DOCSLIB.ORG

Pseudorandom Generators Without the XOR Lemma£

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Pseudorandom Generators Without the XOR Lemma£ Pseudorandom generators without the XOR Lemma£ [Extended Abstract] Þ Ü Madhu SudanÝ Luca Trevisan Salil Vadhan ½ ÁÒØÖÓ Impagliazzo and Wigderson [IW97] have recently shown that if This paper continues the exploration of hardness versus random- Ç ´Òµ there exists a decision problem solvable in time ¾ and hav- ness trade-offs, that is, results showing that randomized algorithms Òµ ª´ can be efficiently simulated deterministically if certain complexity- Ò È ing circuit complexity ¾ (for all but finitely many ) then theoretic assumptions are true. We present two new approaches BÈÈ . This result is a culmination of a series of works showing con- nections between the existence of hard predicates and the existence to proving the recent result of Impagliazzo and Wigderson [IW97] Ç ´Òµ of good pseudorandom generators. that, if there is a decision problem computable in time ¾ and ª´Òµ Ò The construction of Impagliazzo and Wigderson goes through having circuit complexity ¾ for all but finitely many , then BÈÈ three phases of “hardness amplification” (a multivariate polyno- È . Impagliazzo and Wigderson prove their result by pre- mial encoding, a first derandomized XOR Lemma, and a second senting a “randomness-efficient amplification of hardness” based derandomized XOR Lemma) that are composed with the Nisan– on a derandomized version of Yao’s XOR Lemma. The hardness- Wigderson [NW94] generator. In this paper we present two dif- amplification procedure is then composed with the Nisan–Wigderson ferent approaches to proving the main result of Impagliazzo and (NW) generator [NW94] and this gives the result. The hardness Wigderson. In developing each approach, we introduce new tech- amplification goes through three steps: an encoding using multi- niques and prove new results that could be useful in future improve- variate polynomials (from [BFNW93]), a first derandomized XOR ments and/or applications of hardness-randomness trade-offs. Lemma (from [Imp95]) and a second derandomized XOR Lemma Our first result is that when (a modified version of) the Nisan- (which is the technical contribution of [IW97]). Wigderson generator construction is applied with a “mildly” hard In our first result, we show how to construct a “pseudoentropy predicate, the result is a generator that produces a distribution indis- generator” starting from a predicate with “mild” hardness. Roughly tinguishable from having large min-entropy. An extractor can then speaking, a pseudoentropy generator takes a short random seed be used to produce a distribution computationally indistinguishable as input and outputs a distribution that is indistinguishable from from uniform. This is the first construction of a pseudorandom gen- having high min-entropy. Combining our pseudoentropy generator erator that works with a mildly hard predicate without doing hard- with an extractor, we obtain a pseudorandom generator. Interest- ness amplification. ingly, our pseudoentropy generator is (a modification of) the NW We then show that in the Impagliazzo–Wigderson construction generator itself. Along the way we prove that, when built out of only the first hardness-amplification phase (encoding with multi- a mildly hard predicate, the NW generator outputs a distribution variate polynomial) is necessary, since it already gives the required that is indistinguishable from having high Shannon entropy, a result average-case hardness. We prove this result by (i) establishing a that has not been observed before. The notion of a pseudoentropy connection between the hardness-amplification problem and a list- generator, and the idea that a pseudoentropy generator can be con- decoding problem for error-correcting codes based on multivariate verted into a pseudorandom generator using an extractor, are due polynomials; and (ii) presenting a list-decoding algorithm that im- to H˚astad et al. [HILL98].½ Our construction is the first construc- proves and simplifies a previous one by Arora and Sudan [AS97]. tion of a pseudorandom generator that works using a mildly hard predicate and without hardness amplification. £ The full version of this paper appears as [STV98]. Ý We then revisit the hardness amplification problem, as consid- Laboratory for Computer Science, 545 Technology Square, MIT, Cambridge, MA 02141. E-mail: [email protected]. ered in [BFNW93, Imp95, IW97], and we show that the first step Þ Department of Computer Science, Columbia University, 500W 120th St., New alone (encoding with multivariate polynomials) is sufficient to am- York, NY 10027. Email: [email protected]. Work done at MIT. plify hardness to the desired level, so that the derandomized XOR Ü Laboratory for Computer Science, 545 Technology Square, MIT, Cam- Lemmas are not necessary in this context. Our proof is based on bridge, MA 02141. E-mail: [email protected]. URL: a list-decoding algorithm for multivariate polynomial codes and