Download presentation

Presentation is loading. Please wait.

Published byRyder Lasky Modified over 2 years ago

1
The Unified Theory of Pseudorandomness Salil Vadhan Harvard University See also monograph-in-progress Pseudorandomness http://seas.harvard.edu/~salil/pseudorandomness

2
Pseudorandomness Theory of efficiently generating objects that “look random” despite being constructed with little or no randomness.

3
Motivation Computer Science –Derandomization: converting randomized algorithms into deterministic algorithms. –Cryptography: generating lots of unpredictable bits (e.g. for encryption) from a short key –Useful “Pseudorandom Objects” (e.g. error-correcting codes). Mathematics –Explicit Constructions matching Probabilistic Method (e.g. Ramsey graphs) –Analyzing mathematical structures: e.g. the primes are dense in a “pseudorandom” set of integers [Green-Tao04]

4
“Pseudorandom Objects” Error-correcting codes: make data resilient to corruption Expander graphs: highly connected but sparse graphs Samplers: estimate avg with few samples & random bits Randomness extractors: convert biased & correlated bits to almost-uniform random bits. Hardness amplifiers: convert worst-case hard functions into average-case hard ones. Pseudorandom generators: stretch short seed to many bits that “look random” to efficient algorithms. For each, randomly chosen object achieves very good parameters. Goal is explicit constructions – ones that are efficient & deterministic.

5
“Pseudorandom Objects” Error-correcting codes: make data resilient to corruption Expander graphs: highly connected but sparse graphs Samplers: estimate avg with few samples & random bits Randomness extractors: convert biased & correlated bits to almost-uniform random bits. Hardness amplifiers: convert worst-case hard functions into average-case hard ones. Pseudorandom generators: stretch short seed to many bits that “look random” to efficient algorithms. For each, randomly chosen object achieves very good parameters. Goal is explicit constructions – ones that are efficient & deterministic.

6
A Unified Theory Through work of many researchers over 2 decades: All of these objects are essentially the same when viewed appropriately. Much progress by exploiting connections to translate constructions and ideas from one object to another. This talk: Single “list-decoding” framework that captures all the objects. Highlights similarities and differences.

7
An Incomplete List of References D. Zuckerman “Randomness-optimal oblivious sampling”, 1996. L. Trevisan “Extractors and Pseudorandom Generators”, 1999. M. Sudan, L. Trevisan, S. Vadhan “Pseudorandom Generators without the XOR Lemma”, 1999. A. Ta-Shma, D. Zuckerman “Extractor codes”, 2001. V. Guruswami, C. Umans, S. Vadhan “Unbalanced Expanders and Randomness Extractors from Parvaresh-Vardy Codes”, 2007. See proceedings & monograph for more.

8
The Framework Syntactic form of object: : [N]x[D] [M] For T [M], let LIST (T, )={x [N] : Pr y [ (x,y) T] > } Semantic property: For all T C, | LIST (T, )| K Notes/conventions: Sometimes require “constructing” LIST (T, ) to be “efficient” LIST (T,1)={x [N] : Pr y [ (x,y) T] = 1} A=2 a, B=2 b,..., : {0,1} n {0,1} d {0,1} m

9
LIST-DECODABLE CODES

10
Error-Correcting Codes Goal: encode data s.t. can recover from errors. message m codeword Enc(m) received word r encoding corrupt frac. decoding n bits D q-ary symbols Example: Reed-Solomon code Enc(f)=(f(1),…,f(D)), f F q [x]

11
List-Decodable Codes Q: What if noise too high ( =1-1/q- ) for unique decoding? message m codeword Enc(m) received word r encoding corrupt < 1-1/q - frac. decoding n bits D q-ary symbols message m 1 message m 2 message m K Def: Enc : [N] [q] D is (K, ) list-decodable if r [q] D, there are K messages m s.t. Enc(m) agrees with r in more than 1/q+ positions.

12
List-Decodable Codes Def: Enc : [N] [q] D is (K, ) list-decodable if r [q] D, there are K messages m s.t. Enc(m) agrees with r in more than 1/q+ positions. Goals Minimize D (e.g. Dlog q=O(n)). Minimize (e.g. small constant independent of n). Minimize q (e.g. q=O(1) or q=poly(n)). Minimize K (e.g. K=poly(n)).

