Correction of Samplable Additive Errors

Transcription

1 Correctio of Samplable Additive Errors Keji Yasuaga Kaazawa Uiversity Kakuma-machi, Kaazawa, , Japa Abstract We study the correctability of efficietly samplable errors. Specifically, we cosider samplable additive-error chaels, where ubouded-weight errors are sampled by a polyomial-time algorithm, ad added to the chael iput i a oblivious way. Assumig the existece of oe-way fuctios, there are samplable distributios Z over {0, 1} with etropy ϵ for 0 < ϵ < 1 that are ot correctable by efficiet codig schemes. Next, we show that there is a oracle relative to which there is a samplable Z with etropy ω(log ) that is ot correctable by efficiet sydrome decodig. For flat distributios Z with etropy m, we show that if Z forms a liear subspace, there is a liear code that corrects Z with rate R 1 m/. For geeral flat distributios Z, there is a liear code that corrects Z with error ϵ for rate R 1 (m + O(log(1/ϵ)))/, ad o codig scheme ca correct Z with error ϵ for rate R > 1 (m+log(1 ϵ))/. Fially, we observe that small-biased distributios are ot correctable by high-rate codes, ad hece there is a small-biased Z with etropy m that is ot correctable for rate R > 1 m/+(2 log +O(1))/. To derive these results, we use relatios betwee error-correctig codes ad other otios such as data compressio ad radomess codesers. I. INTRODUCTION I the theory of error-correctig codes, two of the wellstudied chael models are probabilistic chaels ad worstcase chaels. I probabilistic chaels, errors are itroduced through stochastic processes, ad the most well-kow oe is the biary symmetric chael. I worst-case (or adversarial) chaels, we cosider the worst-case error for a give errorcorrectig code ad a chael iput uder the restrictio o the weight of the error vector. If we view the itroductio of errors as computatio of the chael, probabilistic chaels perform low-cost computatio with little kowledge about the code ad the iput, while worst-case chaels perform highcost computatio with the full-kowledge. As itermediate chaels betwee these two chaels, Lipto [13] cosidered computatioally-bouded chaels, where the computatio of chaels is bouded by polyomial time. Guruswami ad Smith [8] preseted explicit optimal-rate codig schemes for several computatioally-bouded chaels, icludig additive-error chaels ad time/space bouded chaels. For a survey of previous work o itermediate chaels, see Sectio 2 of [9]. I this work, we also focus o computatioally-bouded chaels. I particular, we cosider additive-error chaels, i which errors are geerated idepedetly (or obliviously) of the code ad the chael iput, ad itroduced by addig to the iput. The biary symmetric chael is a example of additive-error chaels. We cosider a computatioallybouded aalogue of additive-error chaels, called samplable additive-error chaels. I these chaels, a error vector is sampled by efficiet computatio ad added to the codeword i a oblivious way. Namely, the samplig algorithm a its radom cois caot deped o the choice of the code or the particular codeword. This is stroger tha the stadard otio of obliviousess, where a oblivious chael ca deped o the code, but ot the codeword (cf. [12]). Furthermore, we do ot boud the (Hammig) weights of the error vectors. Although most of the existig work cosiders bouded-weight errors, this restrictio may ot be ecessary for modelig errors geerated by ature as a result of polyomial-time computatio. We cosider the settig i which codig schemes ca be desiged with the kowledge o the chael. More precisely, the code ca deped o the samplig algorithm of the samplable additive-error chael, but ot o its radom cois. This settig is icomparable to previous otios of error correctio agaist computatioally-bouded chaels. Our model is stroger because we do ot