Hashing, Load Balancing and Multiple Choice
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Using Tabulation to Implement the Power of Hashing Using Tabulation to Implement the Power of Hashing Talk Surveys Results from I M
Talk surveys results from I M. Patras¸cuˇ and M. Thorup: The power of simple tabulation hashing. STOC’11 and J. ACM’12. I M. Patras¸cuˇ and M. Thorup: Twisted Tabulation Hashing. SODA’13 I M. Thorup: Simple Tabulation, Fast Expanders, Double Tabulation, and High Independence. FOCS’13. I S. Dahlgaard and M. Thorup: Approximately Minwise Independence with Twisted Tabulation. SWAT’14. I T. Christiani, R. Pagh, and M. Thorup: From Independence to Expansion and Back Again. STOC’15. I S. Dahlgaard, M.B.T. Knudsen and E. Rotenberg, and M. Thorup: Hashing for Statistics over K-Partitions. FOCS’15. Using Tabulation to Implement The Power of Hashing Using Tabulation to Implement The Power of Hashing Talk surveys results from I M. Patras¸cuˇ and M. Thorup: The power of simple tabulation hashing. STOC’11 and J. ACM’12. I M. Patras¸cuˇ and M. Thorup: Twisted Tabulation Hashing. SODA’13 I M. Thorup: Simple Tabulation, Fast Expanders, Double Tabulation, and High Independence. FOCS’13. I S. Dahlgaard and M. Thorup: Approximately Minwise Independence with Twisted Tabulation. SWAT’14. I T. Christiani, R. Pagh, and M. Thorup: From Independence to Expansion and Back Again. STOC’15. I S. Dahlgaard, M.B.T. Knudsen and E. Rotenberg, and M. Thorup: Hashing for Statistics over K-Partitions. FOCS’15. I Providing algorithmically important probabilisitic guarantees akin to those of truly random hashing, yet easy to implement. I Bridging theory (assuming truly random hashing) with practice (needing something implementable). I Many randomized algorithms are very simple and popular in practice, but often implemented with too simple hash functions, so guarantees only for sufficiently random input. -
The Power of Tabulation Hashing
Thank you for inviting me to China Theory Week. Joint work with Mihai Patras¸cuˇ . Some of it found in Proc. STOC’11. The Power of Tabulation Hashing Mikkel Thorup University of Copenhagen AT&T Joint work with Mihai Patras¸cuˇ . Some of it found in Proc. STOC’11. The Power of Tabulation Hashing Mikkel Thorup University of Copenhagen AT&T Thank you for inviting me to China Theory Week. The Power of Tabulation Hashing Mikkel Thorup University of Copenhagen AT&T Thank you for inviting me to China Theory Week. Joint work with Mihai Patras¸cuˇ . Some of it found in Proc. STOC’11. I Providing algorithmically important probabilisitic guarantees akin to those of truly random hashing, yet easy to implement. I Bridging theory (assuming truly random hashing) with practice (needing something implementable). Target I Simple and reliable pseudo-random hashing. I Bridging theory (assuming truly random hashing) with practice (needing something implementable). Target I Simple and reliable pseudo-random hashing. I Providing algorithmically important probabilisitic guarantees akin to those of truly random hashing, yet easy to implement. Target I Simple and reliable pseudo-random hashing. I Providing algorithmically important probabilisitic guarantees akin to those of truly random hashing, yet easy to implement. I Bridging theory (assuming truly random hashing) with practice (needing something implementable). Applications of Hashing Hash tables (n keys and 2n hashes: expect 1/2 keys per hash) I chaining: follow pointers • x • ! a ! t • • ! v • • ! f ! s -
Concurrent Non-Malleable Zero Knowledge Proofs
