Download presentation

Presentation is loading. Please wait.

Published byRyder Lasky Modified over 2 years ago

1
The Unified Theory of Pseudorandomness Salil Vadhan Harvard University See also monograph-in-progress Pseudorandomness http://seas.harvard.edu/~salil/pseudorandomness

2
Pseudorandomness Theory of efficiently generating objects that “look random” despite being constructed with little or no randomness.

3
Motivation Computer Science –Derandomization: converting randomized algorithms into deterministic algorithms. –Cryptography: generating lots of unpredictable bits (e.g. for encryption) from a short key –Useful “Pseudorandom Objects” (e.g. error-correcting codes). Mathematics –Explicit Constructions matching Probabilistic Method (e.g. Ramsey graphs) –Analyzing mathematical structures: e.g. the primes are dense in a “pseudorandom” set of integers [Green-Tao04]

4
“Pseudorandom Objects” Error-correcting codes: make data resilient to corruption Expander graphs: highly connected but sparse graphs Samplers: estimate avg with few samples & random bits Randomness extractors: convert biased & correlated bits to almost-uniform random bits. Hardness amplifiers: convert worst-case hard functions into average-case hard ones. Pseudorandom generators: stretch short seed to many bits that “look random” to efficient algorithms. For each, randomly chosen object achieves very good parameters. Goal is explicit constructions – ones that are efficient & deterministic.

5
“Pseudorandom Objects” Error-correcting codes: make data resilient to corruption Expander graphs: highly connected but sparse graphs Samplers: estimate avg with few samples & random bits Randomness extractors: convert biased & correlated bits to almost-uniform random bits. Hardness amplifiers: convert worst-case hard functions into average-case hard ones. Pseudorandom generators: stretch short seed to many bits that “look random” to efficient algorithms. For each, randomly chosen object achieves very good parameters. Goal is explicit constructions – ones that are efficient & deterministic.

6
A Unified Theory Through work of many researchers over 2 decades: All of these objects are essentially the same when viewed appropriately. Much progress by exploiting connections to translate constructions and ideas from one object to another. This talk: Single “list-decoding” framework that captures all the objects. Highlights similarities and differences.

7
An Incomplete List of References D. Zuckerman “Randomness-optimal oblivious sampling”, 1996. L. Trevisan “Extractors and Pseudorandom Generators”, 1999. M. Sudan, L. Trevisan, S. Vadhan “Pseudorandom Generators without the XOR Lemma”, 1999. A. Ta-Shma, D. Zuckerman “Extractor codes”, 2001. V. Guruswami, C. Umans, S. Vadhan “Unbalanced Expanders and Randomness Extractors from Parvaresh-Vardy Codes”, 2007. See proceedings & monograph for more.

8
The Framework Syntactic form of object: : [N]x[D] [M] For T [M], let LIST (T, )={x [N] : Pr y [ (x,y) T] > } Semantic property: For all T C, | LIST (T, )| K Notes/conventions: Sometimes require “constructing” LIST (T, ) to be “efficient” LIST (T,1)={x [N] : Pr y [ (x,y) T] = 1} A=2 a, B=2 b,..., : {0,1} n {0,1} d {0,1} m

9
LIST-DECODABLE CODES

10
Error-Correcting Codes Goal: encode data s.t. can recover from errors. message m codeword Enc(m) received word r encoding corrupt frac. decoding n bits D q-ary symbols Example: Reed-Solomon code Enc(f)=(f(1),…,f(D)), f F q [x]

11
List-Decodable Codes Q: What if noise too high ( =1-1/q- ) for unique decoding? message m codeword Enc(m) received word r encoding corrupt < 1-1/q - frac. decoding n bits D q-ary symbols message m 1 message m 2 message m K Def: Enc : [N] [q] D is (K, ) list-decodable if r [q] D, there are K messages m s.t. Enc(m) agrees with r in more than 1/q+ positions.

12
List-Decodable Codes Def: Enc : [N] [q] D is (K, ) list-decodable if r [q] D, there are K messages m s.t. Enc(m) agrees with r in more than 1/q+ positions. Goals Minimize D (e.g. Dlog q=O(n)). Minimize (e.g. small constant independent of n). Minimize q (e.g. q=O(1) or q=poly(n)). Minimize K (e.g. K=poly(n)).