limit the umber of errors itroduced by the chael, but is weaker because the error caot deped o the code or the codeword. Our Cotributios We would like to characterize samplable additive-error chaels regardig the existece of efficiet reliable codig schemes. We use the Shao etropy of samplable distributios as a criterio. The reaso is that, if the etropy is zero, it is easy to achieve reliable commuicatio sice the error is a fixed strig ad this iformatio ca be used for desigig the codig scheme. O the other had, if the samplable distributio has the full etropy, we could ot achieve reliable commuicatio sice the truly radom error is added to the trasmitted codeword. Thus, there seems to be bouds o the existece of efficiet reliable codig schemes depedig o the etropy of the uderlyig samplable distributio. Whe reliable codig schemes exist, a importat quatity of the scheme is the iformatio rate (or simply rate), which is the ratio of the message legth to the codeword legth. We ivestigate the bouds o the rate whe reliable commuicatio is achievable. a) Our Results: Let Z be a distributio over {0, 1} associated with a samplable additive-error chael, ad H(Z) the Shao etropy of Z. First, we observe that Z ca simulate biary symmetric chaels. Therefore, it follows from the coverse of Shao s

2 TABLE I CORRECTABILITY OF SAMPLABLE ADDITIVE-ERROR Z H(Z) Correctabilities Assumptios Refereces 0 Efficietly correctable No Trivial 1 determiistic code, Z ot correctable by the code No Propositio 2 O(log ) code of R > Ω( log ) with efficiet sydrome decodig, Z ot correctable by the code Oracle access Theorem 3 ω(log ) Z ot correctable by efficiet sydrome decodig for R > ω( log ) Oracle access Corollary 1 ϵ for 0 < ϵ < 1 Z ot efficietly correctable Oe-way fuctio Theorem 1 H 2 (p) for 0 < p < 1 Z ot correctable for R > 1 H 2 (p) No Capacity of BSC 0 m liear subspace Z of dimesio m is correctable for R 1 m. No Theorem 4 flat distributio Z of mi-etropy m is 0 m (1) correctable with error ϵ for R 1 m 4 log(1/ϵ) No Theorem 5 (2) ot correctable with error ϵ for R > 1 m + log(1/(1 ϵ)) No Theorem 6 δ-biased distributio is ot correctable for rate R > 1 2 log(1/δ)+1 No Theorem 7 0 m small-biased Z ot correctable for R > 1 m 2 log +O(1) + No Corollary 2 Not correctable No Trivial theorem that there exists Z with H(Z) = H 2 (p) for 0 < p < 1 that is ot correctable by codes with rate R > 1 H 2 (p), where H 2 (p) is the biary etropy fuctio defied as H 2 (p) = p log 2 p (1 p) log 2 (1 p). Regardig efficiet codig schemes, we observe that if the additive error is pseudoradom (i the cryptographic sese), the o efficiet codig scheme ca correct the errors. This implies that assumig the existece of oe-way fuctios, there exist Z with H(Z) = ϵ for 0 < ϵ < 1 that are ot efficietly correctable. Next, we focus o liear codig schemes, where the code forms a liear space. We show that there is a oracle relative to which there exists Z with H(Z) = ω(log ) that is ot correctable by liear codig schemes that employ efficiet sydrome decodig. This result also implies that there is o black-box reductio from sydrome decodig algorithms for correctig Z to samplig algorithms for Z. For this result, we use the relatio betwee liear codes correctig additive errors ad liear data compressio. After that, we cosider errors from flat distributios Z. Whe Z forms a liear subspace, we preset a efficiet codig scheme that corrects Z by sydrome decodig with rate R 1 m/, where H(Z) = m. For geeral flat distributios Z, we show that Z are correctable with error ϵ for rate R 1 m/ 4 log(1/ϵ)/. This result is derived by usig the relatio betwee a liear code esemble ad a liear lossless codesers, established by Cheraghchi [3]. Coversely, we ca show that ay flat distributio Z is ot correctable with error ϵ for rate R > 