An Entropy Lower Bound for Non-Malleable Extractors

Abstract

A (k,)-non-malleable extractor is a function nmExt : \0,1\n × \0,1\d \0,1\ that takes two inputs, a weak source X \0,1\n of min-entropy k and an independent uniform seed s ∈ \0,1\d, and outputs a bit nmExt(X, s) that is -close to uniform, even given the seed s and the value nmExt(X, s') for an adversarially chosen seed s' ≠ s. Dodis and Wichs~(STOC 2009) showed the existence of (k, )-non-malleable extractors with seed length d = (n-k-1) + 2(1/) + 6 that support sources of entropy k > (d) + 2 (1/) + 8. We show that the foregoing bound is essentially tight, by proving that any (k,)-non-malleable extractor must satisfy the entropy bound k > (d) + 2 (1/) - (1/) - C for an absolute constant C. In particular, this implies that non-malleable extractors require min-entropy at least ((n)). This is in stark contrast to the existence of strong seeded extractors that support sources of entropy k = O((1/)). Our techniques strongly rely on coding theory. In particular, we reveal an inherent connection between non-malleable extractors and error correcting codes, by proving a new lemma which shows that any (k,)-non-malleable extractor with seed length d induces a code C ⊂eq \0,1\2k with relative distance 0.5 - 2 and rate d-12k.