Concurrent Non-Malleable Zero Knowledge Proofs Huijia Lin?, Rafael Pass??, Wei-Lung Dustin Tseng???, and Muthuramakrishnan Venkitasubramaniam Cornell University, {huijia,rafael,wdtseng,vmuthu}@cs.cornell.edu Abstract. Concurrent non-malleable zero-knowledge (NMZK) consid- ers the concurrent execution of zero-knowledge protocols in a setting where the attacker can simultaneously corrupt multiple provers and ver- ifiers. Barak, Prabhakaran and Sahai (FOCS’06) recently provided the first construction of a concurrent NMZK protocol without any set-up assumptions. Their protocol, however, is only computationally sound (a.k.a., a concurrent NMZK argument). In this work we present the first construction of a concurrent NMZK proof without any set-up assump- tions. Our protocol requires poly(n) rounds assuming one-way functions, or O~(log n) rounds assuming collision-resistant hash functions. As an additional contribution, we improve the round complexity of con- current NMZK arguments based on one-way functions (from poly(n) to O~(log n)), and achieve a near linear (instead of cubic) security reduc- tions. Taken together, our results close the gap between concurrent ZK protocols and concurrent NMZK protocols (in terms of feasibility, round complexity, hardness assumptions, and tightness of the security reduc- tion). 1 Introduction Zero-knowledge (ZK) interactive proofs [GMR89] are fundamental constructs that allow the Prover to convince the Verifier of the validity of a mathematical statement x 2 L, while providing zero additional knowledge to the Verifier. Con- current ZK, first introduced and achieved by Dwork, Naor and Sahai [DNS04], considers the execution of zero-knowledge protocols in an asynchronous and con- current setting. -
FOCS 2005 Program SUNDAY October 23, 2005
FOCS 2005 Program SUNDAY October 23, 2005 Talks in Grand Ballroom, 17th floor Session 1: 8:50am – 10:10am Chair: Eva´ Tardos 8:50 Agnostically Learning Halfspaces Adam Kalai, Adam Klivans, Yishay Mansour and Rocco Servedio 9:10 Noise stability of functions with low influences: invari- ance and optimality The 46th Annual IEEE Symposium on Elchanan Mossel, Ryan O’Donnell and Krzysztof Foundations of Computer Science Oleszkiewicz October 22-25, 2005 Omni William Penn Hotel, 9:30 Every decision tree has an influential variable Pittsburgh, PA Ryan O’Donnell, Michael Saks, Oded Schramm and Rocco Servedio Sponsored by the IEEE Computer Society Technical Committee on Mathematical Foundations of Computing 9:50 Lower Bounds for the Noisy Broadcast Problem In cooperation with ACM SIGACT Navin Goyal, Guy Kindler and Michael Saks Break 10:10am – 10:30am FOCS ’05 gratefully acknowledges financial support from Microsoft Research, Yahoo! Research, and the CMU Aladdin center Session 2: 10:30am – 12:10pm Chair: Satish Rao SATURDAY October 22, 2005 10:30 The Unique Games Conjecture, Integrality Gap for Cut Problems and Embeddability of Negative Type Metrics Tutorials held at CMU University Center into `1 [Best paper award] Reception at Omni William Penn Hotel, Monongahela Room, Subhash Khot and Nisheeth Vishnoi 17th floor 10:50 The Closest Substring problem with small distances Tutorial 1: 1:30pm – 3:30pm Daniel Marx (McConomy Auditorium) Chair: Irit Dinur 11:10 Fitting tree metrics: Hierarchical clustering and Phy- logeny Subhash Khot Nir Ailon and Moses Charikar On the Unique Games Conjecture 11:30 Metric Embeddings with Relaxed Guarantees Break 3:30pm – 4:00pm Ittai Abraham, Yair Bartal, T-H. -
Magic Adversaries Versus Individual Reduction: Science Wins Either Way ?