http://theory.lcs.mit.edu/˜salil. Supported by a DOD/NDSEG grad- uate fellowship and partially by DARPA grant DABT63-96-C-0018. exploits a connection between the list-decoding and the hardness- amplification problems. The list-decoding algorithm described in this paper is quantitatively better than a previous one by Arora and Sudan [AS97], and has a simpler analysis. ½ To be accurate, the term extractor comes fron [NZ96] and postdates the paper of H˚astad et al. [HILL98]. ÓÚÖÚÛ Ó ÔÖÚÓÙ× Ö×ÙÐØ׺ Ò The works of Blum and in increasingly sophisticated forms, in [Imp95, IW97]. Likewise, Micali [BM84] and Yao [Yao82] introduce the notion of a cryp- the NW generator and its original analysis have always been used tographically strong pseudorandom generator (csPRG) and show in conditional derandomization results since.4 Future progress in how to construct pseudorandom generators based on the existence the area will probably require a departure from this observance of of one-way permutations. A csPRG is a polynomial-time algorithm the NW methodology, or at least a certain amount of revisitation of ¯ that on input a randomly selected string of length Ò produces an its main parts. output of length Ò that is computationally indistinguishable from In this paper, we give two new ways to build pseudorandom Òµ ¯ uniform by any adversary of Ô ÓÐÝ ´ size, where is an arbitrar- generators with seeds of logarithmic length. Both approaches by- ily small constant. Yao also observes that a given polynomial-time pass the need for the XOR Lemma, and instead use tools (such as randomized algorithm can be simulated deterministically using a list decoding, extractors, and pseudoentropy generators) that did ¯ Ò ¾ Ô ÓÐÝ ´Òµ csPRG in time ¡ by trying all the seeds and taking the not appear in the sequence of works from [NW94] to [IW97]. For majority answer. a diagram illustrating the steps leading up to the results of [IW97] In a seminal work, Nisan and Wigderson [NW94] explore the and how our techniques depart from that framework, see Figure 1. use of a weaker type of pseudorandom generator (PRG) in order to Both of our approaches are described in more detail below. derandomize randomized algorithm. They observe that, for the pur- pose of derandomization, one can consider generators computable Ø µ Ô ÓÐÝ ´Øµ Ø in time Ô ÓÐÝ ´¾ (instead of ) where is the length of the Worst−case hard seed, since the derandomization process cycles through all the seeds, polynomial Ø [BFNW93] and this induces an overhead factor ¾ anyway. They also observe encoding that one can restrict to generators that are good against adversaries whose running time is bounded by a fixed polynomial, instead of polynomial Mildly hard encoding Thm 10 XOR [Imp95] every polynomial. They then show how to construct a pseudo- + noisy Lemma random generator meeting this relaxed definition under weaker as- reconstruction (Thm 19) Constant hardness sumptions than those used to build cryptographically strong pseu- XOR Pseudoentropy Lemma [IW97] dorandom generators. Furthermore, they show that, under a suf- Generator ficiently strong assumption, one can build a PRG that uses seeds Extremely hard of logarithmic length (which would be impossible for a csPRG). [NW94] extractor Such a generator can be used to simulate randomized algorithms (Lem 13) BÈÈ in polynomial time, and its existence implies È . The con- Pseudorandom Generator dition under which Nisan and Wigderson prove the existence of a PRG with seeds of logarithmic length is the existence of a decision Ò f¼ ½g ! f¼ ½g problem (i.e., a predicate È ) solvable in time ´Òµ ¯Ò Ç Figure 1: A comparison of our approach with previous ones. Dou- ¯ ¾ ¾ such that for some positive constant no circuit of size ¯Ò ble arrows indicate our results. ¾ · ¾ can solve the problem on more than a fraction ½ of the inputs.¾ This is a very strong hardness requirement, and it is of interest to obtain similar conclusions under weaker assumptions. È×ÙÓ ÒØÖÓÔÝ ÒÖØÓÖº An example of a weaker assumption is the existence of a mildly Nisan and Wigderson show hard predicate. We say that a predicate is mildly hard if for some that when their generator is constructed using a very hard-on-average ¯Ò ¼ ¾ fixed ¯ no circuit of size can decide the predicate on more predicate, then the output of the generator is indistinguishable from ½Ô ÓÐÝ ´Òµ than a fraction ½ of the inputs. Nisan and Wigder- the uniform distribution. It is a natural question to ask what hap- son prove that mild hardness suffices to derive a pseudorandom pens if there are stronger or weaker conditions on the predicate. In ¾ ´ÐÓ Òµ generator with seed of Ç length, which in turn implies a this paper we consider the question of what happens if the predicate quasi-polynomial deterministic simulation of BÈÈ. This result is is only mildly hard. Specifically we are interested in whether expo- proved by using Yao’s XOR Lemma [Yao82] (see, e.g., [GNW95] nential average-case hardness is really necessary for direct pseu- for a proof) to convert a mildly hard predicate over Ò inputs into dorandom generation.
