# Deterministic extractors for bit- fixing sources by obtaining an independent seed Ariel Gabizon Ran Raz Ronen Shaltiel Seedless.

## Presentation on theme: "Deterministic extractors for bit- fixing sources by obtaining an independent seed Ariel Gabizon Ran Raz Ronen Shaltiel Seedless."— Presentation transcript:

Deterministic extractors for bit- fixing sources by obtaining an independent seed Ariel Gabizon Ran Raz Ronen Shaltiel Seedless

Randomness extractors (motivation) Randomness is essential in Computer Science: Cryptography (!!) Distributed Protocols (!) Probabilistic Algorithms (?) Algorithm designers always assume that we have access to a stream of independent unbiassed coin tosses. How can we obtain random bits?

Refining randomness from nature We have access to distributions in nature: Weather (?) Particle reactions Key strokes of user Timing of past events These distributions are “somewhat random” but not “truly random”. Solution: Randomness Extractors random coins Probabilistic algorithm input output Somewhat random Randomness Extractor

Randomness Extractors: Definition and two flavors C is a class of distributions over n bit strings. A deterministic (seedless) C-extractor is a function E such that for every XєC, E(X) is ε-close to uniform. A seeded C-extractor has an additional (short i.e. log n) independent random seed as input. source distribution from C Extractor seed random output DeterministicSeeded Two distributions are ε-close if the probability they assign to any event differs by at most ε.

A brief survey of randomness extractors Deterministic von-Neumann sources [vN51]. Markov Chains [Blu84]. Several independent sources [SV86,V86,V87,VV88,C G88,DEOR04,BIW04]. Samplable sources [TV00]. Seeded High min-entropy distributions [Z91,NZ93]. Lower bound of log n on the seed length [NZ93,RT99]. Explicit constructions coming close to matching bound (mass of work). Extractors turn out to have lots of applications in TCS.

Bit-fixing sources [CGHFRS85] An (n,k)-(oblivious) bit-fixing source is a distribution on n bit strings s.t. k bits are uniformly distributed (good bits). remaining n-k bits are fixed to arbitrary values (bad bits). x1x1 x2x2 x3x3 xnxn k random bits

Bit-fixing source extractors The exclusive or function extracts one perfectly random bit. Impossible to extract two perfect bits for k { "@context": "http://schema.org", "@type": "ImageObject", "contentUrl": "http://images.slideplayer.com/8/2337691/slides/slide_7.jpg", "name": "Bit-fixing source extractors The exclusive or function extracts one perfectly random bit.", "description": "Impossible to extract two perfect bits for k

Our results: rangebits extracted [KZ03] bits extracted our result error k>n ½ Ω(k 2 /n)k-n ½+a (a>0 is an arbitrary constant) exp(-n a ) k(log n) c Ω(log k)*k-k b (0 { "@context": "http://schema.org", "@type": "ImageObject", "contentUrl": "http://images.slideplayer.com/8/2337691/slides/slide_8.jpg", "name": "Our results: rangebits extracted [KZ03] bits extracted our result error k>n ½ Ω(k 2 /n)k-n ½+a (a>0 is an arbitrary constant) exp(-n a ) k(log n) c Ω(log k)*k-k b (0n ½ Ω(k 2 /n)k-n ½+a (a>0 is an arbitrary constant) exp(-n a ) k(log n) c Ω(log k)*k-k b (0

Our approach Start with an extractor that extracts few bits. Convert into an extractor that extracts many bits.

Getting more mileage from extractors: first attempt x1x1 x2x2 x3x3 xnxn k random bits Deterministic Extractor random output Seeded Extractor Seeded Extractors are only guaranteed to work when the source and seed are independent. correlated!

Solution: Seed obtainers x1x1 x2x2 x3x3 xnxn k random bits Seed Obtainer random outputbit fixing source X X’X’ Y We require that X’ and Y are independent! We obtain a seed !