Magic Adversaries Versus Individual Reduction: Science Wins Either Way ? Yi Deng1;2 1 SKLOIS, Institute of Information Engineering, CAS, Beijing, P.R.China 2 State Key Laboratory of Cryptology, P. O. Box 5159, Beijing ,100878,China [email protected] Abstract. We prove that, assuming there exists an injective one-way function f, at least one of the following statements is true: – (Infinitely-often) Non-uniform public-key encryption and key agreement exist; – The Feige-Shamir protocol instantiated with f is distributional concurrent zero knowledge for a large class of distributions over any OR NP-relations with small distinguishability gap. The questions of whether we can achieve these goals are known to be subject to black-box lim- itations. Our win-win result also establishes an unexpected connection between the complexity of public-key encryption and the round-complexity of concurrent zero knowledge. As the main technical contribution, we introduce a dissection procedure for concurrent ad- versaries, which enables us to transform a magic concurrent adversary that breaks the distribu- tional concurrent zero knowledge of the Feige-Shamir protocol into non-black-box construc- tions of (infinitely-often) public-key encryption and key agreement. This dissection of complex algorithms gives insight into the fundamental gap between the known universal security reductions/simulations, in which a single reduction algorithm or simu- lator works for all adversaries, and the natural security definitions (that are sufficient for almost all cryptographic primitives/protocols), which switch the order of qualifiers and only require that for every adversary there exists an individual reduction or simulator. 1 Introduction The seminal work of Impagliazzo and Rudich [IR89] provides a methodology for studying the lim- itations of black-box reductions. -
Data Structures Meet Cryptography: 3SUM with Preprocessing
Data Structures Meet Cryptography: 3SUM with Preprocessing Alexander Golovnev Siyao Guo Thibaut Horel Harvard NYU Shanghai MIT [email protected] [email protected] [email protected] Sunoo Park Vinod Vaikuntanathan MIT & Harvard MIT [email protected] [email protected] Abstract This paper shows several connections between data structure problems and cryptography against preprocessing attacks. Our results span data structure upper bounds, cryptographic applications, and data structure lower bounds, as summarized next. First, we apply Fiat–Naor inversion, a technique with cryptographic origins, to obtain a data structure upper bound. In particular, our technique yields a suite of algorithms with space S and (online) time T for a preprocessing version of the N-input 3SUM problem where S3 T = O(N 6). This disproves a strong conjecture (Goldstein et al., WADS 2017) that there is no data· structure − − that solves this problem for S = N 2 δ and T = N 1 δ for any constant δ > 0. e Secondly, we show equivalence between lower bounds for a broad class of (static) data struc- ture problems and one-way functions in the random oracle model that resist a very strong form of preprocessing attack. Concretely, given a random function F :[N] [N] (accessed as an oracle) we show how to compile it into a function GF :[N 2] [N 2] which→ resists S-bit prepro- cessing attacks that run in query time T where ST = O(N 2−→ε) (assuming a corresponding data structure lower bound on 3SUM). In contrast, a classical result of Hellman tells us that F itself can be more easily inverted, say with N 2/3-bit preprocessing in N 2/3 time. -
CURRICULUM VITAE Rafail Ostrovsky
last updated: December 26, 2020 CURRICULUM VITAE Rafail Ostrovsky Distinguished Professor of Computer Science and Mathematics, UCLA http://www.cs.ucla.edu/∼rafail/ mailing address: Contact information: UCLA Computer Science Department Phone: (310) 206-5283 475 ENGINEERING VI, E-mail: [email protected] Los Angeles, CA, 90095-1596 Research • Cryptography and Computer Security; Interests • Streaming Algorithms; Routing and Network Algorithms; • Search and Classification Problems on High-Dimensional Data. Education NSF Mathematical Sciences Postdoctoral Research Fellow Conducted at U.C. Berkeley 1992-95. Host: Prof. Manuel Blum. Ph.D. in Computer Science, Massachusetts Institute of Technology, 1989-92. • Thesis titled: \Software Protection and Simulation on Oblivious RAMs", Ph.D. advisor: Prof. Silvio Micali. Final version appeared in Journal of ACM, 1996. Practical applications of thesis work appeared in U.S. Patent No.5,123,045. • Minor: \Management and Technology", M.I.T. Sloan School of Management. M.S. in Computer Science, Boston University, 1985-87. B.A. Magna Cum Laude in Mathematics, State University of New York at Buffalo, 1980-84. Department of Mathematics Graduation Honors: With highest distinction. Personal • U.S. citizen, naturalized in Boston, MA, 1986. Data Appointments UCLA Computer Science Department (2003 { present): Distinguished Professor of Computer Science. Recruited in 2003 as a Full Professor with Tenure. UCLA School of Engineering (2003 { present): Director, Center for Information and Computation Security. (See http://www.cs.ucla.edu/security/.) UCLA Department of Mathematics (2006 { present): Distinguished Professor of Mathematics (by courtesy). 1 Appointments Bell Communications Research (Bellcore) (cont.) (1999 { 2003): Senior Research Scientist; (1995 { 1999): Research Scientist, Mathematics and Cryptography Research Group, Applied Research. -
Hash Tables & Searching Algorithms
Search Algorithms and Tables Chapter 11 Tables • A table, or dictionary, is an abstract data type whose data items are stored and retrieved according to a key value. • The items are called records. • Each record can have a number of data fields. • The data is ordered based on one of the fields, named the key field. • The record we are searching for has a key value that is called the target. • The table may be implemented using a variety of data structures: array, tree, heap, etc. Sequential Search public static int search(int[] a, int target) { int i = 0; boolean found = false; while ((i < a.length) && ! found) { if (a[i] == target) found = true; else i++; } if (found) return i; else return –1; } Sequential Search on Tables public static int search(someClass[] a, int target) { int i = 0; boolean found = false; while ((i < a.length) && !found){ if (a[i].getKey() == target) found = true; else i++; } if (found) return i; else return –1; } Sequential Search on N elements • Best Case Number of comparisons: 1 = O(1) • Average Case Number of comparisons: (1 + 2 + ... + N)/N = (N+1)/2 = O(N) • Worst Case Number of comparisons: N = O(N) Binary Search • Can be applied to any random-access data structure where the data elements are sorted. • Additional parameters: first – index of the first element to examine size – number of elements to search starting from the first element above Binary Search • Precondition: If size > 0, then the data structure must have size elements starting with the element denoted as the first element. In addition, these elements are sorted. -
Chapter 5 Hashing
Introduction hashing performs basic operations, such as insertion, Chapter 5 deletion, and finds in average time Hashing 2 Hashing Hashing Functions a hash table is merely an of some fixed size let be the set of search keys hashing converts into locations in a hash hash functions map into the set of in the table hash table searching on the key becomes something like array lookup ideally, distributes over the slots of the hash table, to minimize collisions hashing is typically a many-to-one map: multiple keys are if we are hashing items, we want the number of items mapped to the same array index hashed to each location to be close to mapping multiple keys to the same position results in a example: Library of Congress Classification System ____________ that must be resolved hash function if we look at the first part of the call numbers two parts to hashing: (e.g., E470, PN1995) a hash function, which transforms keys into array indices collision resolution involves going to the stacks and a collision resolution procedure looking through the books almost all of CS is hashed to QA75 and QA76 (BAD) 3 4 Hashing Functions Hashing Functions suppose we are storing a set of nonnegative integers we can also use the hash function below for floating point given , we can obtain hash values between 0 and 1 with the numbers if we interpret the bits as an ______________ hash function two ways to do this in C, assuming long int and double when is divided by types have the same length fast operation, but we need to be careful when choosing first method uses -
Adversarial Robustness of Streaming Algorithms Through Importance Sampling