Load more

Recommended publications
  • Four Results of Jon Kleinberg a Talk for St.Petersburg Mathematical Society
    Four Results of Jon Kleinberg A Talk for St.Petersburg Mathematical Society Yury Lifshits Steklov Institute of Mathematics at St.Petersburg May 2007 1 / 43 2 Hubs and Authorities 3 Nearest Neighbors: Faster Than Brute Force 4 Navigation in a Small World 5 Bursty Structure in Streams Outline 1 Nevanlinna Prize for Jon Kleinberg History of Nevanlinna Prize Who is Jon Kleinberg 2 / 43 3 Nearest Neighbors: Faster Than Brute Force 4 Navigation in a Small World 5 Bursty Structure in Streams Outline 1 Nevanlinna Prize for Jon Kleinberg History of Nevanlinna Prize Who is Jon Kleinberg 2 Hubs and Authorities 2 / 43 4 Navigation in a Small World 5 Bursty Structure in Streams Outline 1 Nevanlinna Prize for Jon Kleinberg History of Nevanlinna Prize Who is Jon Kleinberg 2 Hubs and Authorities 3 Nearest Neighbors: Faster Than Brute Force 2 / 43 5 Bursty Structure in Streams Outline 1 Nevanlinna Prize for Jon Kleinberg History of Nevanlinna Prize Who is Jon Kleinberg 2 Hubs and Authorities 3 Nearest Neighbors: Faster Than Brute Force 4 Navigation in a Small World 2 / 43 Outline 1 Nevanlinna Prize for Jon Kleinberg History of Nevanlinna Prize Who is Jon Kleinberg 2 Hubs and Authorities 3 Nearest Neighbors: Faster Than Brute Force 4 Navigation in a Small World 5 Bursty Structure in Streams 2 / 43 Part I History of Nevanlinna Prize Career of Jon Kleinberg 3 / 43 Nevanlinna Prize The Rolf Nevanlinna Prize is awarded once every 4 years at the International Congress of Mathematicians, for outstanding contributions in Mathematical Aspects of Information Sciences including: 1 All mathematical aspects of computer science, including complexity theory, logic of programming languages, analysis of algorithms, cryptography, computer vision, pattern recognition, information processing and modelling of intelligence.
