Download presentation

Presentation is loading. Please wait.

Published byHugh Penick Modified over 2 years ago

1
Local correlation breakers and applications Gil Cohen

2
Breaking correlations 000011000000011 X Y X f(X,Y) The “breaking pairwise correlations” problem:

3
Breaking correlations The “breaking pairwise correlations” problem: * Yet, for applications in mind we do not have truly random bits. * Cannot be done deterministically. * A strengthening of an object used in [Li13].

4
Local correlation breakers (LCBs)

5
* Local correlation breakers * Applications * Mergers with weak-seeds * 3-source extractors * The LCB construction Roadmap * 2-source non-malleable extractors

6
[Ta-Shma96, LuReingoldVadhanWigderson03, Raz05, DvirShpilka07, Zuckerman07, DvirRaz08, DvirWigderson11, DvirKoppartySarafSudan09] * Existential argument works for Mergers with weak-seeds * Cannot be done deterministically. (n,k)

7
Theorem. There exists an explicit merger with weak-seeds for Mergers with weak-seeds via LCBs

8
* Local correlation breakers * Applications * Mergers with weak-seeds * 3-source extractors Roadmap * 2-source non-malleable extractors * The LCB construction

9
multi-source extractors [ChorGoldreich88, BarakImpagliazzoWigderson06, Bourgain05, Raz05, BarakKindlerShaltielSudakovWigderson05, Rao09, Li11, Li13, Li15] * Explicit 2-source extractors: * Explicit 3-source extractors: + lower exponent

10
Roadmap * The LCB construction * Seeded extractors * Two-steps look-ahead extractors * The construction

11
[NisanZuckerman96, …, Trevisan01, RazReingoldVadhan99, Ta-ShmaZuckermanSafra02, Shaltiel Umans01, GuruswamiUmansVadhan09, DvirKoppartySarafWigderson09, Ta-ShmaUmans12] * E is called strong if E(X,S) is uniform for almost all fixings S=s. Seeded extractors * Thou shalt have enough entropy in the source. * Thou shalt have a uniform seed. * Thou shalt not use correlated source and seed.

12
Hierarchy of independence W1W1 W2W2 WrWr Y AB

13
W1W1 W2W2 WrWr Y AB

14
W1W1 W2W2 WrWr Y AB * A of a uniform row is uniform.

15
Hierarchy of independence AB W1W1 W2W2 WrWr Y * B of a uniform row is uniform even given all A’s. * A of a uniform row is uniform.

16
[DziembowskiPietrzak07, DodisWichs09] A = E(Y,S ) Y T = E(W,A) B = E(Y,T) W 2-steps look-ahead extractors LA(W,Y) = (A,B) S

17
Theorem [DziembowskiPietrzak07]. Let W 1 be uniform and W 2 arbitrarily correlated with W 1. Let Y be an independent random variable. Let (A 1, B 1 ) = LA(W 1,Y), (A 2, B 2 ) = LA(W 2,Y). 2-steps look-ahead extractors [DziembowskiPietrzak07, DodisWichs09] Then, B 1 is uniform (even) given W 1, W 2, A 1, A 2.

18
A 1 = E(Y,S 1 ) Y W1W1 S1S1 W2W2 S2S2 A 2 = E(Y,S 2 ) T 1 = E(W 1,A 1 ) T 2 = E(W 2,A 2 ) B 1 = E(Y,T 1 ) B 2 = E(Y,T 2 ) 2-steps look-ahead extractors [DziembowskiPietrzak07, DodisWichs09]

19
A 1 = E(Y,s 1 ) Y W1W1 s1s1 W2W2 S2S2 A 2 = E(Y,S 2 ) T 1 = E(W 1,A 1 ) T 2 = E(W 2,A 2 ) B 2 = E(Y,T 2 ) Fixed 2-steps look-ahead extractors [DziembowskiPietrzak07, DodisWichs09] B 1 = E(Y,T 1 )

20
A 1 = E(Y,s 1 ) Y W1W1 s1s1 W2W2 s2s2 A 2 = E(Y,s 2 ) T 1 = E(W 1,A 1 ) T 2 = E(W 2,A 2 ) B 2 = E(Y,T 2 ) Fixed 2-steps look-ahead extractors [DziembowskiPietrzak07, DodisWichs09] Fixed B 1 = E(Y,T 1 )