1 m/+log(1/(1 ϵ))/. We also observe that o determiistic code ca correct the family of flat distributios with the same etropy. Specifically, we show that for ay determiistic codig scheme, there is a flat distributio Z with H(Z) = 1 that is ot corrected by the scheme. Fially, we cosider errors from small-biased distributios. We show that δ-biased distributios are ot correctable for rate R > 1 (2 log(1/δ) + 1)/, ad that there is a small-biased distributio Z with H(Z) = m that is ot correctable with error ϵ for rate R > 1 m/ + (2 log + O(1))/. To derive these results, we use the fact that small-biased distributios ca be used for keys of the oe-time pad for high-etropy messages, which is derived by Dodis ad Smith [6]. The results are summarized i Table I. b) Related Work: The otio of computatioallybouded chael was itroduced by Lipto [13]. He showed that if the seder ad the receiver ca share secret radomess, the the Shao capacity ca be achieved for this chael. Micali et al. [14] cosidered a similar chael model i a public-key settig, ad gave a codig scheme based o list-decodable codes ad digital sigature. Guruswami ad Smith [8] gave costructios of capacity achievig codes for worst-case additive-error chael ad time/space-bouded chaels. I their settig of additive-error chael, the weights of errors are bouded, ad the errors are oly idepedet of the ecoder s radom cois. They also gave strog impossibility results for bit-fixig chaels, but their results ca be applied to chaels that use the iformatio o the code ad the trasmitted codewords. I this work, we give impossibility results eve for chaels that do o use such iformatio. Samplable distributios were also studied i the cotext of data compressio [7], [16], [18], radomess extractor [15], [17], [4], ad radomess codeser [5]. II. PRELIMINARIES For a distributio X, we write x X to idicate that x is chose accordig to X. We may use X also as a radom variable distributed accordig to X. The support of X is Supp(X) = {x : Pr X (x) 0}, where Pr X (x) is the probability that X assigs to x. The Shao etropy of X is H(X) = E x X [ log Pr X (x)]. The mi-etropy of X is give by mi x Supp(X) { log Pr X (x)}. For two distributios X ad Y defied o the same fiite space S, the statistical distace betwee X ad Y is give by SD(X, Y ) = 1 2 s S Pr X(s) Pr Y (s). We say X ad Y is ϵ-close if SD(X, Y ) ϵ. A flat distributio is a distributio that is uiform over its support. For N, we write U as the uiform distributio over {0, 1}.

3 We defie the otio of additive-error correctig codes. Defiitio 1: (Additive-error correctig codes) For two fuctios Ec : F k F ad Dec : F F k, ad a distributio Z over F, where F is a fiite field, we say (Ec, Dec) corrects (additive error) Z with error ϵ if for ay x F k, we have that Pr z Z [Dec(Ec(x) + z) x] ϵ. The rate of (Ec, Dec) is k/. Defiitio 2: A distributio Z is said to be correctable with rate R ad error ϵ if there is a pair of fuctios (Ec, Dec) of rate R that corrects Z with error ϵ. We call a pair (Ec, Dec) a codig scheme or simply code. The codig scheme is called efficiet if Ec ad Dec ca be computed i polyomial-time i. The code is called liear if Ec is a liear mappig, that is, for ay x, y F ad a, b F, Ec(ax + by) = aec(x) + bec(y). If F = 2, we may use {0, 1} istead of F. Next, we defie sydrome decodig for liear codes. Defiitio 3: For a liear code (Ec, Dec), Dec is said to be a sydrome decoder if there is a fuctio Rec such that Dec(y) = (y Rec(y H T )) G 1, where G F R satisfies that Ec(x) = x G for x F R, ad H F R is a dual matrix for G (i.e., GH T = 0). We cosider a computatioally-bouded aalogue of additive-error chaels. We itroduce the otio of samplable distributios. Defiitio 4: A distributio family Z = {Z } N is said to be samplable if there is a probabilistic polyomial-time