110 likes | 122 Views
Join Oded Goldreich as he shares the stories of his master theses and their research topics, ranging from permutation groups to secure multi-party protocols and beyond.
E N D
Demystifying the Master Thesis and Research in General: The Story of Some Master Theses Oded Goldreich Weizmann Institute of Science
Out of an accident My own thesis (1981) : A permutation group over D is represented by a set of generators S. The group is denoted <S>. <S> = {g1○g2 ○∙ ∙ ∙ ○gt : g1,g2,…,gtS} Given S and a permutation π, does p belong to <S>? Given S, π, and t, can π be expressed by a sequence of up to t elements of S?
My first MSc student: Ronen Vainish (1988) Background: A general construction of secure multi-party protocols by reduction to the two-party case. Suffices to compute the inner product mod 2 of two input vectors held by the two parties. 1st2nd(n=2 suffices) Inputs: x1,…,xn y1,…,yn Outputs: rr+∑ixiyi (N.B.: rnd) Study it Out of general interest. No concrete goal. 1st2nd Inputs: x,z y Outputs: -z+xy From a randomized functionality to a deterministic one (OT) SenderReceiver Inputs: s0,s1c Outputs: -sc
Eyal Kushilevitz (1989) Background: Few sets known to have perfect zero-knowledge proof systems. E.g., Graph-Iso, Quad-Res. Can we provide stronger evidence to PZK not in BPP? Solve it Known open problem communicated through the advisor. YES: A promise problem based on DLP.
Invent your own... (inspired by a course) Ran Canetti (1992) Background: communication complexity, gap between the complexity of randomized and deterministic protocols. Is there a randomness-communication trade-off? YES: Presents a trade-off. The ID function: two parties, each holds an n-bit long string. Deterministic lower bound: need n bits of communication. Randomized protocols: (1) via error-correcting codes: send a random position. (2) via the CRT: send integer modulo a random prime
OT SenderReceiver Inputs: s0,s1c Outputs: -sc Iftach Haitner (2004) Background: assuming a collection of TDP {fi:Di→Di} SenderReceiver Inputs: s0,s1c desired outputs: -sc selects an indexi yc=fi(xc) , y1-c find the fi-preimages of both: z0 , z1b(z0)+s0 , b(z1)+s1 The problem: what is assumed about sampling Di? Can we relax? Problem suggested by the adviser
Or Meir (2007) Background: Constructions of PCP and LTC, which mostly rely on algebraic machinery. Specifically, best LTCs are constructed based on PCPs, whereas LTCs seem simpler constructs. Initiate a research program The work: A combinatorial construction of LTCs (wo PCPs).The project continued to a PhD, which consists of several combinatorial constructions of PCPs (and also an IP). Definitely NOT the expectation, but the unexpected may happen
Lidor Avigad (2009) Background: property testing, the dense graph model, lowest level of query complexity. Specifically, c-CC is in that low level. For a start: Extend this result to any blow-up A blow-up of a 3-star The work: TestingGraph blow-up in minimum query complexity (i.e., linear in 1/proximity, non-adaptively)
Roei Tell (2015) Context: Property testing (i.e. super-fast approximate decision algorithms). Question: Characterize properties (of strings) that are close under far-from-far operator. Take the question elsewhere The work: Initiates a systematic study of testing “Dual problems” (i.e., testing the set of objects that are far from a given set). (After refuting my conjecture re the characterization…)
Maya Leshkowitz (2017) Background: Interactive proof systems. Seeking a more intuitive transformation of general interactive proofs to public-coin ones. Solve it, and continue to a question that “arises” The work: 1. Resolves the original problem (by presenting lower and upper bound on how well this can be done). 2. Shows that any interactive proof that uses $r(n)$ coins can be transformed into one that uses $r/log n$ rounds (and $O(r)$ public coins).
The End The slides of this talk are available at http://www.wisdom.weizmann.ac.il/~oded/T/de-mysti.ppt