# Extractors: applications and constructions - PowerPoint PPT Presentation

1 / 17

Randomness. Extractors: applications and constructions. Avi Wigderson IAS, Princeton. Cryptography. Applications : Analyzed on perfect randomness. Probabilistic algorithms. Game Theory. Unbiased, independent. biased, dependent. Reality : Sources of imperfect randomness.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Extractors: applications and constructions

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Randomness

## Extractors: applications and constructions

Avi Wigderson

IAS, Princeton

Cryptography

Applications:

Analyzed on perfect randomness

Probabilistic

algorithms

Game

Theory

Unbiased,

independent

biased,

dependent

Reality:

Sources of

imperfect

randomness

Stock market

fluctuations

decay

Sun spots

Extractor Theory

### Running probabilistic algorithms with weak random bits

biased,

dependent

EXT

unbiased,

independent

Input

Probabilistic algorithm

Output

Error prob <δ

State

Space

{0,1}n

### Monte-Carlo algorithmswith few random bits

Setting: Statistical mechanics model (Ising, Potts, Percolation, Spin Glass,….)

Task: Estimate parameters (free entropy, partition function, long-range correlations,…)

Algorithm: Sample a random state from Gibbs dist. (Glauber dynamics, Metropolis algorithm,…)

n

sites

State

Space

{0,1}n

### Monte-Carlo algorithmswith few random bits

Resources of the typical Monte-Carlo algorithm

- Space: ~ n

• Time: t < poly(n)

• Randomness: ~tn bits

[Nisan-Zuckerman] Randomness = space! Deterministicallyexpand n tn bits, with rt~ uniform !

any r1 r2 ri rt ~ uniform

### Certifying randomness

QM

What if the device/detectors are faulty?

[Colbeck ‘06, Pioroni et al ‘10, Vidick-Vazirani ‘12,…]

Amplification & certification of randomness:

ExtractorInsnside

Algorithm

2k bits

k bits

With High Probability:

If device good: output ~ uniform

If device faulty: rejects

QM device

No signaling

### Applications of Extractors

• Using weak random sources in prob algorithms

[B84,SV84,V85,VV85,CG85,V87,CW89,Z90-91]

• Randomness-efficient error reduction of prob algorithms [Sip88, GZ97, MV99,STV99]

• Derandomization of space-bounded algorithms [NZ93, INW94, RR99, GW02]

• Distributed Algorithms [WZ95, Zuc97, RZ98, Ind02].

• Hardness of Approximation [Zuc93, Uma99, MU01]

• Data Structures [Ta02]

• Coding Theory [TZ01,TZS01]

• Certifying & expanding randomness [Col09,Pir+09,VV12]

### Unifying Role of Extractors

Extractors are intimately related to:

• Hash Functions [ILL89,SZ94,GW94]

• Expander Graphs [WZ93, RVW00, TUZ01,CRVW02]

• Samplers[G97, Z97]

• Pseudorandom Generators [Tre99, …]

• Error-Correcting Codes [TZ01, TZS01, SU01, U02]

• Ergodic Theory [Lindenstrauss 07]

• Exponential sums Unify the theory of pseudorandomness.

## Definitions

### Weak random sources

Distributions X on {0,1}n with “some” entropy:

X=(X1,X2,…,Xn)

• [vN] sources: ncoins of unknown fixed bias

• [SV] sources: Pr[Xi+1 =1|X1=b1,…,Xi=bi]  (δ, 1-δ)

• [LLS] sources: ncoins, some “sticky”

• …..

• [Z] k-sources: H∞(X) ≥ k

x Pr[X = x]  2-k

e.g X uniform with support ≥ 2k

k – the entropy in the weak source

{0,1}n

X

### Randomness Extractors(1st attempt)

“weak” random

source X

k can be e.g

n/2, √n, log n,…

Ext : {0,1}n {0,1}m

Impossible even if k=n-1 and m=1

X k-source of length n

EXT

{0,1}n

Ext=0

Ext=1

m ≤ k

m(almost) uniform bits

X

(short) “seed”

d random bits

### Extractors [Nisan & Zuckerman `93]

k-source of length n

X

EXT

{0,1}n

i {0,1}d

m bits

-close to uniform

Exti(X)

{0,1}m

Want: efficient Ext, small d,  , large m

### Explicit & Efficient Extractors

Non-constructive & optimal [Sip88,NZ93,RT97]:

• Seed length d = log n + O(1).

• Output length m = k - O(1).

[...B86,SV86,CG87, NZ93, WZ93, GW94, SZ94, SSZ95, Zuc96, Ta96, Ta98, Tre99, RRV99a, RRV99b, ISW00, RSW00, RVW00, TUZ01, TZS01, SU01, LRVW03,…]

Explicit constructions [GUV07, DW08] - Seed length d = O(log n)

- Output length m = .99k

d random bits

### Running probabilistic algorithms with weak random bits

k-source of length n

k=2m

EXT

Efficient!

Try all possible

2d = poly(n)seeds.

Take majority vote.

m randombits

(upto  L1 error)

Input

Probabilistic algorithm

Output

+

Error prob <δ

## Constructionsvia the Kakeya Problem

seed

d random bits

### Mergers[Ta96]– very special case

k k

X,Y  Fqkq ~ n100

X or Y is random

X,Y correlated!

XY

Mer

[LRVW] Mer = aX+bY a,b  Fq ( d=2log q )

Major problems in analysis and geometry!

Wolf: Smallest set in Fqk containing a line in every direction?

Kakeya: Smallest set in R2 cont. a needle in every direction?

Besikovich: Smallest set in R2 has area <ε for every ε>0!

Dvir: Smallest set in Fqk has volume > (cq)k. Polynomial method!

k

m ≥.99k