algorithm S such that S(1 ) is distributed accordig to Z for every N. We cosider the settig i which codig schemes ca deped o the samplig algorithm of Z, but ot o its radom cois, ad Z does ot use ay iformatio o the codig scheme or trasmitted codewords. I this settig, the radomizatio of codig schemes does ot help much. Propositio 1: Let (Ec, Dec) be a radomized codig scheme that corrects a distributio Z with error ϵ. The, there is a determiistic codig scheme that corrects Z with error ϵ. Proof: Assume that Ec uses at most l-bit radomess. Sice (Ec, Dec) corrects Z with error ϵ, we have that for every x F k, Pr z Z,r Ul [Dec(Ec(x; r) + z) x] ϵ. By the averagig argumet, for every x F k, there exists r x {0, 1} l such that Pr z Z [Dec(Ec(x; r x )) x] ϵ. Thus, by defiig Ec (x) = Ec(x; r x ), the determiistic codig scheme (Ec, Dec) corrects Z with error ϵ. The fact that the radomizatio does ot help much is cotrast to the settig of Guruswami ad Smith [8], where the chaels ca use the iformatio o the codig scheme ad trasmitted codewords, but ot the radom cois for ecodig. They preset a radomized codig scheme with optimal rate 1 H 2 (p) for worst-case additive-error chaels, for which determiistic codig schemes are oly kow to achieve rate 1 H 2 (2p), where p is the error rate of the chaels. Next, we defie the otio of data compressio. Defiitio 5: For two fuctios Com : F F ad Decom : F F, ad a distributio Z, we say (Com, Decom) compresses Z to legth m if 1) For ay z Supp(Z), Decom(Com(z)) = z, ad 2) E[ Com(Z) ] m. Defiitio 6: We say a distributio Z is compressible to legth m, if there are two fuctios Com ad Decom such that (Com, Decom) compresses Z to legth m. If Com is a liear mappig, (Com, Decom) is called a liear compressio. Fially, we defie the otio of lossless codesers. Defiitio 7: A fuctio f : F {0, 1} d F r is said to be a (m, ϵ)-lossless codeser if for ay distributio X of mi-etropy m, the distributio (f(x, Y ), Y ) is ϵ-close to a distributio (Z, U d ) with mi-etropy at least m + d, where Y is the uiform distributio over {0, 1} d. A codeser f is liear if for ay fixed z {0, 1} d, ay x, y F ad a, b F, f(ax + by, z) = af(x, z) + bf(y, z). III. CORRECTABILITY OF ADDITIVE ERRORS A. Errors from Pseudoradom Distributios We show that o efficiet codig scheme ca correct pseudoradom distributios. Theorem 1: Assume that a oe-way fuctio exists. The, for ay 0 < ϵ < 1, there is a samplable distributio Z over {0, 1} such that H(Z) ϵ ad o polyomial-time algorithms (Ec, Dec) ca correct Z. Proof: If a oe-way fuctio exists, there is a pseudoradom geerator G : {0, 1} ϵ {0, 1} secure for ay polyomial-time algorithm [10]. The, a distributio Z = G(U ϵ) is ot correctable by polyomial-time algorithms. If so, we ca costruct a polyomial-time distiguisher for pseudoradom geerator, ad the cotradictio. B. Ucorrectable Errors from Low-Etropy Distributios We cosider errors from low-etropy distributios that are ot correctable by efficiet codig schemes. We use the relatio betwee error correctio by liear code ad data compressio by liear compressio. The relatio was explicitly preseted by Caire et al. [2]. Theorem 2 ([2]): For ay distributio Z over F, Z is correctable with rate R by sydrome decodig if ad oly if Z is compressible by liear compressio to legth (1 R). Wee [18] showed that there is a oracle relative to which there is a samplable distributio over {0, 1} of etropy O(log ) that caot be compressed to legth less tha Ω(log ) by ay efficiet compressio. Lemma 1 ([18]): For ay k satisfyig 6 log s+o(1) < k <, there are a fuctio f : {0, 1} k {0, 1} ad a oracle O f such that give oracle access to O f, 1) f(u k ) is samplable, ad has the Shao etropy k. 2) f(u k ) caot be compressed to legth less tha 2 log s log O(1) by oracle circuits of size s. By combiig Lemma 1 ad Theorem 2, we obtai the followig theorem. Theorem 3: For ay k satisfyig 6 log s + 2 log + O(1) < k <, there are a fuctio f : {0, 1} k {0, 1} ad a oracle O f such that give oracle access to O f,

