Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Cryptomite: A versatile and user-friendly library of randomness extractors

Cameron Foreman, Richie Yeung, Alec Edgington, Florian J. Curchod

TL;DR

Cryptomite presents a modern library for randomness extraction that unifies several state-of-the-art extractors (Circulant, Dodis et al., Toeplitz, Trevisan, and Von Neumann) under a Python/C++ framework. It emphasizes practical, numerically precise extraction using the number-theoretic transform (NTT) to avoid floating-point rounding errors, enabling input lengths up to $2^{40}$ bits and offering quasi-linear time performance for core constructions. The paper develops new theory and extensions (product-source and Markov-model security, near-perfect seeds, smooth min-entropy, and extractor composition) and provides parameter-calculation utilities and usage guidance, including concrete code examples for quantum key distribution privacy amplification and randomness generation. The work demonstrates the library’s practicality through benchmarking, clear API design, and public availability, aiming to simplify extractor selection and deployment in cryptographic protocols and RNG systems.

Abstract

We present Cryptomite, a Python library of randomness extractor implementations. The library offers a range of two-source, seeded and deterministic randomness extractors, together with parameter calculation modules, making it easy to use and suitable for a variety of applications. We also present theoretical results, including new extractor constructions and improvements to existing extractor parameters. The extractor implementations are efficient in practice and tolerate input sizes of up to $2^{40}>10^{12}$ bits. Contrary to alternatives using the fast Fourier transform, we implement convolutions efficiently using the number-theoretic transform to avoid rounding errors, making them well suited to cryptography. The algorithms and parameter calculation are described in detail, including illustrative code examples and performance benchmarking.

Cryptomite: A versatile and user-friendly library of randomness extractors

TL;DR

Cryptomite presents a modern library for randomness extraction that unifies several state-of-the-art extractors (Circulant, Dodis et al., Toeplitz, Trevisan, and Von Neumann) under a Python/C++ framework. It emphasizes practical, numerically precise extraction using the number-theoretic transform (NTT) to avoid floating-point rounding errors, enabling input lengths up to bits and offering quasi-linear time performance for core constructions. The paper develops new theory and extensions (product-source and Markov-model security, near-perfect seeds, smooth min-entropy, and extractor composition) and provides parameter-calculation utilities and usage guidance, including concrete code examples for quantum key distribution privacy amplification and randomness generation. The work demonstrates the library’s practicality through benchmarking, clear API design, and public availability, aiming to simplify extractor selection and deployment in cryptographic protocols and RNG systems.

Abstract

We present Cryptomite, a Python library of randomness extractor implementations. The library offers a range of two-source, seeded and deterministic randomness extractors, together with parameter calculation modules, making it easy to use and suitable for a variety of applications. We also present theoretical results, including new extractor constructions and improvements to existing extractor parameters. The extractor implementations are efficient in practice and tolerate input sizes of up to bits. Contrary to alternatives using the fast Fourier transform, we implement convolutions efficiently using the number-theoretic transform to avoid rounding errors, making them well suited to cryptography. The algorithms and parameter calculation are described in detail, including illustrative code examples and performance benchmarking.
Paper Structure (34 sections, 20 theorems, 57 equations, 9 figures, 3 algorithms)

This paper contains 34 sections, 20 theorems, 57 equations, 9 figures, 3 algorithms.

Table of Contents

  1. Introduction
  2. Randomness extraction at a glance
  3. Our contributions
  4. Overview of the extractor library
  5. Extractors of Cryptomite
  6. A simple user's guide
  7. Performance
  8. Theory of randomness extraction
  9. Preliminaries
  10. Useful theorems and results
  11. Two-source extractors in the product source model
  12. Two-source extractors in the Markov model
  13. Working with near-perfect seeds and smooth min-entropy bounds
  14. Extending extractors to more settings
  15. Composing extractors
  16. ...and 19 more sections

Key Result

Theorem 1

Any strong classical-proof (or quantum-proof) $(n_1, k_1, n_2, k_2, m, \epsilon)$-seeded extractor is a strong classical-proof (or quantum-proof) $(n_1, k_1, n_2, k_2, m, 2^{n_2-k_2}\epsilon)$-two-source extractor, strong in the (now) weak seed. If the extractor is constructed from a two-universal f

Figures (9)

  • Figure 1: An extractor processes a weak input of $n_1$ bits with min-entropy $k_1$ in order to produce an output of $m$ bits that is $\epsilon$-perfectly random. Seeded and two-source extractors additionally require a second random bit string called the (weak) seed, of $n_2$ bits and min-entropy $k_2$ (with $k_2=n_2$ for seeded extractors).
  • Figure 2: This flow chart shows the simplest way to get (approximately) the most output randomness from an input string of min-entropy $k_1$ and length $n_1$, whilst minimising the other resources (seed length and computation time). Small improvements can be obtained by considering \ref{['fig:Table']} below, see for example a discussion on the seed lengths in \ref{['sec:comparison_seeded']}. In the left branch, the weak input bits need to form an exchangeable sequence, for which IID bits are a particular case.
  • Figure 3: A summary of the parameters achievable by the different randomness extractors in $\texttt{Cryptomite}$. For seeded extractors, one uses that $k_2=n_2$ and all logarithms are in base 2. $\mathbb{N}_A$ is the set of prime numbers with 2 as a primitive root. The product source model refers to the two sources being independent (see \ref{['TwoExt_E2']}) whilst the Markov model allows for the two sources to be correlated through a common cause (see \ref{['TwoSource_E']}). The parameters for classical side information in the Markov model are not included, but can be computed from \ref{['Markov1']}. We note that both Circulant and Toeplitz as two-source extractors are secure in the Markov model without a penalty (using \ref{['MarkovFor2Uni']}), whilst Trevisan and Dodis require using the generic extension of \ref{['Markov2']}. We have also added a discussion about the seed lengths of the different extractors in practice in \ref{['sec:comparison_seeded']}. Finally, the output length for $\mathsf{Von \space Neumann}$ is probabilistic and given in the case of IID bits as input (denoted $\approx^{IID}$).
  • Figure 4: A plot displaying the throughput of our extractor algorithms as a function of the input length ($n_1$) for each extractor of $\texttt{Cryptomite}$, in logarithmic scale. The throughput is calculated by fixing the input min-entropy to $k_1 =\frac{n_1}{2}$ and calculating the maximum output length according to \ref{['fig:Table']}. The necessary seed length for each extractor is given in \ref{['sec:library-in-detail']}.
  • Figure 5: The implementation of privacy amplification for jain2022practical using the $\mathsf{Toeplitz}$ extractor from Cryptomite.
  • ...and 4 more figures

Theorems & Definitions (40)

  • Definition 1: Conditional min-entropy
  • Definition 2: Statistical distance
  • Definition 3: Classical-proof (near-)perfect randomness
  • Definition 4: Quantum-proof (near-)perfect randomness
  • Definition 5: Deterministic randomness extractor
  • Definition 6: Two-source randomness extractor
  • Definition 7: Seeded randomness extractor
  • Definition 8: Strong randomness extractor
  • Theorem 1: Classical-proof two-source extension, Theorem 6 and 7 in hayashi-tsurumaru
  • Theorem 2: Quantum-proof two-source extension in the product source model, \ref{['lemma:2-weak-source']} with Proposition 1 in berta2021robust
  • ...and 30 more