21
a 1 = E(Y,s 1 ) Y W1W1 s1s1 W2W2 s2s2 A 2 = E(Y,s 2 ) T 1 = E(W 1,a 1 ) T 2 = E(W 2,A 2 ) B 2 = E(Y,T 2 ) Fixed 2-steps look-ahead extractors [DziembowskiPietrzak07, DodisWichs09] Fixed B 1 = E(Y,T 1 ) Fixed

22
a 1 = E(Y,s 1 ) Y W1W1 s1s1 W2W2 s2s2 a 2 = E(Y,s 2 ) T 1 = E(W 1,a 1 ) T 2 = E(W 2,a 2 ) B 2 = E(Y,T 2 ) Fixed 2-steps look-ahead extractors [DziembowskiPietrzak07, DodisWichs09] Fixed B 1 = E(Y,T 1 ) Fixed

23
a 1 = E(Y,s 1 ) Y W1W1 s1s1 W2W2 s2s2 a 2 = E(Y,s 2 ) t 1 = E(W 1,a 1 ) T 2 = E(W 2,a 2 ) B 2 = E(Y,T 2 ) Fixed 2-steps look-ahead extractors [DziembowskiPietrzak07, DodisWichs09] Fixed B 1 = E(Y,t 1 ) Fixed

24
Roadmap * The LCB construction * Seeded extractors * Two-steps look-ahead extractors * The construction

25
X1X1 AB W’ 1 = E(X 1,B 1 ) W’ 2 = E(X 2,A 2 ) W’ 3 = E(X 3,A 3 ) A’B’ A’’B’’ X2X2 X3X3 Z 1 = E(X 1,A’’ 1 ) Z 2 = E(X 2,A’’ 2 ) Z 3 = E(X 3,B’’ 3 ) W’’ 1 = E(X 1,A’ 1 ) W’’ 2 = E(X 2,B’ 2 ) W’’ 3 = E(X 3,A’ 3 ) 3-LCB for 3 rows Y W1W1 W2W2 W3W3 (A 1, B 1 ) = LA(W 1,Y) (A 2, B 2 ) = LA(W 2,Y) (A 3, B 3 ) = LA(W 3,Y) (A’ 1, B’ 1 ) = LA(W’ 1,Y) (A’ 2, B’ 2 ) = LA(W’ 2,Y) (A’ 3, B’ 3 ) = LA(W’ 3,Y) (A’’ 1, B’’ 1 ) = LA(W’’ 1,Y) (A’’ 2, B’’ 2 ) = LA(W’’ 2,Y) (A’’ 3, B’’ 3 ) = LA(W’’ 3,Y) (Z 1,Z 2,Z 3 ) = LCB((X 1,X 2,X 3 ),Y)

26
X1X1 AB W’ 1 = E(X 1,B 1 ) W’ 2 = E(X 2,A 2 ) W’ 3 = E(X 3,A 3 ) A’B’ A’’B’’ X2X2 X3X3 Z 1 = E(X 1,A’’ 1 ) Z 2 = E(X 2,A’’ 2 ) Z 3 = E(X 3,B’’ 3 ) W’’ 1 = E(X 1,A’ 1 ) W’’ 2 = E(X 2,B’ 2 ) W’’ 3 = E(X 3,A’ 3 ) 3-LCB for 3 rows Y W1W1 W2W2 W3W3 (Z 1,Z 2,Z 3 ) = LCB((X 1,X 2,X 3 ),Y)

27
X1X1 AB W’ 1 = E(X 1,B 1 ) W’ 2 = E(X 2,A 2 ) W’ 3 = E(X 3,A 3 ) A’B’ A’’B’’ X2X2 X3X3 Z 1 = E(X 1,A’’ 1 ) Z 2 = E(X 2,A’’ 2 ) Z 3 = E(X 3,B’’ 3 ) W’’ 1 = E(X 1,A’ 1 ) W’’ 2 = E(X 2,B’ 2 ) W’’ 3 = E(X 3,A’ 3 ) 3-LCB for 3 rows Y W1W1 W2W2 W3W3 (Z 1,Z 2,Z 3 ) = LCB((X 1,X 2,X 3 ),Y)

28
X1X1 AB W’ 1 = E(X 1,B 1 ) W’ 2 = E(X 2,A 2 ) W’ 3 = E(X 3,A 3 ) A’B’ A’’B’’ X2X2 X3X3 Z 1 = E(X 1,A’’ 1 ) Z 2 = E(X 2,A’’ 2 ) Z 3 = E(X 3,B’’ 3 ) W’’ 1 = E(X 1,A’ 1 ) W’’ 2 = E(X 2,B’ 2 ) W’’ 3 = E(X 3,A’ 3 ) 3-LCB for 3 rows Y W1W1 W2W2 W3W3 (Z 1,Z 2,Z 3 ) = LCB((X 1,X 2,X 3 ),Y) The assumption on the input is maintained

