1 / 20

Dispersers for affine sources with sub-polynomial entropy

Dispersers for affine sources with sub-polynomial entropy. Ronen Shaltiel University of Haifa. Randomness extractors and dispersers. Daddy, how do computers get random bits?. Computers can sample from: Electro-magnetic noise (Intel) Key strokes of user (Unix)

ciqala
Download Presentation

Dispersers for affine sources with sub-polynomial entropy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Dispersers for affine sources with sub-polynomial entropy Ronen Shaltiel University of Haifa

  2. Randomness extractors and dispersers Daddy, how do computers get random bits?

  3. Computers can sample from: Electro-magnetic noise (Intel) Key strokes of user (Unix) Timing of past events (Unix) These distributions are “somewhat random” but not “truly random”. Paradigm:randomness extractors Input:one sample from arbitrary “weak source of randomness”. Output: independent coin tosses. How do computers obtain random coin tosses (randomness extractors) Randomness Extractor “weak source of randomness” Randomized algorithm input output Extensively studied area, dates back to von-Neumann in 1951: “Anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin.”

  4. How do computers obtain random coin tosses (randomness extractors) Computers can sample from: • Electro-magnetic noise (Intel) • Key strokes of user (Unix) • Timing of past events (Unix) These distributions are “somewhat random” but not “truly random”. Paradigm:randomness extractors Input:one sample from arbitrary “weak source of randomness”. Output: independent coin tosses. “weak source of randomness” Randomness Extractor Randomized algorithm input output Extensively studied area, dates back to von-Neumann in 1951: “Anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin.”

  5. Applications in many fields: Randomized complexity theory. Cryptography. Network design. Algorithm design. Ramsey theory. Coding theory. Combinatorics. Data structures. Extractors have applications in many fields (often unrelated to randomness!). “weak source of randomness” Randomness Extractor Randomized algorithm input output Goal of field: Design explicit (polynomial time computable) extractors for interesting familes of distributions/sources. Extensively studied area (see e.g. my survey paper(s)).

  6. Dfn: Let C be a set of distributions over {0,1}n. A functionE:{0,1}n! {0,1}mis an ²-extractor if X2C, E(X)²-close to uniform. ²-disperser if X2C, supp(E(X)) ≥ (1-²)¢2m. C = Affine sources over F2 = {0,1} of dim k. Extractors and dispersers for affine sources “weak source of randomness” Randomness Extractor Dfn: A dim kaffine subspace of Fn is a set X = {1≤i≤kai¢xi + x’} where x1,,xk2Fnare linearly independent, a1,,ak2F are scalars and x’2F is the “shift vector”. Affine source X:=uniform distribution over some affine subspace. Goal: construct poly-time computable ext/dis for small dim k. One bit zero error disperser for affine sources of dim k: E:{0,1}n! {0,1}non-constant 8affine subspace of dim k.

  7. Explicit constructions of extractors and dispersers for affine sources over F2. First to beat k=n1/2(which is a barrier in many extractor setups). Our approach can be pushed to output m ≈ log log n bits. [GS08]: If one can achieve: m= polylog n ⇒ m= (k).

  8. Overview of the construction

  9. Affine block-wise sources X n An 1≤i≤npartitionsX into (X1,X2). For affine sources H(X)=dim(X). Chain rule (Shannon entropy): H(X)=H(X1)+H(X2|X1). Dfn: index isplitsX into a k’-block-wise source if • H(X1) ≥ k’ • H(X2|X1) ≥ k’ Lem:affine source X of dim k, ∃i*that splitsX into a k/2-b.w. source. X1 X2 i

  10. Plan for constructing disperser (Imitate [BKSSW05,BRSW06]) X n Lem: 8affine source X of dim k, i*that splitsX into a k/2-b.w. source. • Construct disperser bw-Disp(X,i*) that relies on receiving an i* that splits X into a b.w. source. • Construct procedure Find(X)s.t. affine source X of dim k, Find(X) = i*. • Final disperser: Disp(X) = bw-Disp( X, Find(X) ). How can we find i* given a single sample from X? Nevertheless, this overall approach was used in [BKSSW05,BRSW06] to construct dispersers for 2 independent sources/Ramsey graphs. X1 X2 i* X’ X • affine subspace X’ of X with dim(X’) ≥ k½, and i*that splitsX’ into a b.w.-source, s.t. Find(X’)=i*(with prob. almost one over X’). • Disp(X) Disp(X’) = bw-Disp(X’,Find(X’))} i*

  11. Roadmap of disperser construction FunctionSE(X)=R1,..,Rps.t. 8affine source X of dim kts.t. Rt is (close to) uniform. Comes in two flavors: Few outputs: p < k. Linear Seeded: p=poly(n), 8t, Rt linear function of X. Construction [T99,SU01]. Somewhere extractor “Challenge-Response game” Find(X) bw-Disp(X,i) Disperser for affine sources

  12. Somewhere- extractor with few outputs (#outputs < k) Linear seeded somewhere-extractor (Rt linear in X) Challenge-ResponseGame: win(X,i) Parameter:i Dfn: bw-Disp(X,i) = win(X,i) Thm: at i* both X1,X2 win w.p. > 0. ⇒ bw-Disp(X,i*) outputs both 1,2. Clm 1: if H(X1) is large then Pr[win(X,i)=1] ≥ 1-o(1). Clm 2: if H(X2|X1) is large then Pr[win(X,i)=2] ≥ 2-|C|> 0. The correcti* splits X into a b.w.-source and so both cases hold. ⇒ Thm. n X X1 X2 i C1 C2 C3 R1 = R2 C R3 Challenge ofX1 R4 R5 Responses of X2 X2wins if t: Rt=C. win(X,i) := winner