13
List-Decodable Codes in the Framework Given Enc : [N] [q] D, define : [N] [D] [D] q] via (x,y)=(y,Enc(x) y ). Proposition: Enc (K, ) list-decodable r [q] D |LIST (T r,1/q+ )| K, where T r = {(y,r y ) : y [D]} Proof: x LIST (T r,1/q+ ) Pr y [ (x,y) T r ]>1/q+ Pr y [Enc(x) y =r y ]>1/q+

14
Comparison ObjectInterpretationDecoding ProblemStd. Parameters list-decodable codes (x,y) = (y,Enc(x) y ) T = {(y,r y )} ) |LIST(T,1/q+ )| K q, constant, M,D=O(n), K=n O(1) : [N] [D] [M] N=2 n,D=2 d,… T [M] LIST (T, )={x [N] : Pr y [ (x,y) T] > }

15
AVERAGING SAMPLERS

16
Sampling Goal: given “oracle access” to a function f : [M] {0,1}, estimate (f) := E z [f(z)] by making few queries to f. Natural approach: choose random points z 1,…,z D [M], and output (1/D) i f(z i ). –For D= O((1/ ) log(1/ )), correct within with probability 1- Don’t need full independence; “pseudorandom” samples suffice, such as: –pairwise independence (e.g. z i =a i+b, for a,b F M ) –random walks on expander graphs.

17
Averaging Samplers Def: Samp : [N] [M] D is a ( , ) averaging sampler if for every f : [M] {0,1}, we have Pr (z 1,…, z D ) Samp(U [N] ) [(1/D) i f(z i ) > (f)+ ] Goals: Minimize D (ideally D=O((1/ ) log(1/ )). Maximize m=log M. Minimize n=log N (ideally n=m+log(1/ )). Minimize , (often constant, but =o(1)).

18
Samplers in the Framework Def: Samp : [N] [M] D is a ( , ) averaging sampler if for every f : [M] {0,1}, we have Pr (z 1,…, z D ) Samp(U [N] ) [(1/D) i f(z i ) > (f)+ ] Given Samp, define : [N] [D] [M] via (x,y)=Samp(x) y. Proposition: Samp ( , ) averaging sampler T [M] |LIST (T, (T)+ )| N

19
Comparison ObjectInterpretationDecoding ProblemStd. Parameters list-decodable codes (x,y) = (y,Enc(x) y ) T = {(y,r y )} ) |LIST(T,1/q+ )| K q, constant, M,D=O(n), K=n O(1) samplers x,y) = Samp(x) y |LIST(T, (T)+ )| Nn=O(m+log(1/ )),K= N D=O((1/ ) log(1/ )). : [N] [D] [M] N=2 n,D=2 d,… T [M] LIST (T, )={x [N] : Pr y [ (x,y) T] > }

20
EXPANDER GRAPHS

21
(Bipartite) Expander Graphs Goals: Minimize D Maximize A Maximize K [Minimize M] |Nbrs(S)| A ¢ |S| D N M S, |S| K Classic Params: M=N D, A > 1 constants. K = “ (K,A) expander” Example: [N]=[M]= F p Nbrs(x)= {x+1,x-1,x -1 }

22
List-Decoding View of Expanders Given G, let (x,y) = y’th neighbor of x. Prop: G is a (K,A) expander iff T µ [M] of size < AK, we have |LIST (T,1)| < |T|/A. | (S)| A ¢ K D N M “ (K,A) expander” S, |S| K

23
Comparison ObjectInterpretationDecoding ProblemStd. Parameters list-decodable codes (x,y) = (y,Enc(x) y ) T = {(y,r y )} ) |LIST(T,1/q+ )| K q, constant, M,D=O(n), K=n O(1) samplers x,y) = Samp(x) y |LIST(T, (T)+ )| Nn=O(m+log(1/ )),K= N D=O((1/ ) log(1/ )). expanders (x,y) = y’th nbr of x |T| < AK ) |LIST(T,1)| |T|/A M=N, D=O(1), A>1 K= (N) : [N] [D] [M] N=2 n,D=2 d,… T [M] LIST (T, )={x [N] : Pr y [ (x,y) T] > }

24
PSEUDORANDOM GENERATORS

25
Pseudorandom Generators looks random: for every “computationally feasible” test T : {0,1} m {0,1}, |Pr y [T(G(y))=1]-Pr z [T(z)=1]| computationally feasible: computable by a circuit of size t, or, equivalently, a time t algorithm with t bits of advice. useful for cryptography, derandomizing probabilistic algorithms G d-bit seed m bits that “look random”

26
PRG Constructions Q: Do efficiently computable PRGs exist? Open! Requires proving NP P, or at least EXP BPP. Instead show: if there are sufficiently hard functions (say in EXP), then efficient PRGs exist.