29
X1X1 AB W’ 1 = E(X 1,B 1 ) W’ 2 = E(X 2,A 2 ) W’ 3 = E(X 3,A 3 ) A’B’ A’’B’’ X2X2 X3X3 Z 1 = E(X 1,A’’ 1 ) Z 2 = E(X 2,A’’ 2 ) Z 3 = E(X 3,B’’ 3 ) W’’ 1 = E(X 1,A’ 1 ) W’’ 2 = E(X 2,B’ 2 ) W’’ 3 = E(X 3,A’ 3 ) 3-LCB for 3 rows Y W1W1 W2W2 W3W3 (Z 1,Z 2,Z 3 ) = LCB((X 1,X 2,X 3 ),Y)

30
X1X1 AB W’ 1 = E(X 1,B 1 ) W’ 2 = E(X 2,A 2 ) W’ 3 = E(X 3,A 3 ) A’B’ A’’B’’ X2X2 X3X3 Z 1 = E(X 1,A’’ 1 ) Z 2 = E(X 2,A’’ 2 ) Z 3 = E(X 3,B’’ 3 ) W’’ 1 = E(X 1,A’ 1 ) W’’ 2 = E(X 2,B’ 2 ) W’’ 3 = E(X 3,A’ 3 ) 3-LCB for 3 rows Y W1W1 W2W2 W3W3 (Z 1,Z 2,Z 3 ) = LCB((X 1,X 2,X 3 ),Y) The good row gains its independence when given the lead

31
X1X1 AB W’ 1 = E(X 1,B 1 ) W’ 2 = E(X 2,A 2 ) W’ 3 = E(X 3,A 3 ) A’B’ A’’B’’ X2X2 X3X3 Z 1 = E(X 1,A’’ 1 ) Z 2 = E(X 2,A’’ 2 ) Z 3 = E(X 3,B’’ 3 ) W’’ 1 = E(X 1,A’ 1 ) W’’ 2 = E(X 2,B’ 2 ) W’’ 3 = E(X 3,A’ 3 ) 3-LCB for 3 rows Y W1W1 W2W2 W3W3 (Z 1,Z 2,Z 3 ) = LCB((X 1,X 2,X 3 ),Y)

32
X1X1 AB W’ 1 = E(X 1,B 1 ) W’ 2 = E(X 2,A 2 ) W’ 3 = E(X 3,A 3 ) A’B’ A’’B’’ X2X2 X3X3 Z 1 = E(X 1,A’’ 1 ) Z 2 = E(X 2,A’’ 2 ) Z 3 = E(X 3,B’’ 3 ) W’’ 1 = E(X 1,A’ 1 ) W’’ 2 = E(X 2,B’ 2 ) W’’ 3 = E(X 3,A’ 3 ) 3-LCB for 3 rows Y W1W1 W2W2 W3W3 (Z 1,Z 2,Z 3 ) = LCB((X 1,X 2,X 3 ),Y) The independence is preserved when other rows are given the lead

33
Reducing the number of rounds 1 2 3 4 5 67 8 9 B A B A B A …

34
1 2 3 4 5 67 8 9 A B B A Use arbitrary cuts in a “flip-flop”. …

35
Reducing the number of rounds 1 2 3 4 5 67 8 9 A B B A Use a sequence of log(r) cuts such that for any two distinct vertices there is a cut that separates them. Use arbitrary cuts in a “flip-flop”.

36
* We’ve introduced and constructed LCBs. Summary and problem problems * Applications: * Mergers with weak-seeds with double-logarithmic entropy. * 3-source extractors with one double-logarithmic entropy source. A possible future research direction * Improved two-source extractors - perhaps further ideas can be used to remove the need for the third loglog(n)-entropy source. Thank you! * 2-source non-malleable extractors.

Similar presentations

OK

Does Privacy Require True Randomness? Yevgeniy Dodis New York University Joint work with Carl Bosley.

Does Privacy Require True Randomness? Yevgeniy Dodis New York University Joint work with Carl Bosley.

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google

Ppt on railway track and structures Ppt on road traffic in india Ppt on adolf hitler Ppt on regional transport office india Ppt on distance formula and midpoint Ppt on orphans in india Stone age for kids ppt on batteries Ppt on development of indian railways Ppt on classical economics unemployment Seminar report and ppt on google glasses