Presentation is loading. Please wait.

Presentation is loading. Please wait.

Poorvi Vora/CTO/IPG/HP 01/03 1 The channel coding theorem and the security of binary randomization Poorvi Vora Hewlett-Packard Co.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Poorvi Vora/CTO/IPG/HP 01/03 1 The channel coding theorem and the security of binary randomization Poorvi Vora Hewlett-Packard Co."— Presentation transcript:

1 Poorvi Vora/CTO/IPG/HP 01/03 1 The channel coding theorem and the security of binary randomization Poorvi Vora Hewlett-Packard Co.

2 Poorvi Vora/CTO/IPG/HP 01/03 2 Context: Theory of variable privacy Theory of security allows binary choice for data revelation: –Bob is trusted/untrusted –If he is trusted, data is revealed to him using a perfect protocol Information leakage necessary for a number of interactions –Even the revelation of a sum using ZK protocols leaks information about the variables; this information is valuable to Bob and Alice Randomization can be used for personal privacy, in a “privacy market”

3 Poorvi Vora/CTO/IPG/HP 01/03 3 Randomization: binary-valued HIV? P(truth) = 2/3 P(lie) = 1/3 Yes stats. over many are accurate After the protocol, the possibilities are skewed the answer is most likely to be correct Computationally and information-theoretically imperfect Best measure so far [AA01]: change in entropy (mutual information)

4 Poorvi Vora/CTO/IPG/HP 01/03 4 Protocol as channel Protocol Input: The truth value of “X has HIV” Output: Perturbed value of the bit. Probabilities: of truth: 2/3, of lie: 1/3 Put input bit through a communication channel with probability of error 1/3 Channel output indistinguishable from protocol output; Tracker wishes efficient communication over channel Capacity = maximum change in entropy

5 Poorvi Vora/CTO/IPG/HP 01/03 5 Attacks on randomization - repeating the question An attack: asking the same question many times Can be thwarted by –never answering the same question twice, or –always answering it the same. Query repetition: –corresponds to an error-correcting code word a a a a a a a –probability of error is monotonic decreasing with n for n-symbol code words –rate of code = 1/n

6 Poorvi Vora/CTO/IPG/HP 01/03 6 Error Known that: –tracker can reduce estimation error indefinitely –by increasing the number of repeated queries indefinitely; n →    n → 0 –and that this is the best he can do with repeated queries  n → 0  cost per data point = n/1 → 

7 Poorvi Vora/CTO/IPG/HP 01/03 7 Is the following an attack? Requested Bit 1: “location = North”; Requested Bit 2: “virus X test = positive”; Requested Bit 3: “gender = male” AND “muscular sclerosis = present” If (location = North)  (virus X test = positive)  (gender = male) AND (muscular sclerosis = present) Then: A3 = A1  A2; check-sum bit; M = number of possible strings of interest; n = no. of queries rate = (log 2 M)/n = 2/3 i.e., k/n Deterministically-related query sequence (DRQS)

8 Poorvi Vora/CTO/IPG/HP 01/03 8 Theorem: Channel codes are DRQS attacks and vice versa A code is –a (binary) function from M message words to n code bits –an estimation function from n bits to one of M message words The only difference between codes and DRQS attacks is that the coding entity in the communication channel knows the bits The tracker does not know the bits, but forces a pattern among them through the queries

9 Poorvi Vora/CTO/IPG/HP 01/03 9 What kind of information transfer do DRQS attacks provide? Recall: repetition attack sacrificed rate (1/n) for accuracy Does looking at more than one target bit at a time help the tracker? Can he maintain the rate of a DRQS attack while decreasing estimation error? i.e., Can he maintain k/n while  n → 0

10 Poorvi Vora/CTO/IPG/HP 01/03 10 Shannon (1948) Channel Coding (“second”) Theorem Existence result; tight upper bound on transmission efficiency (Really only weak law of large numbers) Codes exist for reliable transmission at all rates below capacity A channel cannot transmit reliably at rates above capacity. Reliable transmission defined as decreasing error arbitrarily while maintaining rate

11 Poorvi Vora/CTO/IPG/HP 01/03 11 Shannon (1948): Codes exist for reliable transmission at all rates below capacity Forney (1966): Existence of polynomial-time encodable and decodable Shannon codes Spielman (1995): Construction of linear-time encodable and decodable codes approaching Shannon codes  Corollary: Construction methods for linear time DRQS attacks with k/n approaching C while  n → 0 Existence of reliable DRQS attacks

12 Poorvi Vora/CTO/IPG/HP 01/03 12 Types of attacks PRQS (Probabilistically-related Query Sequence) Attacks: Queries are probabilistically-related to required bits. Most general DRQS (Deterministically-related Query Sequence) Attacks: Queries are deterministically-related to required bits. Among most efficient Reliable attacks: maintain rate while increasing accuracy

13 Poorvi Vora/CTO/IPG/HP 01/03 13 Theorem: The rate of a reliable PRQS attack is tightly bounded above by protocol capacity A channel cannot transmit reliably at rates above capacity  Corollary: The capacity of a protocol is the (tight) upper bound on the rate of a reliable DRQS attack.  While the protocol is not perfect, there is a cost to exploiting its non- perfectness Bound also holds for:  n → 0 ; adaptive, non-deterministic; also many other protocols i.e.  n → 0  lim k/n  C

