1 / 18

High-entropy random selection protocols

High-entropy random selection protocols. Michal Koucký (Institute of Mathematics, Prague) Harry Buhrman, Matthias Christandl, Zvi Lotker, Boaz Patt-Shamir, KoliaVereshchagin. Random string selection: Alice Bob. Goal: Alice and Bob want to agree on a random string r.

radha
Download Presentation

High-entropy random selection protocols

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. High-entropy random selection protocols Michal Koucký (Institute of Mathematics, Prague) Harry Buhrman, Matthias Christandl, Zvi Lotker, Boaz Patt-Shamir, KoliaVereshchagin

  2. Random string selection: Alice Bob Goal: Alice and Bob want to agree on a random string r.

  3. Goal: Alice and Bob want to agree on a random string r. →Measure of randomness: Shannon entropy H( R) = - r Pr[R = r ] ∙ log Pr[ R = r ]

  4. Example: random r1r2 … rn/2 Alice random rn/2+1 … rn Bob →output r= r1r2 … rn • H( R ) = nif Alice and Bob follow the protocol. • H( R ) n/2if one of them cheats.

  5. Main results: • Random selection protocol that guarantees H( R)  n– O(1)even if one of the parties cheats. This protocol runs in log* n rounds and communicates O( n 2 ). • Three-round protocol that guarantees H( R )  ¾ n and communicates O( n ) bits.

  6. Previous work: • Different variants • random selection protocol [GGL’95, SV’05, GVZ’06] • collective coin flipping [B’82, Y’86, B-OL’89, AN’90, …] • leader selection [AN’90,…] • fault-tolerant computation [GGL’95] • multiple-parties protocols [AN’90,…] • quantum protocols [ABDR’04] • different measures • statistical distance from uniform distribution • entropy

  7. (,)-resilience: B; |B| 2n Pr[rB]   {0,1}n B • H( R)  n– O(1)  (, log-1 1/)-resilience. O( log* n)-rounds, O( n 2 )-communication. • [GGL] (, )-resilience, O( n 2 )-rounds, O( n 2 )-communication. • [SV] (, +)-resilience, O( log* n)-rounds, O( n 2 )-communication. • [GVZ] (, )-resilience O( log* n)-rounds, O( n )-communication.

  8. Our basic protocol: random x1, …, xn{0,1}n Alice random y {0,1}n Bob random i {1, …, n} →output xi y • H( R ) = nif Alice and Bob follow the protocol. • H( R) n – log n if Alice cheats. • H( R) n – O(1)if Bob cheats.

  9. Alice cheats, Bob plays honestly: • Alice carefully selects x1, …, xn • Bob picks a random y  for all i and r, Pry [ r = xiy ] = 2 -n. for all r, Pry [  i ; r = xiy ] n 2 -n.  • H( R ) n– log n . • H( R) n – O(1)if Bob cheats.

  10. Iterating our protocol x1, …, xmy1, …, ym’ A B ij A B r’’ = … r = xir’ r’ = yir’’ → log* niterations H( R ) n– 3 regardless of who cheats.

  11. Cost of our protocol: 2 log* nrounds O( n 2 ) bits communicated Question: How to reduce the amount of communication close to linear?

  12. Generic protocol: random x  {0,1}n Alice random y {0,1}n Bob random i {1, …, n} →output f ( x,y,i) for some f : {0,1}n{0,1}n{1, …, n}→ {0,1}n • W.h.p for a random function f H( R) n – O( log n ) regardless of cheating.

  13. Explicit candidate functions: • x iyrotation of x i-times. • ix + yx,yFk i F F = GF(2log n) k= n / log n • ix + yx,y F i H F F = GF(2n) |H|=n

  14. Rotations: For any x and y ( x iy)  ( x jy ) =x i x j = x Aij where Aijhas rank n – 1. • x random n– 1  H( x Aij)  H(x iy ,x jy )  H( R ) n– log n when Alice cheats H( R ) n/2 when Bob cheats

  15. ¾n-protocol: • Pick one half of the string by A-B-A “rotating” protocol and the other one by B-A-B “rotating” protocol, i.e., use the asymmetry in the cheating powers. • The “line” protocol ix + y , where x,y [GF(2 n/4 )]k and k = 4 →analysis related to the problem of Kakeya.

  16. Fk Kakeya Problem: P Conj: Pcontains a line in each direction |P||F|k ( 1– c/|F|)

  17. Open problems: • Better analysis of our candidate functions. • Other candidate functions? • Multiple parties.

  18. Alice plays honestly, Bob cheats: • For any r1, r2 , … rn , Prx [ r1 = x1 , … rn = xn ] = 2 – n2  Pr[ r1 = x1y , … rn = xny ]  2 n – n2 where y is a function of the random x1, x2 , … xn  H(x1y , …, xny ) n2 - n  E[[ H( xiy ) ]] n– 1 .  • H( R) n – O(1)

More Related