    [Show full text]
  • Prahladh Harsha
    Prahladh Harsha Toyota Technological Institute, Chicago phone : +1-773-834-2549 University Press Building fax : +1-773-834-9881 1427 East 60th Street, Second Floor Chicago, IL 60637 email : [email protected] http://ttic.uchicago.edu/∼prahladh Research Interests Computational Complexity, Probabilistically Checkable Proofs (PCPs), Information Theory, Prop- erty Testing, Proof Complexity, Communication Complexity. Education • Doctor of Philosophy (PhD) Computer Science, Massachusetts Institute of Technology, 2004 Research Advisor : Professor Madhu Sudan PhD Thesis: Robust PCPs of Proximity and Shorter PCPs • Master of Science (SM) Computer Science, Massachusetts Institute of Technology, 2000 • Bachelor of Technology (BTech) Computer Science and Engineering, Indian Institute of Technology, Madras, 1998 Work Experience • Toyota Technological Institute, Chicago September 2004 – Present Research Assistant Professor • Technion, Israel Institute of Technology, Haifa February 2007 – May 2007 Visiting Scientist • Microsoft Research, Silicon Valley January 2005 – September 2005 Postdoctoral Researcher Honours and Awards • Summer Research Fellow 1997, Jawaharlal Nehru Center for Advanced Scientific Research, Ban- galore. • Rajiv Gandhi Science Talent Research Fellow 1997, Jawaharlal Nehru Center for Advanced Scien- tific Research, Bangalore. • Award Winner in the Indian National Mathematical Olympiad (INMO) 1993, National Board of Higher Mathematics (NBHM). • National Board of Higher Mathematics (NBHM) Nurture Program award 1995-1998. The Nurture program 1995-1998, coordinated by Prof. Alladi Sitaram, Indian Statistical Institute, Bangalore involves various topics in higher mathematics. 1 • Ranked 7th in the All India Joint Entrance Examination (JEE) for admission into the Indian Institutes of Technology (among the 100,000 candidates who appeared for the examination). • Papers invited to special issues – “Robust PCPs of Proximity, Shorter PCPs, and Applications to Coding” (with Eli Ben- Sasson, Oded Goldreich, Madhu Sudan, and Salil Vadhan).
    [Show full text]
  • Some Hardness Escalation Results in Computational Complexity Theory Pritish Kamath
    Some Hardness Escalation Results in Computational Complexity Theory by Pritish Kamath B.Tech. Indian Institute of Technology Bombay (2012) S.M. Massachusetts Institute of Technology (2015) Submitted to Department of Electrical Engineering and Computer Science in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Electrical Engineering & Computer Science at Massachusetts Institute of Technology February 2020 ⃝c Massachusetts Institute of Technology 2019. All rights reserved. Author: ............................................................. Department of Electrical Engineering and Computer Science September 16, 2019 Certified by: ............................................................. Ronitt Rubinfeld Professor of Electrical Engineering and Computer Science, MIT Thesis Supervisor Certified by: ............................................................. Madhu Sudan Gordon McKay Professor of Computer Science, Harvard University Thesis Supervisor Accepted by: ............................................................. Leslie A. Kolodziejski Professor of Electrical Engineering and Computer Science, MIT Chair, Department Committee on Graduate Students Some Hardness Escalation Results in Computational Complexity Theory by Pritish Kamath Submitted to Department of Electrical Engineering and Computer Science on September 16, 2019, in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science & Engineering Abstract In this thesis, we prove new hardness escalation results in computational complexity theory; a phenomenon where hardness results against seemingly weak models of computation for any problem can be lifted, in a black box manner, to much stronger models of computation by considering a simple gadget composed version of the original problem. For any unsatisfiable CNF formula F that is hard to refute in the Resolution proof system, we show that a gadget-composed version of F is hard to refute in any proof system whose lines are computed by efficient communication protocols.
    [Show full text]
  • Pairwise Independence and Derandomization
    Pairwise Independence and Derandomization Pairwise Independence and Derandomization Michael Luby Digital Fountain Fremont, CA, USA Avi Wigderson Institute for Advanced Study Princeton, NJ, USA [email protected] Boston – Delft Foundations and TrendsR in Theoretical Computer Science Published, sold and distributed by: now Publishers Inc. PO Box 1024 Hanover, MA 02339 USA Tel. +1-781-985-4510 www.nowpublishers.com [email protected] Outside North America: now Publishers Inc. PO Box 179 2600 AD Delft The Netherlands Tel. +31-6-51115274 A Cataloging-in-Publication record is available from the Library of Congress The preferred citation for this publication is M. Luby and A. Wigderson, Pairwise R Independence and Derandomization, Foundation and Trends in Theoretical Com- puter Science, vol 1, no 4, pp 237–301, 2005 Printed on acid-free paper ISBN: 1-933019-22-0 c 2006 M. Luby and A. Wigderson All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, mechanical, photocopying, recording or otherwise, without prior written permission of the publishers. Photocopying. In the USA: This journal is registered at the Copyright Clearance Cen- ter, Inc., 222 Rosewood Drive, Danvers, MA 01923. Authorization to photocopy items for internal or personal use, or the internal or personal use of specific clients, is granted by now Publishers Inc for users registered with the Copyright Clearance Center (CCC). The ‘services’ for users can be found on the internet at: www.copyright.com For those organizations that have been granted a photocopy license, a separate system of payment has been arranged.