  13. Somewhere- extractor with few outputs (#outputs < k) Linear seeded somewhere-extractor (Rt linear in X) Challenge-ResponseGame n Parameter:i X Clm 1: if H(X1) is large then Pr[win(X,i)=1] ≥ 1-o(1). Prf:H(X1) is large⇒ H(C) is large. Clm: Moreover, t: H(C|Rt) islarge. (t,v: (X|Rt=v) is an affine source). Clm ⇒ t: Pr[Rt=C] istiny. union bound ⇒ Pr[t: Rt=C] is small. ⇒ Pr[X2 wins] is small. X1 X2 i C1 C2 C3 R1 = R2 C R3 Challenge ofX1 R4 R5 Responses of X2 X2wins if t: Rt=C. win(X,i) := winner

  14. Somewhere- extractor with few outputs (#outputs < k) Linear seeded somewhere-extractor (Rt linear in X) Challenge-ResponseGame n Parameter:i X Clm 2: if H(X2|X1) is large then Pr[win(X,i)=2] ≥ 2-|C|> 0. Prf:t: Rtis (very close to) uniform and independent of X1 (and thus of C). ⇒ Pr[Rt=C] ≥ 2-|C|> 0. Cor: If H(X) is large andH(X1) is small then affine subspace X’ of X s.t. Pr[win(X’,i)=2] = 1 andH(X’2)≈H(X2|X1) X1 X2 i C1 C2 C3 R1 = R2 C R3 Challenge ofX1 R4 R5 Responses of X2 X2wins if t: Rt=C. win(X,i) := winner • X’ is achieved by: • Fix X1arbitrarily. • Condition on {Rt=C}.

  15. Roadmap of disperser construction FunctionSE(X)=R1,..,Rps.t. 8affine source X of dim kts.t. Rt is (close to) uniform. Comes in two flavors: Few outputs: p < k. Linear Seeded: p=poly(n), 8t, Rt linear function of X. Construction [T99,SU01]. Somewhere extractor “Challenge-Response game” Find(X) bw-Disp(X,i) Disperser for affine sources

  16. Using the game to findi* and split X into a b.w.-source n X Let i be a parameter and assume that H(X) is large. • If H(X1) is large then Pr[win(X,i)=1] ≥ 1-o(1). • If H(X1) is small then affine subspace X’ of X s.t. Pr[win(X’,i)=2] = 1 andH(X’2)≈H(X2|X1). We can effectively distinguish! * Assuming we don’t mind going to subspaces. * At the cost of fixing X1 in case H(X1) is small. ProcedureFind(X) • Set ito k/2. • Play game between X1,X2. • If X1 wins return i* := i. • else, increase i and repeat. • If X2 wins, analysis fixes entropy left of i. • If X1 wins, we can’t allow it to steal all the entropy. ⇒ H(X2|X1) is large. X1 X2 i i i By how much? Recall that we only need that: affine subspace X’ of X, and i*that splits X’ into b.w. srcs.t. Pr[Find(X’)=i*]≥ 1-o(1). k>n½

  17. n n X X1X2 X3 .. .. Xt Recursive win-win analysis to implement Find for k<n½. If k<n/t all the entropy can be in one block Split X into t parts of length n/t. (t << n½). Chain ruleΣH(Xj|X1,..,Xj-1)≥k. • Either js.t. H(Xj) is large and H(Xj+1,..,Xn|Xj) is large. ⇒ j splits X into a b.w.-source not relying on parts left of Xj. • Or else, one part Xj stole almost all entropy in X. ⇒ Xj has higher entropy rate than X. We would like to apply the disperser recursively on Xj. Requires the ability to test the amount of entropy in a part! Achieved by a more complicated version of challenge response game (similar idea in [BRSW06]).

  18. Roadmap of disperser construction (continued) Complicated, recursive application of challenge response game. “Extractor for affine block-wise sources with O(log n/log k) blocks” FunctionSE(X)=R1,..,Rps.t. 8affine source X of dim kts.t. Rt is (close to) uniform. SE is only guaranteed to work on some subspace X’ of original source X. Somewhere extractor “weak” “Challenge-Response game” Find(X) bw-Disp(X,i) Disperser for affine sources

  19. Conclusion and open problems • Result: Disperser for affine sources of dim k=no(1). E:{0,1}n!{0,1}non-const. 8affine subspace of dim k. • Strategy imitates [BKSSW05,BRSW06] (which give dispersers for 2 independent sources). • Construction quite involved (yet simpler than [BKSSW05,BRSW06]). • Affine sources are easier (H instead of H). • Easier to construct components for affine sources. • Open problems: • Construct extractors for affine sources of dim <n1/2. • Construct dispersers for affine sources of dim polylog(n). • Construct simple somewhere-extractors for affine sources ⇒ Simplify disperser construction. (Details in paper). • More applications of Challenge-Response approach?

  20. Thank you…

More Related