\varepsilon)$-non-malleable extractor with seed length $d$ induces a code $C \subseteq {0,1}{2k}$ with relative distance $0.5 - 2\varepsilon$ and rate $\frac{d-1}{2k}$.