    [Show full text]
  • David Karger Rajeev Motwani Y Madhu Sudan Z
    Approximate Graph Coloring by Semidenite Programming y z David Karger Rajeev Motwani Madhu Sudan Abstract We consider the problem of coloring k colorable graphs with the fewest p ossible colors We present a randomized p olynomial time algorithm which colors a colorable graph on n vertices 12 12 13 14 with minfO log log n O n log ng colors where is the maximum degree of any vertex Besides giving the b est known approximation ratio in terms of n this marks the rst nontrivial approximation result as a function of the maximum degree This result can 12 12k b e generalized to k colorable graphs to obtain a coloring using minfO log log n 12 13(k +1) O n log ng colors Our results are inspired by the recent work of Go emans and Williamson who used an algorithm for semidenite optimization problems which generalize lin ear programs to obtain improved approximations for the MAX CUT and MAX SAT problems An intriguing outcome of our work is a duality relationship established b etween the value of the optimum solution to our semidenite program and the Lovasz function We show lower b ounds on the gap b etween the optimum solution of our semidenite program and the actual chromatic numb er by duality this also demonstrates interesting new facts ab out the function MIT Lab oratory for Computer Science Cambridge MA Email kargermitedu URL httptheorylcsmitedukarger Supp orted by a Hertz Foundation Graduate Fellowship by NSF Young In vestigator Award CCR with matching funds from IBM Schlumb erger Foundation Shell Foundation and Xerox Corp oration
    [Show full text]
  • Avi Wigderson
    On the Work of Madhu Sudan Avi Wigderson Madhu Sudan is the recipient of the 2002 Nevan- “eyeglasses” were key in this study of the no- linna Prize. Sudan has made fundamental contri- tions proof (again) and error correction. butions to two major areas of research, the con- • Theoretical computer science is an extremely nections between them, and their applications. interactive and collaborative community. The first area is coding theory. Established by Sudan’s work was not done in a vacuum, and Shannon and Hamming over fifty years ago, it is much of the background to it, conceptual and technical, was developed by other people. The the mathematical study of the possibility of, and space I have does not allow me to give proper the limits on, reliable communication over noisy credit to all these people. A much better job media. The second area is probabilistically check- has been done by Sudan himself; his homepage able proofs (PCPs). By contrast, it is only ten years (http://theory.lcs.mit.edu/~madhu/) con- old. It studies the minimal resources required for tains several surveys of these areas which give probabilistic verification of standard mathemati- proper historical accounts and references. In cal proofs. particular see [13] for a survey on PCPs and [15] My plan is to briefly introduce these areas, their for a survey on the work on error correction. motivation, and foundational questions and then to explain Sudan’s main contributions to each. Be- Probabilistic Checking of Proofs fore we get to the specific works of Madhu Sudan, One informal variant of the celebrated P versus let us start with a couple of comments that will set NP question asks, Can mathematicians, past and up the context of his work.
    [Show full text]
  • Lecture Notes in Computer Science 4833 Commenced Publication in 1973 Founding and Former Series Editors: Gerhard Goos, Juris Hartmanis, and Jan Van Leeuwen
    Lecture Notes in Computer Science 4833 Commenced Publication in 1973 Founding and Former Series Editors: Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen Editorial Board David Hutchison Lancaster University, UK Takeo Kanade Carnegie Mellon University, Pittsburgh, PA, USA Josef Kittler University of Surrey, Guildford, UK Jon M. Kleinberg Cornell University, Ithaca, NY, USA Friedemann Mattern ETH Zurich, Switzerland John C. Mitchell Stanford University, CA, USA Moni Naor Weizmann Institute of Science, Rehovot, Israel Oscar Nierstrasz University of Bern, Switzerland C. Pandu Rangan Indian Institute of Technology, Madras, India Bernhard Steffen University of Dortmund, Germany Madhu Sudan Massachusetts Institute of Technology, MA, USA Demetri Terzopoulos University of California, Los Angeles, CA, USA Doug Tygar University of California, Berkeley, CA, USA Moshe Y. Vardi Rice University, Houston, TX, USA Gerhard Weikum Max-Planck Institute of Computer Science, Saarbruecken, Germany Kaoru Kurosawa (Ed.) Advances in Cryptology – ASIACRYPT 2007 13th International Conference on the Theory and Application of Cryptology and Information Security Kuching, Malaysia, December 2-6, 2007 Proceedings 13 Volume Editor Kaoru Kurosawa Ibaraki University Department of Computer and Information Sciences 4-12-1 Nakanarusawa Hitachi, Ibaraki 316-8511, Japan E-mail: [email protected] Library of Congress Control Number: 2007939450 CR Subject Classification (1998): E.3, D.4.6, F.2.1-2, K.6.5, C.2, J.1, G.2 LNCS Sublibrary: SL 4 – Security and Cryptology ISSN 0302-9743 ISBN-10 3-540-76899-8 Springer Berlin Heidelberg New York ISBN-13 978-3-540-76899-9 Springer Berlin Heidelberg New York This work is subject to copyright.
