140 likes | 252 Views
Private codes or Succinct random codes that are (almost) perfect. Michael Langberg. California Institute of Technology. Coding theory. A. B. c. w {0,1} k. Noise. C(w) {0,1} n. decode. w. Error correcting codes. C: {0,1} k. {0,1} n. Consider: 2 types of channels.
E N D
Private codesorSuccinct random codes that are (almost) perfect Michael Langberg California Institute of Technology
Coding theory A B c w {0,1}k Noise C(w) {0,1}n decode w Error correcting codes C: {0,1}k {0,1}n
Consider: 2 types of channels • Design of C depends on properties of channel. • BSCp: Binary Symmetric Channel. • Each bit flipped with probability p. • ADVCp: Adversarial Channel. • p-fraction of bits are flipped maliciously. A B Noise
A B BSCp C(w) e C(w)+e What’s known: ? • Thm.[Shannon]: Can construct codes that allow communication over BSCpfor any p<½ with rate k/n~1-H(p). In particular: there exist codes for BSC½-. C: {0,1}k {0,1}n
C(w) e C(w)+e A B ADVCp Can we match these results in presence of ADVCp? Consider for example p=½- : • Need codes of minimum distance = 2pn ~ n. • Do not exist (with constant rate) ! • In general: for p<½ we need codes of minimum distance 2pn and rate k/n~1-H(p). • Such codes are close to being perfect and are known not to exist (asymptotically). No!
This talk • Seen: BSC strictly weaker than ADVC. • Goal: Relax framework as to allow communication over ADVC with parameters of BSC. • Relaxation: Introduce “private randomness”. • Assume that the sender and receiver have a sharedrandom string (hidden from channel). Q: Can we match parameters of BSC ? (e.g. ADVC½-?)
The model: Private codes m random bits r A B Adversary w {0,1}k c {0,1}n C: {0,1}k x {0,1}m {0,1}n D(c,r) C(w,r) {0,1}n w
Private codes m random bits r A B e C(w,r) C(w,r)+e Roughly speaking: Private codes are said to allow communication over ADVCp if for every w and for any adversary: The communication of w will succeed with high probability overtheshared random string r. D w ADV Pr[D( C(w,r)+error, r)=w]=large
Private codes: related work • Private codes have been studied in the past [Shannon,BlackwellBreimanThomasian,Ahlswede]. • Private codes in the presence of adversarial channels have also been studied: • [Lipton]: “Code scrambling”.
Private codes: properties m random bits Do private codes enable communication over ADVC½- ? • Yes!! private codes that allow communication over ADVCp with rate k/n~1-H(p). • Matching parameters in BSCp model. r A B
Our results r m random bits A B • Study framework of private codes. • Match parameters obtainable in BSC model. • [Lipton]: many shared random bits, m ~ nlog(n). • Analyze the amount of shared randomness needed to obtain private codes that match BSC parameters. • We show that a shared random string of size ~ log(n) is necessary and sufficient. Present connection between list decodable codes and private codes.
List decoding vs. Private decoding Thm: List decoding implies (unique) private codes. • Using shared randomness: • Any list decodable code can be used to construct a uniquely decodable private code. • Reduction is efficient and needs only log(n) shared random bits.
Proof technique r A B • Let C be standard code. • Use C to construct private code C*(w,r). • Use C to construct standard codes C*|r. • Define C*|r as a subcode of C. • Desired properties of C*|r: • Ideally - Unique decoding: r B only one codeword in ball of radius pn. • Sufficient cond.: “hide” r + unique decodingon average: Band mostr only one codeword in ball. • C is list decodable: sufficient condition can be obtained efficiently with poly # of subcodes! C X X X X X C*: {0,1}k x {0,1}m {0,1}n Radius pn: List size ≤ L {0,1}n C*|r: {0,1}k {0,1}n
Concluding remarks random bits r A B • Study private codes. • Match param. of BSC model w/ log(n) shared bits. • Shared randomness: enables unique decoding whenever list decoding was possible. • Multiple messages: • Need fresh randomness for each message. • May assume cryptographic private key setting. • Public key setting [MicaliPeikertSudanWilson]. • Thanks.