4 1) f(u k ) is samplable, ad has the Shao etropy k. 2) f(u k ) is ot correctable with rate R > (2 log s 3 log )/ O(1/) by ay liear code (Ec, Dec) implemeted by a oracle circuit of size s, where Dec is a sydrome decoder. Proof: Item 1 is the same as Lemma 1. We prove Item 2 i the rest. For cotradictio, assume that there is a oracle circuit of size s such that the circuit implemets a liear code (Ec, Dec) i which Dec is a sydrome decoder, ad (Ec, Dec) corrects f(u k ) with rate R > (2 log s 3 log )/ + O(1/). By Theorem 2, we ca costruct (Com, Decom) that ca compress f(u k ) to legth (1 R) < 2 log s 3 log O(1), ad is implemeted by a oracle circuit of size s + 2, where the additio term of 2 is due to the computatio of Com, which is defied as Com(z) = z H T. This cotradicts Lemma 1. The followig corollary immediately follows. Corollary 1: For ay k satisfyig ω(log ) < k <, there is a oracle relative to which there is a samplable distributio Z with H(Z) = k that is ot correctable by liear codes of rate R > ω((log )/) with efficiet sydrome decodig. C. Errors from Liear Subspaces Let Z = {z 1, z 2,..., z l } F be a set of liearly idepedet vectors. We ca costruct a liear code that corrects additive errors from the liear spa of Z. Theorem 4: There is a liear code of rate 1 l/ that corrects the liear spa of Z by sydrome decodig. Proof: Cosider l vectors w l+1,..., w F such that the set {z 1, z 2,..., z l, w l+1,..., w } forms a basis of F. The, there is a liear trasformatio T : F F l such that T (z i ) = e i ad T (w i ) = 0, where e i is the vector with 1 i the i-th positio ad 0 elsewhere. Let H be the matrix i F l such that xh T = T (x), ad cosider a code with parity check matrix H. Let z = l i=1 a iz i be a vector i the liear spa of Z, where a i F. Sice z H T = ( l i=1 a iz i ) H T = l i=1 a ie i = (a 1,..., a l ), the code ca correct the error z by sydrome decodig. Sice H F l is the parity check matrix, the rate of the code is ( l)/. D. Errors from Flat Distributios Cheraghchi [3] showed a relatio betwee lossless codesers ad liear codes correctig additive errors. He gave the equivalece betwee a liear lossless codeser for a flat distributio Z ad a liear code esemble i which most of them correct additive errors from Z. Based o his result, we ca show that, for ay flat distributio, there is a liear code that corrects errors from the distributio. Theorem 5: For ay ϵ > 0 ad flat distributio Z over {0, 1} with mi-etropy m, there is a liear code of rate 1 m/ 4 log(1/ϵ)/ that corrects Z with error ϵ by sydrome decodig. Proof: Let f : {0, 1} {0, 1} d {0, 1} r be a liear (m, ϵ)-lossless codeser. Defie a code esemble {C u } u {0,1} d such that C u is a liear code for which a parity check matrix H u satisfies that for each x {0, 1}, x H T u = f(x, u). Cheraghchi [3] proved the followig lemma. Lemma 2 (Lemma 15 of [3]): For ay flat distributio Z with mi-etropy m, at least a (1 2 ϵ) fractio of the choices of u {0, 1} d, the code C u corrects Z with error ϵ. We use a liear lossless codeser that ca be costructed from a uiversal hash family cosistig of liear fuctios. This is a geeralizatio of the Leftover Hash Lemma ad the proof is give i [3]. Lemma 3 (Lemma 7 of [3]): For every iteger r, m, ad ϵ > 0 with r m + 2 log(1/ϵ), there is a explicit (m, ϵ) liear lossless codeser f : {0, 1} {0, 1} {0, 1} r. The statemet of the theorem immediately follows by combiig Lemmas 2 ad 3. Coversely, we ca show that the rate achieved i Theorem 5 is almost optimal. Theorem 6: Let Z be ay flat distributio over {0, 1} with mi-etropy m. If a code of rate R corrects Z with error ϵ, the R 1 m/ + log(1/(1 ϵ))/. Proof: Let (Ec, Dec) be a code that corrects Z with error ϵ. For x {0, 1} R, defie D x = {y {0, 1} : Dec(y) = x}. That is, D x is the set of iputs that are decoded to x by Dec. Sice the code corrects the flat distributio Z with error ϵ, D x (1 ϵ)2 m for every x {0, 1} R. Sice each D x is disjoit, x {0,1} R D x 2. Therefore, we have that (1 ϵ)2 m 2 R 2, which implies the statemet. By Lemma 2, oe may hope to costruct a sigle code that corrects errors from ay flat distributio with the same etropy, as costructed i [3] for the case of biary symmetric chaels by usig Justese s costructio [11]. However, it is difficult to achieve sice we ca show that it is impossible by determiistic codig schemes, ad, as preseted i Propositio 1, the radomizatio of codig schemes does ot help i our settig. Propositio 2: For ay determiistic code, there is a flat distributio of mi-etropy 1 that is ot corrected by the code with error ϵ < 1/2. Proof: Defie a flat distributio to be a uiform distributio over two differet codewords c 1 ad c 2. If the iput to the decoder is c 1 + c 2, the decoder caot distiguish the two cases where the trasmitted codewords are c 1 ad c 2. Thus, the decoder outputs the wrog aswer with probability at least 1/2 for at least oe of the two cases. E. Errors from Small-Biased Distributios A sample space S {0, 1} is said to be δ-biased if for ay o-zero α {0, 1}, E s US [( 1) α s ] δ, where U S is the uiform distributio over S. Dodis ad Smith [6] proved that small-biased distributios ca be used as sources of keys of the oe-time pad for high-etropy messages. This result implies that high-rate codes caot correct errors from small-biased distributios. Theorem 7: Let S be a δ-biased sample space over {0, 1}. If a code of rate R corrects U S with error ϵ < 1/2, the R 1 (2 log(1/δ) + 1)/.

5 Proof: Assume for cotradictio that (Ec, Dec) corrects Z = U S with rate R ad error ϵ. Dodis ad Smith [6] give the oe-time pad lemma for high-etropy messages. Lemma 4: For a δ-biased sample space S, there is a distributio G such that for every distributio M over {0, 1} with mi-etropy at least t, SD(M U S, G) γ for γ = δ2 ( t 2)/2, where is the bit-wise exclusive-or. For b {0, 1}, let M b {0, 1} R be the uiform distributio over the set of strigs i which the first bit is b. Note that the mi-etropy of M b is R 1. Defie D b = Dec(Ec(M b ) U S ). By Lemma 4, SD(D 0, D 1 ) SD(Ec(M 0 ) U S, Ec(M 1 ) U S ) SD(Ec(M 0 ) U S, G) + SD(G, Ec(M 1 ) U S ) 2γ for γ = δ2 ( R 1)/2. Sice the code corrects U S with error ϵ, we have that SD(D 0, D 1 ) 1 2ϵ. Thus, we have that 2γ > 1 2ϵ > 0, ad hece R 1 (2 log(1/δ) + 1)/. Alo et al. [1] give a costructio of δ-biased sample spaces of size O( 2 /δ 2 ). This leads to the followig corollary. Corollary 2: There is a small-biased distributio of mietropy at most m that is ot corrected by codes with rate R > 1 m/ + (2 log + O(1))/ ad error ϵ < 1/2. IV. FUTURE WORK We preset some possible future work of this study. a) Further study o the correctability: I Theorem 3, we have show the impossibility result with some restrictios: allowig some oracle access ad the decodig is cofied to a powerful sydrome decodig. Thus, provig the impossibility results without these restrictios is possible future work. I this work, we have mostly discussed impossibility results. Thus, showig o-trivial possibility results is iterestig, i particular, for the case that the umber of errors itroduced by the chael is ubouded. To study the correctability of other samplable additive chaels, such as log-space chaels ad chaels computed by costat-depth circuits, may be iterestig future work. b) Geeralizig the results of Cheraghchi [3]: I Sectio III-D, we have used the results of Cheraghchi [3] who showed that a liear lossless codeser for a flat distributio