1 / 22

Deterministic extractors for bit-fixing sources by obtaining an independent seed

Seedless. Deterministic extractors for bit-fixing sources by obtaining an independent seed. Ariel Gabizon Ran Raz Ronen Shaltiel. Randomness extractors (motivation). Randomness is essential in Computer Science : Cryptography (!!) Distributed Protocols (!) Probabilistic Algorithms (?)

abia
Download Presentation

Deterministic extractors for bit-fixing sources by obtaining an independent seed

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Seedless Deterministic extractors for bit-fixing sources by obtaining an independent seed Ariel Gabizon Ran Raz Ronen Shaltiel

  2. Randomness extractors (motivation) Randomness is essential in Computer Science: • Cryptography (!!) • Distributed Protocols (!) • Probabilistic Algorithms (?) Algorithm designers always assume that we have access to a stream of independent unbiassed coin tosses. How can we obtain random bits?

  3. We have access to distributions in nature: Weather (?) Particle reactions Key strokes of user Timing of past events These distributions are “somewhat random” but not “truly random”. Solution: Randomness Extractors Randomness Extractor Refining randomness from nature Somewhat random random coins Probabilistic algorithm input output

  4. C is a class of distributions over n bit strings. A deterministic (seedless) C-extractor is a function E such that for every XєC, E(X) is ε-close to uniform. A seededC-extractor has an additional (short i.e. log n) independent random seed as input. Extractor seed random output Randomness Extractors: Definition and two flavors source distribution from C Deterministic Seeded Two distributions are ε-closeif the probability they assign to any event differs by at most ε.

  5. Deterministic von-Neumann sources [vN51]. Markov Chains [Blu84]. Several independent sources [SV86,V86,V87,VV88,CG88,DEOR04,BIW04]. Samplable sources [TV00]. Seeded High min-entropy distributions [Z91,NZ93]. Lower bound of log n on the seed length [NZ93,RT99]. Explicit constructions coming close to matching bound (mass of work). A brief survey of randomness extractors Extractors turn out to have lots of applications in TCS.

  6. Bit-fixing sources [CGHFRS85] • An (n,k)-(oblivious) bit-fixing source is a distribution on n bit strings s.t. • k bits are uniformly distributed (good bits). • remaining n-k bits are fixed to arbitrary values (bad bits). k random bits

  7. Bit-fixing source extractors • The exclusive or function extracts one perfectly random bit. • Impossible to extract two perfect bits for k<n/3 [CGHFRS85]. • A probablistic argument gives an extractor which extracts k-O(log(n/ε)) bits (for statistical distance ε from uniform). • Best explicit construction extracts Ω(k2/n) bits [KZ03].

  8. Our results: We extract (1-o(1))k bits even for small k.

  9. Our approach • Start with an extractor that extracts few bits. • Convert into an extractor that extracts many bits.

  10. correlated! Getting more mileage from extractors: first attempt k random bits Deterministic Extractor Seeded Extractor Seeded Extractors are only guaranteed to work when the source and seed are independent. random output

  11. Solution: Seed obtainers k random bits X Seed Obtainer We require that X’ and Y are independent! We obtain a seed! bit fixing source random output X’ Y

  12. A seed obtainer is a function F(X)=(X’,Y) s.t. For every (n,k)-bit-fixing source X: X’ is an (n’,k’)-bit-fixing source with (n’,k’)≈(n,k). Y is uniformly distributed. X’ and Y are independent. Seeded Extractor Seed Obtainer random output Seed obtainer: Definition X F(X) is close to a convex combination of distributions X’,Y s.t. X’ Y Seed obtainers allow us to get more randomness from deterministic bit-fixing source extractors.

  13. Construction of seed obtainers (erasing the correlation) We will pretend red bits are fixed! The extractor won’t know! • For any set (and in particular set of good bits) The sampled set hits it in the “correct” proportion. • Set parameters so that: • few red bits are in. • Most red bits are out. k random bits X Warning: Intuition is oversimplified! Intuition: Erase parts that are correlated with Y Seed obtainer Deterministic Extractor correlated! W bit fixing source seed for averaging sampler Y X’ random output

  14. We use the [KZ03] deterministic extractor as basis for the seed-obtainer. Attach a good seeded extractor [RRV99]. Seeded Extractor Seed Obtainer random output Construction for k>n½ X X’ Y

  15. The case of k<n½ • We need a deterministic bit-fixing source extractor to start with. • The tecnique of [KZ03] also works for k<n½, but extracts very few bits. • Only Ω(log k) bits. • For k=polylog n, we get only log log n bits. • Not sufficient for seeded extractors! • (Also not sufficient for standard averaging samplers.)

  16. We construct a seeded bit-fixing source extractor that uses seed O(log log n) and extract (1-o(1))k bits. Apply it after the seed obtainer. Seededbit-fixing Extractor Seed Obtainer random output Solution: seeded bit-fixing source extractor. X X’ Y

  17. We partition the source into about log n blocks. Each bit tosses a coin to decide on its block. We use ε-pairwise dependent coins [NN93]. Cost: O(log log n) random bits. w.h.p. each block contains at least one good bit. Each block outputs the xor of its bits. log n A Seeded extractor for bit-fixing sources: log log n -> log n Output log n random bits.

  18. We have O(log log n) random bits as seed. Use O(log log n) random bits to partition into two blocks. Use seeded bit-fixing extractor from previous slide to extract log n bits. Use the output as a seed for a (standard) seeded extractor. To extract (1-o(1))k bits. n/log n A Seeded extractor for bit-fixing sources: log n -> (1-o(1))k prvs Seeded extractor log n bits

  19. Note on averaging samplers • Ingredient in the seed obtainer construction. • We need to sample subsets of {1..n}. • Sampling one element: log n bits. • We already saw: Sampling based on ε-pairwise dependence: log log n bits [EGLNV95,RSW00]. • ?????? • Possible because query complexity is huge (n/log n). • Note: We need samplers that hit very small sets (size<n½)) and cannot use samplers based on (seeded) extractors.

  20. We construct deterministic bit-fixing extractors that: Extract almost all randomnes. Work even for small k. Introduce “seed obtainers”. Allow getting more random bits from deterministc bit-fixing extractors. Construction for small k uses seeded bit-fixing extractor, that uses seed of length O(log log n) to “partition” source. Seeded Extractor Seed Obtainer random output Overview X X’ Y

  21. Open problems • Improve error for small k (say k<n½). • Possible direction: Construct deterministic bit-fixing source with larger output (>>log k) for small k. • Can this technique be applied to seeded extractors? (probably not).

  22. That’s it

More Related