Two-Source Extractors Secure Against Quantum Adversaries

We initiate the study of multi-source extractors in the quantum world. In this setting, our goal is to extract random bits from two independent weak random sources, on which two quantum adversaries store a bounded amount of information. Our main result is a two-source extractor secure against quantum adversaries, with parameters closely matching the classical case and tight in several instances. Moreover, the extractor is secure even if the adversaries share entanglement. The construction is the Chor-Goldreich [CG88] two-source inner product extractor and its multi-bit variant by Dodis et al. [DEOR04]. Previously, research in this area focused on the construction of seeded extractors secure against quantum adversaries; the multi-source setting poses new challenges, among which is the presence of entanglement that could potentially break the independence of the sources.

💡 Research Summary

The paper opens a new line of research by studying multi‑source randomness extractors in the presence of quantum adversaries. The authors consider two independent weak random sources X and Y, each of length n bits, and assume that two quantum adversaries, A and B, respectively store at most s qubits of information about X and Y. Crucially, the adversaries are allowed to share an arbitrary entangled state before the extraction process, which could in principle break the classical notion of independence between the sources.

The main technical contribution is a proof that the classic Chor‑Goldreich inner‑product extractor, Ext_CG(x,y)=⟨x,y⟩ mod 2, and its multi‑bit extension due to Dodis, Elbaz‑Barak, Oliveira, and Raz (DEOR), remain secure under this quantum model. The security definition follows the standard quantum‑bounded‑storage framework: the joint state (Ext(X,Y), A, B) must be ε‑indistinguishable from (U_m, A, B), where U_m denotes the uniform distribution on m output bits. The authors show that if the conditional quantum min‑entropy of each source given the corresponding adversary satisfies H_min(X|A) ≥ k and H_min(Y|B) ≥ k with k ≥ s + log(1/ε), then Ext_CG extracts one ε‑secure bit and Ext_DEOR extracts Ω(k) bits simultaneously with the same security guarantee.

The proof hinges on a quantum chain rule for min‑entropy, which yields H_min(XY|AB) ≥ H_min(X|A)+H_min(Y|B)−2s. This inequality captures the loss due to the possible entanglement between A and B. By applying a decoupling argument, the authors demonstrate that the inner‑product function behaves like a two‑universal hash in the quantum setting, effectively “flattening’’ the joint distribution even when the adversaries share entanglement. The analysis also leverages the linearity of the inner product and the fact that measuring the output does not increase the adversaries’ information about the remaining bits.

Parameter-wise, the results match the best known classical bounds: the required min‑entropy is essentially log n + 2s, which is known to be optimal for many regimes. When s is polylogarithmic in n, the extractor works with only logarithmic min‑entropy, making it practical for realistic quantum storage limits. The multi‑bit DEOR variant achieves a linear extraction rate, extracting Θ(k) bits while preserving ε‑security, a substantial improvement over the single‑bit case.

Beyond the technical theorems, the paper situates its contributions within the broader literature. Prior work on quantum‑secure extractors focused almost exclusively on seeded extractors, where a short uniform seed is required. The two‑source setting eliminates the need for any seed, which is advantageous for protocols where a trusted seed is unavailable. Moreover, by explicitly handling pre‑shared entanglement, the authors address a realistic threat model for quantum networks and distributed cryptographic protocols.

The paper concludes with several open problems: extending the construction to more than two sources, reducing the dependence on the storage bound s, and designing explicit, efficiently implementable circuits for the DEOR extractor in a quantum setting. Overall, this work establishes that classical two‑source inner‑product extractors are robust against quantum attacks, even in the presence of entanglement, thereby providing a solid theoretical foundation for seedless quantum‑secure randomness generation.