13
List-Decodable Codes in the Framework Given Enc : [N] [q] D, define : [N] [D] [D] q] via (x,y)=(y,Enc(x) y ). Proposition: Enc (K, ) list-decodable r [q] D |LIST (T r,1/q+ )| K, where T r = {(y,r y ) : y [D]} Proof: x LIST (T r,1/q+ ) Pr y [ (x,y) T r ]>1/q+ Pr y [Enc(x) y =r y ]>1/q+

14
Comparison ObjectInterpretationDecoding ProblemStd. Parameters list-decodable codes (x,y) = (y,Enc(x) y ) T = {(y,r y )} ) |LIST(T,1/q+ )| K q, constant, M,D=O(n), K=n O(1) : [N] [D] [M] N=2 n,D=2 d,… T [M] LIST (T, )={x [N] : Pr y [ (x,y) T] > }

15
AVERAGING SAMPLERS

16
Sampling Goal: given “oracle access” to a function f : [M] {0,1}, estimate (f) := E z [f(z)] by making few queries to f. Natural approach: choose random points z 1,…,z D [M], and output (1/D) i f(z i ). –For D= O((1/ ) log(1/ )), correct within with probability 1- Don’t need full independence; “pseudorandom” samples suffice, such as: –pairwise independence (e.g. z i =a i+b, for a,b F M ) –random walks on expander graphs.

17
Averaging Samplers Def: Samp : [N] [M] D is a ( , ) averaging sampler if for every f : [M] {0,1}, we have Pr (z 1,…, z D ) Samp(U [N] ) [(1/D) i f(z i ) > (f)+ ] Goals: Minimize D (ideally D=O((1/ ) log(1/ )). Maximize m=log M. Minimize n=log N (ideally n=m+log(1/ )). Minimize , (often constant, but =o(1)).

18
Samplers in the Framework Def: Samp : [N] [M] D is a ( , ) averaging sampler if for every f : [M] {0,1}, we have Pr (z 1,…, z D ) Samp(U [N] ) [(1/D) i f(z i ) > (f)+ ] Given Samp, define : [N] [D] [M] via (x,y)=Samp(x) y. Proposition: Samp ( , ) averaging sampler T [M] |LIST (T, (T)+ )| N

19
Comparison ObjectInterpretationDecoding ProblemStd. Parameters list-decodable codes (x,y) = (y,Enc(x) y ) T = {(y,r y )} ) |LIST(T,1/q+ )| K q, constant, M,D=O(n), K=n O(1) samplers x,y) = Samp(x) y |LIST(T, (T)+ )| Nn=O(m+log(1/ )),K= N D=O((1/ ) log(1/ )). : [N] [D] [M] N=2 n,D=2 d,… T [M] LIST (T, )={x [N] : Pr y [ (x,y) T] > }

20
EXPANDER GRAPHS

21
(Bipartite) Expander Graphs Goals: Minimize D Maximize A Maximize K [Minimize M] |Nbrs(S)| A ¢ |S| D N M S, |S| K Classic Params: M=N D, A > 1 constants. K = “ (K,A) expander” Example: [N]=[M]= F p Nbrs(x)= {x+1,x-1,x -1 }

22
List-Decoding View of Expanders Given G, let (x,y) = y’th neighbor of x. Prop: G is a (K,A) expander iff T µ [M] of size < AK, we have |LIST (T,1)| < |T|/A. | (S)| A ¢ K D N M “ (K,A) expander” S, |S| K

23
Comparison ObjectInterpretationDecoding ProblemStd. Parameters list-decodable codes (x,y) = (y,Enc(x) y ) T = {(y,r y )} ) |LIST(T,1/q+ )| K q, constant, M,D=O(n), K=n O(1) samplers x,y) = Samp(x) y |LIST(T, (T)+ )| Nn=O(m+log(1/ )),K= N D=O((1/ ) log(1/ )). expanders (x,y) = y’th nbr of x |T| < AK ) |LIST(T,1)| |T|/A M=N, D=O(1), A>1 K= (N) : [N] [D] [M] N=2 n,D=2 d,… T [M] LIST (T, )={x [N] : Pr y [ (x,y) T] > }

24
PSEUDORANDOM GENERATORS

25
Pseudorandom Generators looks random: for every “computationally feasible” test T : {0,1} m {0,1}, |Pr y [T(G(y))=1]-Pr z [T(z)=1]| computationally feasible: computable by a circuit of size t, or, equivalently, a time t algorithm with t bits of advice. useful for cryptography, derandomizing probabilistic algorithms G d-bit seed m bits that “look random”

26
PRG Constructions Q: Do efficiently computable PRGs exist? Open! Requires proving NP P, or at least EXP BPP. Instead show: if there are sufficiently hard functions (say in EXP), then efficient PRGs exist.