14 Poorvi Vora/CTO/IPG/HP 01/03 14 Theorem: Lower bound on total queries for arbitrarily small error If requested bits are all independent, minimum queries when maximum rate: Minimum no. of queries on average = target entropy/maximum rate = target entropy/channel capacity; n  k/ C -  Shown using the source-channel coding theorem which enables entropy to be addressed separately from the query pattern

15 Poorvi Vora/CTO/IPG/HP 01/03 15 We have shown that The tracker can do better by –increasing the number of points combined in a single query –i.e. there exist attacks for which n →    n → 0  n → 0  n/k →  There is a tight lower bound on the limit of n/k such that n →    n → 0 i.e, (n →    n → 0)  lim n/k > 1/ C Privacy measure Recall: C is max. value of change in entropy \

16 Poorvi Vora/CTO/IPG/HP 01/03 16 Why our approach is so powerful All other information-theoretic approaches stop with the notion of entropy, and do not approach the notion of a channel All they provide access to is Shannon’s first (source coding) theorem “entropy is the minimum number of bits required, on average, to represent a random variable” Communication channels provide access to other work on both information theory and coding Clearly just a beginning

17 Poorvi Vora/CTO/IPG/HP 01/03 17 This work was influenced by conversations with Umesh Vazirani Gadiel Seroussi Cormac Herley

Download ppt "Poorvi Vora/CTO/IPG/HP 01/03 1 The channel coding theorem and the security of binary randomization Poorvi Vora Hewlett-Packard Co."

Similar presentations

Ulams Game and Universal Communications Using Feedback Ofer Shayevitz June 2006.

Ulams Game and Universal Communications Using Feedback Ofer Shayevitz June 2006.
Approximate List- Decoding and Hardness Amplification Valentine Kabanets (SFU) joint work with Russell Impagliazzo and Ragesh Jaiswal (UCSD)

Approximate List- Decoding and Hardness Amplification Valentine Kabanets (SFU) joint work with Russell Impagliazzo and Ragesh Jaiswal (UCSD)
CY2G2 Information Theory 1

CY2G2 Information Theory 1
Information theory Multi-user information theory A.J. Han Vinck Essen, 2004.

Information theory Multi-user information theory A.J. Han Vinck Essen, 2004.
Entropy and Information Theory

Entropy and Information Theory
Sampling and Pulse Code Modulation

Sampling and Pulse Code Modulation
I NFORMATION CAUSALITY AND ITS TESTS FOR QUANTUM COMMUNICATIONS I- Ching Yu Host : Prof. Chi-Yee Cheung Collaborators: Prof. Feng-Li Lin (NTNU) Prof. Li-Yi.

I NFORMATION CAUSALITY AND ITS TESTS FOR QUANTUM COMMUNICATIONS I- Ching Yu Host : Prof. Chi-Yee Cheung Collaborators: Prof. Feng-Li Lin (NTNU) Prof. Li-Yi.
Huffman code and ID3 Prof. Sin-Min Lee Department of Computer Science.

Huffman code and ID3 Prof. Sin-Min Lee Department of Computer Science.
Polling With Physical Envelopes A Rigorous Analysis of a Human–Centric Protocol Tal Moran Joint work with Moni Naor.

Polling With Physical Envelopes A Rigorous Analysis of a Human–Centric Protocol Tal Moran Joint work with Moni Naor.
Information Theory EE322 Al-Sanie.

Information Theory EE322 Al-Sanie.
Gillat Kol (IAS) joint work with Ran Raz (Weizmann + IAS) Interactive Channel Capacity.

Gillat Kol (IAS) joint work with Ran Raz (Weizmann + IAS) Interactive Channel Capacity.
Bounds on Code Length Theorem: Let l ∗ 1, l ∗ 2,..., l ∗ m be optimal codeword lengths for a source distribution p and a D-ary alphabet, and let L ∗ be.

Bounds on Code Length Theorem: Let l ∗ 1, l ∗ 2,..., l ∗ m be optimal codeword lengths for a source distribution p and a D-ary alphabet, and let L ∗ be.
SIMS-201 Compressing Information. 2  Overview Chapter 7: Compression Introduction Entropy Huffman coding Universal coding.

SIMS-201 Compressing Information. 2  Overview Chapter 7: Compression Introduction Entropy Huffman coding Universal coding.
NON-MALLEABLE EXTRACTORS AND SYMMETRIC KEY CRYPTOGRAPHY FROM WEAK SECRETS Yevgeniy Dodis and Daniel Wichs (NYU) STOC 2009.

NON-MALLEABLE EXTRACTORS AND SYMMETRIC KEY CRYPTOGRAPHY FROM WEAK SECRETS Yevgeniy Dodis and Daniel Wichs (NYU) STOC 2009.
Information Theory Introduction to Channel Coding Jalal Al Roumy.

Information Theory Introduction to Channel Coding Jalal Al Roumy.
Chain Rules for Entropy

Chain Rules for Entropy
Chapter 6 Information Theory

Chapter 6 Information Theory
UCB Claude Shannon – In Memoriam Jean Walrand U.C. Berkeley www.eecs.berkeley.edu/~wlr.

UCB Claude Shannon – In Memoriam Jean Walrand U.C. Berkeley
Fundamental limits in Information Theory Chapter 10 :

Fundamental limits in Information Theory Chapter 10 :
Information Theory Eighteenth Meeting. A Communication Model Messages are produced by a source transmitted over a channel to the destination. encoded.

Information Theory Eighteenth Meeting. A Communication Model Messages are produced by a source transmitted over a channel to the destination. encoded.

Similar presentations

Ads by Google