Seed obtainer: Definition A seed obtainer is a function F(X)=(X’,Y) s.t. For every (n,k)-bit-fixing source X: X’ is an (n’,k’)-bit-fixing source with (n’,k’)≈(n,k). Y is uniformly distributed. X’ and Y are independent. Seed Obtainer x1x1 x2x2 x3x3 xnxn X X’X’ Y F(X) is close to a convex combination of distributions X ’,Y s.t. Seeded Extractor random output Seed obtainers allow us to get more randomness from deterministic bit-fixing source extractors.

Construction of seed obtainers (erasing the correlation) k random bits random output bit fixing source X X’X’ Y Deterministic Extractor W seed for averaging sampler Seed obtainer Intuition: Erase parts that are correlated with Y We will pretend red bits are fixed! The extractor won ’ t know! Warning: Intuition is oversimplified! For any set (and in particular set of good bits) The sampled set hits it in the “ correct ” proportion. Set parameters so that: few red bits are in. Most red bits are out. correlated!

Construction for k>n ½ We use the [KZ03] deterministic extractor as basis for the seed- obtainer. Attach a good seeded extractor [RRV99]. Seed Obtainer x1x1 x2x2 x3x3 xnxn X X’X’ Y Seeded Extractor random output

The case of k { "@context": "http://schema.org", "@type": "ImageObject", "contentUrl": "http://images.slideplayer.com/8/2337691/slides/slide_15.jpg", "name": "The case of k

Solution: seeded bit-fixing source extractor. We construct a seeded bit-fixing source extractor that uses seed O(log log n) and extract (1-o(1))k bits. Apply it after the seed obtainer. Seed Obtainer x1x1 x2x2 x3x3 xnxn X X’X’ Y Seeded bit-fixing Extractor random output

A Seeded extractor for bit-fixing sources: log log n -> log n We partition the source into about log n blocks. Each bit tosses a coin to decide on its block. We use ε-pairwise dependent coins [NN93]. Cost: O(log log n) random bits. w.h.p. each block contains at least one good bit. Each block outputs the xor of its bits. log n Output log n random bits.

A Seeded extractor for bit-fixing sources: log n -> (1-o(1))k We have O(log log n) random bits as seed. Use O(log log n) random bits to partition into two blocks. Use seeded bit-fixing extractor from previous slide to extract log n bits. Use the output as a seed for a (standard) seeded extractor. To extract (1- o(1))k bits. log n bits Seeded extractor prvs n/log n

Note on averaging samplers Ingredient in the seed obtainer construction. We need to sample subsets of {1..n}. Sampling one element: log n bits. We already saw: Sampling based on ε-pairwise dependence: log log n bits [EGLNV95,RSW00]. ?????? Possible because query complexity is huge (n/log n). Note: We need samplers that hit very small sets (size { "@context": "http://schema.org", "@type": "ImageObject", "contentUrl": "http://images.slideplayer.com/8/2337691/slides/slide_19.jpg", "name": "Note on averaging samplers Ingredient in the seed obtainer construction.", "description": "We need to sample subsets of {1..n}. Sampling one element: log n bits. We already saw: Sampling based on ε-pairwise dependence: log log n bits [EGLNV95,RSW00]. . Possible because query complexity is huge (n/log n). Note: We need samplers that hit very small sets (size

Overview We construct deterministic bit-fixing extractors that: Extract almost all randomnes. Work even for small k. Introduce “seed obtainers”. Allow getting more random bits from deterministc bit- fixing extractors. Construction for small k uses seeded bit-fixing extractor, that uses seed of length O(log log n) to “partition” source. Seed Obtainer x1x1 x2x2 x3x3 xnxn X X’X’ Y Seeded Extractor random output

Open problems Improve error for small k (say k>log k) for small k. Can this technique be applied to seeded extractors? (probably not).

That’s it

Download ppt "Deterministic extractors for bit- fixing sources by obtaining an independent seed Ariel Gabizon Ran Raz Ronen Shaltiel Seedless."

Similar presentations