1 / 17

Extractors: applications and constructions

Randomness. Extractors: applications and constructions. Avi Wigderson IAS, Princeton. Cryptography. Applications : Analyzed on perfect randomness. Probabilistic algorithms. Game Theory. Unbiased, independent. biased, dependent. Reality : Sources of imperfect randomness.

chiara
Télécharger la présentation

Extractors: applications and constructions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Randomness Extractors: applications and constructions Avi Wigderson IAS, Princeton

  2. Cryptography Applications: Analyzed on perfect randomness Probabilistic algorithms Game Theory Unbiased, independent biased, dependent Reality: Sources of imperfect randomness Stock market fluctuations Radioactive decay Sun spots Extractors: original motivation Extractor Theory

  3. Running probabilistic algorithms with weak random bits biased, dependent EXT unbiased, independent Input Probabilistic algorithm Output Error prob <δ

  4. State Space {0,1}n Monte-Carlo algorithmswith few random bits Setting: Statistical mechanics model (Ising, Potts, Percolation, Spin Glass,….) Task: Estimate parameters (free entropy, partition function, long-range correlations,…) Algorithm: Sample a random state from Gibbs dist. (Glauber dynamics, Metropolis algorithm,…) n sites

  5. State Space {0,1}n Monte-Carlo algorithmswith few random bits Resources of the typical Monte-Carlo algorithm - Space: ~ n • Time: t < poly(n) • Randomness: ~tn bits [Nisan-Zuckerman] Randomness = space! Deterministicallyexpand n tn bits, with rt~ uniform ! any r1 r2 ri rt ~ uniform

  6. Certifying randomness QM  What if the device/detectors are faulty? [Colbeck ‘06, Pioroni et al ‘10, Vidick-Vazirani ‘12,…] Amplification & certification of randomness: ExtractorInsnside Algorithm 2k bits k bits With High Probability: If device good: output ~ uniform If device faulty: rejects QM device No signaling

  7. Applications of Extractors • Using weak random sources in prob algorithms [B84,SV84,V85,VV85,CG85,V87,CW89,Z90-91] • Randomness-efficient error reduction of prob algorithms [Sip88, GZ97, MV99,STV99] • Derandomization of space-bounded algorithms [NZ93, INW94, RR99, GW02] • Distributed Algorithms [WZ95, Zuc97, RZ98, Ind02]. • Hardness of Approximation [Zuc93, Uma99, MU01] • Cryptography[CDHKS00, MW00, Lu02 Vad03] • Data Structures [Ta02] • Coding Theory [TZ01,TZS01] • Certifying & expanding randomness [Col09,Pir+09,VV12]

  8. Unifying Role of Extractors Extractors are intimately related to: • Hash Functions [ILL89,SZ94,GW94] • Expander Graphs [WZ93, RVW00, TUZ01,CRVW02] • Samplers[G97, Z97] • Pseudorandom Generators [Tre99, …] • Error-Correcting Codes [TZ01, TZS01, SU01, U02] • Ergodic Theory [Lindenstrauss 07] • Exponential sums Unify the theory of pseudorandomness.

  9. Definitions

  10. Weak random sources Distributions X on {0,1}n with “some” entropy: X=(X1,X2,…,Xn) • [vN] sources: ncoins of unknown fixed bias • [SV] sources: Pr[Xi+1 =1|X1=b1,…,Xi=bi]  (δ, 1-δ) • [LLS] sources: ncoins, some “sticky” • ….. • [Z] k-sources: H∞(X) ≥ k x Pr[X = x]  2-k e.g X uniform with support ≥ 2k k – the entropy in the weak source {0,1}n X

  11. Randomness Extractors(1st attempt) “weak” random source X k can be e.g n/2, √n, log n,… Ext : {0,1}n {0,1}m Impossible even if k=n-1 and m=1 X k-source of length n EXT {0,1}n Ext=0 Ext=1 m ≤ k m(almost) uniform bits X

  12. (short) “seed” d random bits Extractors [Nisan & Zuckerman `93] k-source of length n X EXT {0,1}n i {0,1}d m bits -close to uniform Exti(X) {0,1}m Want: efficient Ext, small d,  , large m

  13. Explicit & Efficient Extractors Non-constructive & optimal [Sip88,NZ93,RT97]: • Seed length d = log n + O(1). • Output length m = k - O(1). [...B86,SV86,CG87, NZ93, WZ93, GW94, SZ94, SSZ95, Zuc96, Ta96, Ta98, Tre99, RRV99a, RRV99b, ISW00, RSW00, RVW00, TUZ01, TZS01, SU01, LRVW03,…] Explicit constructions [GUV07, DW08] - Seed length d = O(log n) - Output length m = .99k

  14. d random bits Running probabilistic algorithms with weak random bits k-source of length n k=2m EXT Efficient! Try all possible 2d = poly(n)seeds. Take majority vote. m randombits (upto  L1 error) Input Probabilistic algorithm Output + Error prob <δ

  15. Constructionsvia the Kakeya Problem

  16. seed d random bits Mergers[Ta96]– very special case k k X,Y  Fqkq ~ n100 X or Y is random X,Y correlated! XY Mer [LRVW] Mer = aX+bY a,b  Fq ( d=2log q ) Major problems in analysis and geometry! Wolf: Smallest set in Fqk containing a line in every direction? Kakeya: Smallest set in R2 cont. a needle in every direction? Besikovich: Smallest set in R2 has area <ε for every ε>0! Dvir: Smallest set in Fqk has volume > (cq)k. Polynomial method! k m ≥.99k

  17. Thanks!

More Related