27
Black-box PRG Constructions Def: G is a (t,k, ) black-box PRG construction if R s.t. f T s.t. Pr y [T(G f (y))=1] > Pr z [T(z)=1] + w {0,1} k s.t. R w T computes f everywhere. R is computable in time t with oracle access to T. f : {0,1} {0,1} G f : {0,1} d {0,1} m test T : {0,1} m {0,1} construction reduction w/ k-bit advice w R w T : {0,1} {0,1} Prop: if f can’t be computed by circuits of size s, then G f is -pseudorandom vs. circuits of size s/t

28
Black-box PRG Constructions Def: G is a (t,k, ) black-box PRG construction if R s.t. f T s.t. Pr y [T(G f (y))=1] > Pr z [T(z)=1] + w {0,1} k s.t. R w T computes f everywhere. R is computable in time t with oracle access to T. f : {0,1} {0,1} G f : {0,1} d {0,1} m test T : {0,1} m {0,1} construction reduction w/ k-bit advice w R w T : {0,1} {0,1} Common parameters: t=k=m=1/ [ c, 2 c ] for arbitrarily large constant c, d=O( ).

29
PRGs in the Framework Take n=2 and define (f,y) = G f (y) Proposition: G an ( ,k, ) PRG const. T [M] |LIST (T, (T)+ )| K. Proof: f LIST (T, (T)+ ) Pr y [T(G f (y))=1]>Pr z [T(z)=1]+ K such f’s they can be named with k bits of advice f : {0,1} {0,1} G f : {0,1} d {0,1} m test T : {0,1} m {0,1} construction reduction w/ k-bit advice w R w T : {0,1} {0,1}

30
PRGs in the Framework Q: What about efficient reductions? A: Analogous to efficient “local list decoding”: compute each bit of the “message” f using few queries to “received word” T. f : {0,1} {0,1} G f : {0,1} d {0,1} m test T : {0,1} m {0,1} construction reduction w/ k-bit advice w R w T : {0,1} {0,1}

31
Comparison ObjectInterpretationDecoding ProblemStd. Parameters list-decodable codes (x,y) = (y,Enc(x) y ) T = {(y,r y )} ) |LIST(T,1/q+ )| K q, constant, M,D=O(n), K=n O(1) samplers x,y) = Samp(x) y |LIST(T, (T)+ )| Nn=O(m+log(1/ )),K= N D=O((1/ ) log(1/ )). expanders (x,y) = y’th nbr of x |T| < AK ) |LIST(T,1)| |T|/A M=N, D=O(1), A>1 K= (N) pseudorandom generators (f,y)=G f (y)|LIST(T, (T)+ )| K + “local list-decoding” m=1/ [n c,N 1/c ], D=poly(n), k=poly(m) : [N] [D] [M] N=2 n,D=2 d,… T [M] LIST (T, )={x [N] : Pr y [ (x,y) T] > }

32
Comparison ObjectInterpretationDecoding ProblemStd. Parameters list-decodable codes (x,y) = (y,Enc(x) y ) T = {(y,r y )} ) |LIST(T,1/q+ )| K q, constant, M,D=O(n), K=n O(1) samplers x,y) = Samp(x) y |LIST(T, (T)+ )| Nn=O(m+log(1/ )),K= N D=O((1/ ) log(1/ )). expanders (x,y) = y’th nbr of x |T| < AK ) |LIST(T,1)| |T|/A M=N, D=O(1), A>1 K= (N) pseudorandom generators (f,y)=G f (y)|LIST(T, (T)+ )| K + “local list-decoding” m=1/ [n c,N 1/c ], D=poly(n), k=poly(m) randomness extractors x,y) = Ext(x,y) |LIST(T, (T)+ )| KD=poly(n/ ), k=O(m) hardness amplifiers (f,y)= (y,Amp f (y)) T = {(y,r y )} ) |LIST(T,1/q+ )| K + “local list-decoding” q constant, M,D=O(n). k=poly(n/ )

33
Conclusions Many pseudorandom objects are almost equivalent. Each brings different intuition, techniques, parameters. Open: single construction : [N] [D] [M] optimal for all? –For every T [M], [0,1], |LIST(T, )| f(|T|, ) for f as small as possible. – (x,y) = (y, ) – poly-time computable –Efficient local list-decoding For more information, see proceedings and http://seas.harvard.edu/~salil/pseudorandomness

Similar presentations

OK

Randomness Extractors: Motivation, Applications and Constructions Ronen Shaltiel University of Haifa.

Randomness Extractors: Motivation, Applications and Constructions Ronen Shaltiel University of Haifa.

© 2018 SlidePlayer.com Inc.

All rights reserved.

Ads by Google

Ppt on total hip replacement Ppt on art of war bone Ppt on pricing policy document Ppt on power generation transmission and distribution Ppt on save environment drawings Ppt on construction site safety Ppt on review writing Ppt online exam form Ppt on various services provided by internet Ppt on conservation of wildlife and natural vegetation killer