Computational Analogues of Entropy Boaz Barak Ronen Shaltiel Avi Wigderson.

Slides:



Advertisements
Similar presentations
Completeness and Expressiveness
Advertisements

Low-End Uniform Hardness vs. Randomness Tradeoffs for Arthur-Merlin Games. Ronen Shaltiel, University of Haifa Chris Umans, Caltech.
On the (Im)Possibility of Arthur-Merlin Witness Hiding Protocols Iftach Haitner, Alon Rosen and Ronen Shaltiel 1.
Lower Bounds for Non-Black-Box Zero Knowledge Boaz Barak (IAS*) Yehuda Lindell (IBM) Salil Vadhan (Harvard) *Work done while in Weizmann Institute. Short.
Computing with adversarial noise Aram Harrow (UW -> MIT) Matt Hastings (Duke/MSR) Anup Rao (UW)
Coin Tossing With A Man In The Middle Boaz Barak.
Linear-Degree Extractors and the Inapproximability of Max Clique and Chromatic Number David Zuckerman University of Texas at Austin.
Randomness Extractors & their Cryptographic Applications Salil Vadhan Harvard University
Strict Polynomial-Time in Simulation and Extraction Boaz Barak & Yehuda Lindell.
Randomness Extractors: Motivation, Applications and Constructions Ronen Shaltiel University of Haifa.
Russell Impagliazzo ( IAS & UCSD ) Ragesh Jaiswal ( Columbia U. ) Valentine Kabanets ( IAS & SFU ) Avi Wigderson ( IAS ) ( based on [IJKW08, IKW09] )
Extracting Randomness From Few Independent Sources Boaz Barak, IAS Russell Impagliazzo, UCSD Avi Wigderson, IAS.
One-Way Functions David Lagakos Yutao Zhong April 2, 2001.
Derandomization & Cryptography Boaz Barak, Weizmann Shien Jin Ong, MIT Salil Vadhan, Harvard.
Approximate List- Decoding and Hardness Amplification Valentine Kabanets (SFU) joint work with Russell Impagliazzo and Ragesh Jaiswal (UCSD)
Many-to-one Trapdoor Functions and their Relations to Public-key Cryptosystems M. Bellare S. Halevi A. Saha S. Vadhan.
Inaccessible Entropy Iftach Haitner Microsoft Research Omer Reingold Weizmann & Microsoft Hoeteck Wee Queens College, CUNY Salil Vadhan Harvard University.
1 Efficient Pseudorandom Generators from Exponentially Hard One-Way Functions Iftach Haitner, Danny Harnik, Omer Reingold.
Inaccessible Entropy Iftach Haitner Microsoft Research Omer Reingold Weizmann Institute Hoeteck Wee Queens College, CUNY Salil Vadhan Harvard University.
Talk for Topics course. Pseudo-Random Generators pseudo-random bits PRG seed Use a short “ seed ” of very few truly random bits to generate a long string.
Uniform Hardness vs. Randomness Tradeoffs for Arthur-Merlin Games. Danny Gutfreund, Hebrew U. Ronen Shaltiel, Weizmann Inst. Amnon Ta-Shma, Tel-Aviv U.
Triangle partition problem Jian Li Sep,2005.  Proposed by Redstar in Algorithm board in Fudan BBS.  Motivated by some network design strategy.
Expander Graphs, Randomness Extractors and List-Decodable Codes Salil Vadhan Harvard University Joint work with Venkat Guruswami (UW) & Chris Umans (Caltech)
Summary Showing regular Showing non-regular construct DFA, NFA
Simple Affine Extractors using Dimension Expansion. Matt DeVos and Ariel Gabizon.
Computational Security. Overview Goal: Obtain computational security against an active adversary. Hope: under a reasonable cryptographic assumption, obtain.
Foundations of Cryptography Lecture 13 Lecturer: Moni Naor.
Complexity 16-1 Complexity Andrei Bulatov Non-Approximability.
Complexity 15-1 Complexity Andrei Bulatov Hierarchy Theorem.
Simple Extractors for All Min-Entropies and a New Pseudo-Random Generator Ronen Shaltiel (Hebrew U) & Chris Umans (MSR) 2001.
An Efficient Construction of Secret Sharing for Generalized Adversary Structure and Its Reduction Communications, Circuits and Systems, ICCCAS 2004.
ACT1 Slides by Vera Asodi & Tomer Naveh. Updated by : Avi Ben-Aroya & Alon Brook Adapted from Oded Goldreich’s course lecture notes by Sergey Benditkis,
Arithmetic Hardness vs. Randomness Valentine Kabanets SFU.
3-source extractors, bi-partite Ramsey graphs, and other explicit constructions Boaz barak rOnen shaltiel Benny sudakov avi wigderson Joint work with GUY.
Princeton University COS 433 Cryptography Fall 2005 Boaz Barak COS 433: Cryptography Princeton University Fall 2005 Boaz Barak Lecture 2: Perfect Secrecy.
Computational Indistinguishability “To suppose two things indiscernible is to suppose the same thing under two different names” Gottfried Wilhelm Leibniz.
GOING DOWN HILL: MORE EFFICIENT PSEUDORANDOM GENERATORS FROM ANY ONE-WAY FUNCTION Joint with Iftach Haitner and Salil Vadhan Omer Reingold&
1 Leonid Reyzin May 23, th International Conference on Information Theoretic Security Minentropy and its Variations for Cryptography.
On Everlasting Security in the Hybrid Bounded Storage Model Danny Harnik Moni Naor.
Princeton University COS 433 Cryptography Fall 2005 Boaz Barak COS 433: Cryptography Princeton University Fall 2005 Boaz Barak Lecture 2: Perfect Secrecy.
CS151 Complexity Theory Lecture 9 April 27, 2004.
1 On the Power of the Randomized Iterate Iftach Haitner, Danny Harnik, Omer Reingold.
Computational aspects of stability in weighted voting games Edith Elkind (NTU, Singapore) Based on joint work with Leslie Ann Goldberg, Paul W. Goldberg,
Computational Entropy Joint works with Iftach Haitner (Tel Aviv), Thomas Holenstein (ETH Zurich), Omer Reingold (MSR-SVC), Hoeteck Wee (George Washington.
Foundations of Cryptography Rahul Jain CS6209, Jan – April 2011
Simulating independence: new constructions of Condensers, Ramsey Graphs, Dispersers and Extractors Boaz Barak Guy Kindler Ronen Shaltiel Benny Sudakov.
Computational Entropy Joint works with Iftach Haitner (Tel Aviv), Thomas Holenstein (ETH Zurich), Omer Reingold (MSR-SVC), Hoeteck Wee (George Washington.
Some Fundamental Insights of Computational Complexity Theory Avi Wigderson IAS, Princeton, NJ Hebrew University, Jerusalem.
Umans Complexity Theory Lectures Lecture 17: Natural Proofs.
Norms, XOR lemmas, and lower bounds for GF(2) polynomials and multiparty protocols Emanuele Viola, IAS (Work partially done during postdoc at Harvard)
List Decoding Using the XOR Lemma Luca Trevisan U.C. Berkeley.
Hardness amplification proofs require majority Emanuele Viola Columbia University Work also done at Harvard and IAS Joint work with Ronen Shaltiel University.
Dan Boneh Stream ciphers PRG Security Defs Online Cryptography Course Dan Boneh.
Almost SL=L, and Near-Perfect Derandomization Oded Goldreich The Weizmann Institute Avi Wigderson IAS, Princeton Hebrew University.
Complexity Theory and Explicit Constructions of Ramsey Graphs Rahul Santhanam University of Edinburgh.
Data Structures and Algorithm Analysis Lecture 24
Information Complexity Lower Bounds
Derandomization & Cryptography
Pseudorandomness when the odds are against you
Computability and Complexity
Tight Fourier Tails for AC0 Circuits
CS 154, Lecture 4: Limitations on DFAs (I),
The Curve Merger (Dvir & Widgerson, 2008)
Conditional Computational Entropy
Indistinguishability by adaptive procedures with advice, and lower bounds on hardness amplification proofs Aryeh Grinberg, U. Haifa Ronen.
Clustering.
Oracle Separation of BQP and PH
THE WELL ORDERING PROPERTY
On Derandomizing Algorithms that Err Extremely Rarely
Oracle Separation of BQP and PH
Presentation transcript:

