Privacy amplification is an indispensable step in the post-processing of quantum key distribution, which can be used to compress the redundancy of shared key and improve the security level of the key. The commonly used privacy amplification is based on the random selection of universal hash functions, which needs the help of an additional random source, while it does not exist in general. In this paper, we propose a privacy amplification scheme based on composite coding, which is an extension of quantum CSS codes to classical linear codes. Compared with the universal hashing function, the proposed scheme does not need other random sources, and the randomness can be completely provided by the qubit string. Furthermore, the information-theoretic bound for the extraction of the key is obvious in composite coding.