27
Black-box PRG Constructions Def: G is a (t,k, ) black-box PRG construction if R s.t. f T s.t. Pr y [T(G f (y))=1] > Pr z [T(z)=1] + w {0,1} k s.t. R w T computes f everywhere. R is computable in time t with oracle access to T. f : {0,1} {0,1} G f : {0,1} d {0,1} m test T : {0,1} m {0,1} construction reduction w/ k-bit advice w R w T : {0,1} {0,1} Prop: if f can’t be computed by circuits of size s, then G f is -pseudorandom vs. circuits of size s/t

28
Black-box PRG Constructions Def: G is a (t,k, ) black-box PRG construction if R s.t. f T s.t. Pr y [T(G f (y))=1] > Pr z [T(z)=1] + w {0,1} k s.t. R w T computes f everywhere. R is computable in time t with oracle access to T. f : {0,1} {0,1} G f : {0,1} d {0,1} m test T : {0,1} m {0,1} construction reduction w/ k-bit advice w R w T : {0,1} {0,1} Common parameters: t=k=m=1/ [ c, 2 c ] for arbitrarily large constant c, d=O( ).

29
PRGs in the Framework Take n=2 and define (f,y) = G f (y) Proposition: G an ( ,k, ) PRG const. T [M] |LIST (T, (T)+ )| K. Proof: f LIST (T, (T)+ ) Pr y [T(G f (y))=1]>Pr z [T(z)=1]+ K such f’s they can be named with k bits of advice f : {0,1} {0,1} G f : {0,1} d {0,1} m test T : {0,1} m {0,1} construction reduction w/ k-bit advice w R w T : {0,1} {0,1}

30
PRGs in the Framework Q: What about efficient reductions? A: Analogous to efficient “local list decoding”: compute each bit of the “message” f using few queries to “received word” T. f : {0,1} {0,1} G f : {0,1} d {0,1} m test T : {0,1} m {0,1} construction reduction w/ k-bit advice w R w T : {0,1} {0,1}

31
Comparison ObjectInterpretationDecoding ProblemStd. Parameters list-decodable codes (x,y) = (y,Enc(x) y ) T = {(y,r y )} ) |LIST(T,1/q+ )| K q, constant, M,D=O(n), K=n O(1) samplers x,y) = Samp(x) y |LIST(T, (T)+ )| Nn=O(m+log(1/ )),K= N D=O((1/ ) log(1/ )). expanders (x,y) = y’th nbr of x |T| < AK ) |LIST(T,1)| |T|/A M=N, D=O(1), A>1 K= (N) pseudorandom generators (f,y)=G f (y)|LIST(T, (T)+ )| K + “local list-decoding” m=1/ [n c,N 1/c ], D=poly(n), k=poly(m) : [N] [D] [M] N=2 n,D=2 d,… T [M] LIST (T, )={x [N] : Pr y [ (x,y) T] > }

32
Comparison ObjectInterpretationDecoding ProblemStd. Parameters list-decodable codes (x,y) = (y,Enc(x) y ) T = {(y,r y )} ) |LIST(T,1/q+ )| K q, constant, M,D=O(n), K=n O(1) samplers x,y) = Samp(x) y |LIST(T, (T)+ )| Nn=O(m+log(1/ )),K= N D=O((1/ ) log(1/ )). expanders (x,y) = y’th nbr of x |T| < AK ) |LIST(T,1)| |T|/A M=N, D=O(1), A>1 K= (N) pseudorandom generators (f,y)=G f (y)|LIST(T, (T)+ )| K + “local list-decoding” m=1/ [n c,N 1/c ], D=poly(n), k=poly(m) randomness extractors x,y) = Ext(x,y) |LIST(T, (T)+ )| KD=poly(n/ ), k=O(m) hardness amplifiers (f,y)= (y,Amp f (y)) T = {(y,r y )} ) |LIST(T,1/q+ )| K + “local list-decoding” q constant, M,D=O(n). k=poly(n/ )

33
Conclusions Many pseudorandom objects are almost equivalent. Each brings different intuition, techniques, parameters. Open: single construction : [N] [D] [M] optimal for all? –For every T [M], [0,1], |LIST(T, )| f(|T|, ) for f as small as possible. – (x,y) = (y, ) – poly-time computable –Efficient local list-decoding For more information, see proceedings and http://seas.harvard.edu/~salil/pseudorandomness

Similar presentations

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google