Computational Analogues of Entropy Boaz Barak Ronen Shaltiel Avi Wigderson

H(X) · Shannon-Ent(X) H(X) · Shannon-Ent(X) Statistical Min-Entropy Definition: H(X)¸k iff max x Pr[ X=x ]<2 -k ( X r.v. over {0,1} n ) Properties: H(X)=n iff X~U n H(X)=n iff X~U n H(X,Y) ¸ H(X) (concatenation) H(X,Y) ¸ H(X) (concatenation) If H(X)¸k then 9 (efficient) f s.t. f(X)~ U k/2 (extraction) If H(X)¸k then 9 (efficient) f s.t. f(X)~ U k/2 (extraction) Our Objectives: 1. Investigate possible defs for computational Min-Entropy. 2. Check whether computational defs satisfy analogs of statistical properties. 2. Check whether computational defs satisfy analogs of statistical properties.

Our Contributions Study 3 variants (1 new) of pseudoentropy. Study 3 variants (1 new) of pseudoentropy. Equivalence & separation results for several computational model. Equivalence & separation results for several computational model. Study analogues of IT results. Study analogues of IT results. In this talk: Present the 3 variants. Present the 3 variants. Show 2 results + proof sketches Show 2 results + proof sketches

Review - Pseudorandomness Def: X is pseudorandom if max D2C bias D (X,U n ) < max D2C bias D (X,U n ) < C – class of efficient algorithms (e.g. s-sized circuits) bias D (X,Y) = | E X [D(X)] - E Y [D(Y)] | – parameter (in this talk: some constant > 0) – parameter (in this talk: some constant > 0) i.e., X is computationally indistinguishable from U n