Z is equivalet to a liear code correctig additive error Z. Oe possible future work is to geeralize this result to more geeral distributios tha flat distributios. Note that the complexity of decodig is ot cosidered i the above equivalece. Namely, lossless codesers do ot eed to recover the iput from the codesed output, ad thus the decoder for the correspodig liear codes may ot be doe efficietly. However, as preseted by Cheraghchi [3] for biary-symmetric chaels, it is possible to costruct a efficiet codig scheme usig iefficiet decoders based o Justese s cocateated costructio [11]. It may be iterestig to explore other distributios (or characterize distributios) that ca be efficietly correctable by Justese s costructio. c) Characterizig correctability: We have ivestigated the correctability of samplable additive errors usig the Shao etropy as a criterio. There may be aother better criterio for characterizig the correctability of these errors, which might be related to efficiet computability, to which samplability is directly related. ACKNOWLEDGMENT This research was supported i part by JSPS Grat-i-Aid for Scietific Research Numbers , , ad We thak aoymous reviewers for their helpful commets. REFERENCES [1] N. Alo, O. Goldreich, J. Håstad, ad R. Peralta. Simple costructio of almost k-wise idepedet radom variables. Radom Struct. Algorithms, 3(3): , [2] G. Caire, S. Shamai, ad S. Verdu. Noiseless data compressio with low desity parity check codes. I P. Gupta, G. Kramer, ad A. J. va Wijgaarde, editors, DIMACS Series i Discrete Mathematics ad Theoretical Computer Sciece, volume 66 of DIMACS Series i Discrete Mathematics ad Theoretical Computer Sciece, pages America Mathematical Society, [3] M. Cheraghchi. Capacity achievig codes from radomess coductors. I ISIT, pages IEEE, A exteded versio is available at [4] A. De ad T. Watso. Extractors ad lower bouds for locally samplable sources. TOCT, 4(1):3, [5] Y. Dodis, T. Ristepart, ad S. P. Vadha. Radomess codesers for efficietly samplable, seed-depedet sources. I R. Cramer, editor, TCC, volume 7194 of Lecture Notes i Computer Sciece, pages Spriger, [6] Y. Dodis ad A. Smith. Etropic security ad the ecryptio of high etropy messages. I J. Kilia, editor, TCC, volume 3378 of Lecture Notes i Computer Sciece, pages Spriger, [7] A. V. Goldberg ad M. Sipser. Compressio ad rakig. SIAM J. Comput., 20(3): , [8] V. Guruswami ad A. Smith. Codes for computatioally simple chaels: Explicit costructios with optimal rate. I FOCS, pages IEEE Computer Society, [9] V. Guruswami ad A. Smith. Optimal-rate code costructios for computatioally simple chaels. CoRR, abs/ , This is a exteded versio of [8]. [10] J. Håstad, R. Impagliazzo, L. A. Levi, ad M. Luby. A pseudoradom geerator from ay oe-way fuctio. SIAM J. Comput., 28(4): , [11] J. Justese. Class of costructive asymptotically good algebraic codes. IEEE Trasactios o Iformatio Theory, 18(5): , [12] M. Lagberg. Oblivious commuicatio chaels ad their capacity. IEEE Trasactios o Iformatio Theory, 54(1): , [13] R. J. Lipto. A ew approach to iformatio theory. I P. Ejalbert, E. W. Mayr, ad K. W. Wager, editors, STACS, volume 775 of Lecture Notes i Computer Sciece, pages Spriger, [14] S. Micali, C. Peikert, M. Suda, ad D. A. Wilso. Optimal error correctio for computatioally bouded oise. IEEE Trasactios o Iformatio Theory, 56(11): , [15] L. Trevisa ad S. P. Vadha. Extractig radomess from samplable distributios. I FOCS, pages IEEE Computer Society, [16] L. Trevisa, S. P. Vadha, ad D. Zuckerma. Compressio of samplable sources. Computatioal Complexity, 14(3): , [17] E. Viola. Extractors for circuit sources. I R. Ostrovsky, editor, FOCS, pages IEEE, [18] H. Wee. O pseudoetropy versus compressibility. I IEEE Coferece o Computatioal Complexity, pages IEEE Computer Society, 2004.