140 likes | 153 Views
This talk discusses private codes that allow communication over adversarial channels, matching parameters obtainable in binary symmetric channel (BSC) models, and the amount of shared randomness needed for these codes.
E N D
Private codesorSuccinct random codes that are (almost) perfect Michael Langberg California Institute of Technology
Coding theory A B c w {0,1}k Noise C(w) {0,1}n decode w Error correcting codes C: {0,1}k {0,1}n
Consider: 2 types of channels • Design of C depends on properties of channel. • BSCp: Binary Symmetric Channel. • Each bit flipped with probability p. • ADVCp: Adversarial Channel. • p-fraction of bits are flipped maliciously. A B Noise
A B BSCp C(w) e C(w)+e What’s known: ? • Thm.[Shannon]: Can construct codes that allow communication over BSCpfor any p<½ with rate k/n~1-H(p). In particular: there exist codes for BSC½-. C: {0,1}k {0,1}n
C(w) e C(w)+e A B ADVCp Can we match these results in presence of ADVCp? Consider for example p=½- : • Need codes of minimum distance = 2pn ~ n. • Do not exist (with constant rate) ! • In general: for p<½ we need codes of minimum distance 2pn and rate k/n~1-H(p). • Such codes are close to being perfect and are known not to exist (asymptotically). No!
This talk • Seen: BSC strictly weaker than ADVC. • Goal: Relax framework as to allow communication over ADVC with parameters of BSC. • Relaxation: Introduce “private randomness”. • Assume that the sender and receiver have a sharedrandom string (hidden from channel). Q: Can we match parameters of BSC ? (e.g. ADVC½-?)
The model: Private codes m random bits r A B Adversary w {0,1}k c {0,1}n C: {0,1}k x {0,1}m {0,1}n D(c,r) C(w,r) {0,1}n w
Private codes m random bits r A B e C(w,r) C(w,r)+e Roughly speaking: Private codes are said to allow communication over ADVCp if for every w and for any adversary: The communication of w will succeed with high probability overtheshared random string r. D w ADV Pr[D( C(w,r)+error, r)=w]=large
Private codes: related work • Private codes have been studied in the past [Shannon,BlackwellBreimanThomasian,Ahlswede]. • Private codes in the presence of adversarial channels have also been studied: • [Lipton]: “Code scrambling”.
Private codes: properties m random bits Do private codes enable communication over ADVC½- ? • Yes!! private codes that allow communication over ADVCp with rate k/n~1-H(p). • Matching parameters in BSCp model. r A B
Our results r m random bits A B • Study framework of private codes. • Match parameters obtainable in BSC model. • [Lipton]: many shared random bits, m ~ nlog(n). • Analyze the amount of shared randomness needed to obtain private codes that match BSC parameters. • We show that a shared random string of size ~ log(n) is necessary and sufficient. Present connection between list decodable codes and private codes.
List decoding vs. Private decoding Thm: List decoding implies (unique) private codes. • Using shared randomness: • Any list decodable code can be used to construct a uniquely decodable private code. • Reduction is efficient and needs only log(n) shared random bits.
Proof technique r A B • Let C be standard code. • Use C to construct private code C*(w,r). • Use C to construct standard codes C*|r. • Define C*|r as a subcode of C. • Desired properties of C*|r: • Ideally - Unique decoding: r B only one codeword in ball of radius pn. • Sufficient cond.: “hide” r + unique decodingon average: Band mostr only one codeword in ball. • C is list decodable: sufficient condition can be obtained efficiently with poly # of subcodes! C X X X X X C*: {0,1}k x {0,1}m {0,1}n Radius pn: List size ≤ L {0,1}n C*|r: {0,1}k {0,1}n
Concluding remarks random bits r A B • Study private codes. • Match param. of BSC model w/ log(n) shared bits. • Shared randomness: enables unique decoding whenever list decoding was possible. • Multiple messages: • Need fresh randomness for each message. • May assume cryptographic private key setting. • Public key setting [MicaliPeikertSudanWilson]. • Thanks.