170 likes | 321 Views
Randomness. Extractors: applications and constructions. Avi Wigderson IAS, Princeton. Cryptography. Applications : Analyzed on perfect randomness. Probabilistic algorithms. Game Theory. Unbiased, independent. biased, dependent. Reality : Sources of imperfect randomness.
E N D
Randomness Extractors: applications and constructions Avi Wigderson IAS, Princeton
Cryptography Applications: Analyzed on perfect randomness Probabilistic algorithms Game Theory Unbiased, independent biased, dependent Reality: Sources of imperfect randomness Stock market fluctuations Radioactive decay Sun spots Extractors: original motivation Extractor Theory
Running probabilistic algorithms with weak random bits biased, dependent EXT unbiased, independent Input Probabilistic algorithm Output Error prob <δ
State Space {0,1}n Monte-Carlo algorithmswith few random bits Setting: Statistical mechanics model (Ising, Potts, Percolation, Spin Glass,….) Task: Estimate parameters (free entropy, partition function, long-range correlations,…) Algorithm: Sample a random state from Gibbs dist. (Glauber dynamics, Metropolis algorithm,…) n sites
State Space {0,1}n Monte-Carlo algorithmswith few random bits Resources of the typical Monte-Carlo algorithm - Space: ~ n • Time: t < poly(n) • Randomness: ~tn bits [Nisan-Zuckerman] Randomness = space! Deterministicallyexpand n tn bits, with rt~ uniform ! any r1 r2 ri rt ~ uniform
Certifying randomness QM What if the device/detectors are faulty? [Colbeck ‘06, Pioroni et al ‘10, Vidick-Vazirani ‘12,…] Amplification & certification of randomness: ExtractorInsnside Algorithm 2k bits k bits With High Probability: If device good: output ~ uniform If device faulty: rejects QM device No signaling
Applications of Extractors • Using weak random sources in prob algorithms [B84,SV84,V85,VV85,CG85,V87,CW89,Z90-91] • Randomness-efficient error reduction of prob algorithms [Sip88, GZ97, MV99,STV99] • Derandomization of space-bounded algorithms [NZ93, INW94, RR99, GW02] • Distributed Algorithms [WZ95, Zuc97, RZ98, Ind02]. • Hardness of Approximation [Zuc93, Uma99, MU01] • Cryptography[CDHKS00, MW00, Lu02 Vad03] • Data Structures [Ta02] • Coding Theory [TZ01,TZS01] • Certifying & expanding randomness [Col09,Pir+09,VV12]
Unifying Role of Extractors Extractors are intimately related to: • Hash Functions [ILL89,SZ94,GW94] • Expander Graphs [WZ93, RVW00, TUZ01,CRVW02] • Samplers[G97, Z97] • Pseudorandom Generators [Tre99, …] • Error-Correcting Codes [TZ01, TZS01, SU01, U02] • Ergodic Theory [Lindenstrauss 07] • Exponential sums Unify the theory of pseudorandomness.
Weak random sources Distributions X on {0,1}n with “some” entropy: X=(X1,X2,…,Xn) • [vN] sources: ncoins of unknown fixed bias • [SV] sources: Pr[Xi+1 =1|X1=b1,…,Xi=bi] (δ, 1-δ) • [LLS] sources: ncoins, some “sticky” • ….. • [Z] k-sources: H∞(X) ≥ k x Pr[X = x] 2-k e.g X uniform with support ≥ 2k k – the entropy in the weak source {0,1}n X
Randomness Extractors(1st attempt) “weak” random source X k can be e.g n/2, √n, log n,… Ext : {0,1}n {0,1}m Impossible even if k=n-1 and m=1 X k-source of length n EXT {0,1}n Ext=0 Ext=1 m ≤ k m(almost) uniform bits X
(short) “seed” d random bits Extractors [Nisan & Zuckerman `93] k-source of length n X EXT {0,1}n i {0,1}d m bits -close to uniform Exti(X) {0,1}m Want: efficient Ext, small d, , large m
Explicit & Efficient Extractors Non-constructive & optimal [Sip88,NZ93,RT97]: • Seed length d = log n + O(1). • Output length m = k - O(1). [...B86,SV86,CG87, NZ93, WZ93, GW94, SZ94, SSZ95, Zuc96, Ta96, Ta98, Tre99, RRV99a, RRV99b, ISW00, RSW00, RVW00, TUZ01, TZS01, SU01, LRVW03,…] Explicit constructions [GUV07, DW08] - Seed length d = O(log n) - Output length m = .99k
d random bits Running probabilistic algorithms with weak random bits k-source of length n k=2m EXT Efficient! Try all possible 2d = poly(n)seeds. Take majority vote. m randombits (upto L1 error) Input Probabilistic algorithm Output + Error prob <δ
seed d random bits Mergers[Ta96]– very special case k k X,Y Fqkq ~ n100 X or Y is random X,Y correlated! XY Mer [LRVW] Mer = aX+bY a,b Fq ( d=2log q ) Major problems in analysis and geometry! Wolf: Smallest set in Fqk containing a line in every direction? Kakeya: Smallest set in R2 cont. a needle in every direction? Besikovich: Smallest set in R2 has area <ε for every ε>0! Dvir: Smallest set in Fqk has volume > (cq)k. Polynomial method! k m ≥.99k