    [Show full text]
  • On the Work of Madhu Sudan Von Avi Wigderson
    Avi Wigderson On the Work of Madhu Sudan von Avi Wigderson Madhu Sudan is the recipient of the 2002 Nevanlinna Prize. Sudan has made fundamental contributions to two major areas of research, the connections between them, and their applications. The first area is coding theory. Established by Shannon and Hamming over fifty years ago, it is the mathematical study of the possibility of, and the limits on, reliable communication over noisy media. The second area is probabilistically checkable proofs (PCPs). By contrast, it is only ten years old. It studies the minimal resources required for probabilistic verification of standard mathematical proofs. My plan is to briefly introduce these areas, their mo- Probabilistic Checking of Proofs tivation, and foundational questions and then to ex- One informal variant of the celebrated P versus NP plain Sudan’s main contributions to each. Before we question asks,“Can mathematicians, past and future, get to the specific works of Madhu Sudan, let us start be replaced by an efficient computer program?” We with a couple of comments that will set up the con- first define these notions and then explain the PCP text of his work. theorem and its impact on this foundational question. Madhu Sudan works in computational complexity theory. This research discipline attempts to rigor- Efficient Computation ously define and study efficient versions of objects and notions arising in computational settings. This Throughout, by an efficient algorithm (or program, machine, or procedure) we mean an algorithm which focus on efficiency is of course natural when studying 1 computation itself, but it also has proved extremely runs at most some fixed polynomial time in the fruitful in studying other fundamental notions such length of its input.
    [Show full text]
  • Evasiveness of Graph Properties and Topological Fixed-Point Theorems
    Evasiveness of Graph Properties and Topological Fixed-Point Theorems arXiv:1306.0110v2 [math.CO] 7 Jun 2013 Evasiveness of Graph Properties and Topological Fixed-Point Theorems Carl A. Miller University of Michigan USA [email protected] Boston – Delft R Foundations and Trends in Theoretical Computer Science Published, sold and distributed by: now Publishers Inc. PO Box 1024 Hanover, MA 02339 USA Tel. +1-781-985-4510 www.nowpublishers.com [email protected] Outside North America: now Publishers Inc. PO Box 179 2600 AD Delft The Netherlands Tel. +31-6-51115274 The preferred citation for this publication is C. A. Miller, Evasiveness of Graph R Properties and Topological Fixed-Point Theorems, Foundation and Trends in Theoretical Computer Science, vol 7, no 4, pp 337–415, 2011 ISBN: 978-1-60198-664-1 c 2013 C. A. Miller All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, mechanical, photocopying, recording or otherwise, without prior written permission of the publishers. Photocopying. In the USA: This journal is registered at the Copyright Clearance Cen- ter, Inc., 222 Rosewood Drive, Danvers, MA 01923. Authorization to photocopy items for internal or personal use, or the internal or personal use of specific clients, is granted by now Publishers Inc. for users registered with the Copyright Clearance Center (CCC). The ‘services’ for users can be found on the internet at: www.copyright.com For those organizations that have been granted a photocopy license, a separate system of payment has been arranged. Authorization does not extend to other kinds of copy- ing, such as that for general distribution, for advertising or promotional purposes, for creating new collective works, or for resale.