Defining Pseudoentropy *X is pseudorandom if max D2C bias D (X,U n ) < max D2C bias D (X,U n ) < Def 1 [HILL] : H HILL (X)¸k if 9Y s.t. H(Y)¸ k and max D2C bias D (X,Y) < 9Y s.t. H(Y)¸ k and max D2C bias D (X,Y) < min H(Y)¸ K max D2C bias D (X,Y) < min H(Y)¸ K max D2C bias D (X,Y) < Def 2: H Met (X)¸k if max D2C min H(Y)¸ K bias D (X,Y) < max D2C min H(Y)¸ K bias D (X,Y) < Def 3 [Yao] : H Yao (X)¸k if X cannot be efficiently compressed to k-1 bits. i.e., X is computationally indist. from some Y with ¸k statistical min-entropy. i.e., 8 efficient D, X is computationally indist. by D from some Y=Y(D) with ¸k statistical min-entropy.

Defining Pseudoentropy Claim 2: For k=n all 3 defs equivalent to pseudorandomness. H HILL (X)¸k if min H(Y)¸ K max D2C bias D (X,Y) < H HILL (X)¸k if min H(Y)¸ K max D2C bias D (X,Y) < H Met (X)¸k if max D2C min H(Y)¸ K bias D (X,Y) < H Met (X)¸k if max D2C min H(Y)¸ K bias D (X,Y) < H Yao (X)¸k if X cant be efficiently compressed to k-1 bits. Claim 1: H(X) · H HILL (X) · H Met (X) · H Yao (X) Claim 3: All 3 defs satisfy extraction property. [Tre]

HILL & Metric Def are Equivalent H HILL (X)¸k if min H(Y)¸K max D2C bias D (X,Y) < H HILL (X)¸k if min H(Y)¸K max D2C bias D (X,Y) < H Met (X)¸k if max D2C min H(Y)¸K bias D (X,Y) < H Met (X)¸k if max D2C min H(Y)¸K bias D (X,Y) < Thm 1: H HILL (X) = H Met (X) (For C = poly-sized circuits, any ) Proof: Suppose H HILL (X)<k Player 2: D Y bias D (X,Y) ¸ bias D (X,Y) ¸ Player 1: D Y Use the Min-Max theorem. [vN28] Player 1: 2:

Unpredictability & Entropy Thm [Yao] : If X is unpredicatble with adv. then X is pseudorandom w/ param =n¢ Thm [Yao] : If X is unpredicatble with adv. then X is pseudorandom w/ param =n¢ Loss of factor of n due to hybrid argument – useless for constant advantage Loss of factor of n due to hybrid argument – useless for constant advantage This loss can be crucial for some applications (e.g., extractors, derandomizing small-space algs) Can we do better?

Unpredictability & Entropy IT Fact [TZS] : If X is IT-unpredictable with const. adv. then H(X)= (n) We obtain the following imperfect analog: Thm 2: If X is unpredictable by SAT-gate circuits with const. adv. then H Met (X)= (n) In paper: A variant of Thm 2 for nonuniform online logspace.

Thm 2: If X is unpredictable by SAT-gate circuits with const. adv. then H Met (X)= (n) Proof: Suppose that H Met (X)< n Well construct a SAT-gate predictor P s.t. Pr i,X [ P(X 1,…,X i-1 )=X i ] = 1 – Pr i,X [ P(X 1,…,X i-1 )=X i ] = 1 – We have that max D2C min H(Y)¸ n bias D (X,Y)¸ We have that max D2C min H(Y)¸ n bias D (X,Y)¸ i.e., 9D s.t. 8Y If H(Y)¸ n then bias D (X,Y)¸ i.e., 9D s.t. 8Y If H(Y)¸ n then bias D (X,Y)¸ Assume: 1) |D -1 (1)| < 2 n *2) Pr X [ D(X)=1 ] = 1 {0,1} n D X

Define predictor P as follows: P(x 1,…,x i )=0 iff Pr[ D(x 1,…,x i,0,U n-i-1 )=1] > ½ 1) |D -1 (1)| < 2 n 2) Pr X [ D(X)=1 ] = 1 {0,1} n D X Construct P from D Note that P does not depend on X and can be constructed w/ NP oracle. (approx counting [JVV]) Claim: 8x2D, P predicts at least (1- )n indices of x

P(x 1,…,x i )=0 iff Pr[ D(x 1,…,x i,0,U n-i-1 )=1] > ½ Proof: Suppose P fails to predict x in m indices. Well show that |D|>2 m, obtaining a contradiction. 1 ¸2¸2¸2¸2 ¸2¸2¸2¸2 ¸4¸4¸4¸4 ¸4¸4¸4¸4 ¸8¸8¸8¸8 ¸2m¸2m¸2m¸2m

Open Problems Analog of Thm 2 (unpredictability entropy) ? Analog of Thm 2 (unpredictability entropy) ? Meaningful concatenation property? Meaningful concatenation property? Separate Yao & Metric pseudoentropy. Separate Yao & Metric pseudoentropy. More results for poly-time computation: Prove that RL=L

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.