Adversarial Robustness of Streaming Algorithms through Importance Sampling Vladimir Braverman Avinatan Hassidim Yossi Matias Mariano Schain Google∗ Googley Googlez Googlex Sandeep Silwal Samson Zhou MITO CMU{ June 30, 2021 Abstract Robustness against adversarial attacks has recently been at the forefront of algorithmic design for machine learning tasks. In the adversarial streaming model, an adversary gives an algorithm a sequence of adaptively chosen updates u1; : : : ; un as a data stream. The goal of the algorithm is to compute or approximate some predetermined function for every prefix of the adversarial stream, but the adversary may generate future updates based on previous outputs of the algorithm. In particular, the adversary may gradually learn the random bits internally used by an algorithm to manipulate dependencies in the input. This is especially problematic as many important problems in the streaming model require randomized algorithms, as they are known to not admit any deterministic algorithms that use sublinear space. In this paper, we introduce adversarially robust streaming algorithms for central machine learning and algorithmic tasks, such as regression and clustering, as well as their more general counterparts, subspace embedding, low-rank approximation, and coreset construction. For regression and other numerical linear algebra related tasks, we consider the row arrival streaming model. Our results are based on a simple, but powerful, observation that many importance sampling-based algorithms give rise to adversarial robustness which is in contrast to sketching based algorithms, which are very prevalent in the streaming literature but suffer from adversarial attacks. In addition, we show that the well-known merge and reduce paradigm in streaming is adversarially robust. -
Non-Empty Bins with Simple Tabulation Hashing
Non-Empty Bins with Simple Tabulation Hashing Anders Aamand and Mikkel Thorup November 1, 2018 Abstract We consider the hashing of a set X U with X = m using a simple tabulation hash function h : U [n] = 0,...,n 1 and⊆ analyse| the| number of non-empty bins, that is, the size of h(X→). We show{ that the− expected} size of h(X) matches that with fully random hashing to within low-order terms. We also provide concentration bounds. The number of non-empty bins is a fundamental measure in the balls and bins paradigm, and it is critical in applications such as Bloom filters and Filter hashing. For example, normally Bloom filters are proportioned for a desired low false-positive probability assuming fully random hashing (see en.wikipedia.org/wiki/Bloom_filter). Our results imply that if we implement the hashing with simple tabulation, we obtain the same low false-positive probability for any possible input. arXiv:1810.13187v1 [cs.DS] 31 Oct 2018 1 Introduction We consider the balls and bins paradigm where a set X U of X = m balls are distributed ⊆ | | into a set of n bins according to a hash function h : U [n]. We are interested in questions → relating to the distribution of h(X) , for example: What is the expected number of non-empty | | bins? How well is h(X) concentrated around its mean? And what is the probability that a | | query ball lands in an empty bin? These questions are critical in applications such as Bloom filters [3] and Filter hashing [7]. -
6.1 Systems of Hash Functions
— 6 Hashing 6 Hashing 6.1 Systems of hash functions Notation: • The universe U. Usually, the universe is a set of integers f0;:::;U − 1g, which will be denoted by [U]. • The set of buckets B = [m]. • The set X ⊂ U of n items stored in the data structure. • Hash function h : U!B. Definition: Let H be a family of functions from U to [m]. We say that the family is c-universal for some c > 0 if for every pair x; y of distinct elements of U we have c Pr [h(x) = h(y)] ≤ : h2H m In other words, if we pick a hash function h uniformly at random from H, the probability that x and y collide is at most c-times more than for a completely random function h. Occasionally, we are not interested in the specific value of c, so we simply say that the family is universal. Note: We will assume that a function can be chosen from the family uniformly at random in constant time. Once chosen, it can be evaluated for any x in constant time. Typically, we define a single parametrized function ha(x) and let the family H consist of all ha for all possible choices of the parameter a. Picking a random h 2 H is therefore implemented by picking a random a. Technically, this makes H a multi-set, since different values of a may lead to the same function h. Theorem: Let H be a c-universal family of functions from U to [m], X = fx1; : : : ; xng ⊆ U a set of items stored in the data structure, and y 2 U n X another item not stored in the data structure.