    [Show full text]
  • Separating Local & Shuffled Differential Privacy Via Histograms
    Separating Local & Shuffled Differential Privacy via Histograms Victor Balcer∗ and Albert Cheu† April 15, 2020 Abstract Recent work in differential privacy has highlighted the shuffled model as a promising avenue to compute accurate statistics while keeping raw data in users’ hands. We present a protocol in this model that estimates histograms with error independent of the domain size. This implies an arbitrarily large gap in sample complexity between the shuffled and local models. On the other hand, we show that the models are equivalent when we impose the constraints of pure differential privacy and single-message randomizers. 1 Introduction The local model of private computation has minimal trust assumptions: each user executes a randomized algorithm on their data and sends the output message to an analyzer [17, 19, 11]. While this model has appeal to the users—their data is never shared in the clear—the noise in every message poses a roadblock to accurate statistics. For example, a locally private d-bin histogram has, on some bin, error scaling with √log d. But when users trust the analyzer with their raw data (the central model), there is an algorithm that achieves error independent of d on every bin. Because the local and central models lie at the extremes of trust, recent work has focused on the intermediate shuffled model [6, 8]. In this model, users execute ranomization like in the local model but now a trusted shuffler applies a uniformly random permutation to all user messages before the analyzer can view them. The anonymity provided by the shuffler allows users to introduce less noise than in the local model while achieving the same level of privacy.
    [Show full text]
  • Point-Hyperplane Incidence Geometry and the Log-Rank Conjecture
    Point-hyperplane incidence geometry and the log-rank conjecture Noah Singer∗ Madhu Sudan† September 16, 2021 Abstract We study the log-rank conjecture from the perspective of point-hyperplane incidence geometry. We d formulate the following conjecture: Given a point set in R that is covered by constant-sized sets of parallel polylog(d) hyperplanes, there exists an affine subspace that accounts for a large (i.e., 2− ) fraction of the incidences, in the sense of containing a large fraction of the points and being contained in a large fraction of the hyperplanes. (In other words, the point-hyperplane incidence graph for such configurations has a large complete bipartite subgraph.) Alternatively, our conjecture may be interpreted linear-algebraically as follows: Any rank-d matrix containing at most O(1) distinct entries in each column contains a submatrix polylog(d) of fractional size 2− , in which each column contains one distinct entry. We prove that our conjecture is equivalent to the log-rank conjecture; the crucial ingredient of this proof is a reduction from bounds for parallel k-partitions to bounds for parallel (k 1)-partitions. We also introduce an (apparent) − strengthening of the conjecture, which relaxes the requirements that the sets of hyperplanes be parallel. Motivated by the connections above, we revisit well-studied questions in point-hyperplane incidence geometry without structural assumptions (i.e., the existence of partitions), and in particular, we initiate the study of complete bipartite subgraph size in incidence graphs in the regime where dimension is not a constant. We give an elementary argument for the existence of complete bipartite subgraphs d of density Ω(ǫ2 /d) in any d-dimensional configuration with incidence density ǫ (qualitatively matching previous results, which had implicit dimension-dependent constants and required sophisticated incidence- geometric techniques).
    [Show full text]
  • Probabilistic Checking of Proofs and Hardness of Approximation Problems
    Probabilistic Checking of Pro ofs and Hardness of Approximation Problems Sanjeev Arora CSTR Revised version of a dissertation submitted at CS Division UC Berkeley in August Princeton techrep orts are available in p ostscript form via anonymous ftp from ftpcsprincetonedu InterNet address You may log in as anonymous and giveyour email ad dress as password Change to the directory reports The le README gives details and the le INDEX lists the numb ers and the titles of all rep orts This rep ort is numb ered Hardcopies of this rep ort are available for a charge of only US dollar checks accepted from the following address Technical Rep orts Department of Computer Science Princeton University Olden Street Princeton NJ Probabilistic Checking of Pro ofs and Hardness of Approximation Problems c Copyright by Sanjeev Arora The dissertation committee consisted of Professor Umesh V Vazirani Chair Professor Richard M Karp Professor John W Addison The authors current address Department of Computer Science Olden St Princeton University Princeton NJ email aroracsprincetonedu Tomyparents and members of my family including the ones who just joined Contents Intro duction This dissertation Hardness of Approximation A New Characterization of NP Knowledge assumed of the Reader Old vs New Views of NP The Old View Co okLevin Theorem Optimization and Approximation A New View of NP The PCP Theorem Connection to Approximation History and Background PCPAnOverview
    [Show full text]