76 research outputs found

    Sketching Cuts in Graphs and Hypergraphs

    Full text link
    Sketching and streaming algorithms are in the forefront of current research directions for cut problems in graphs. In the streaming model, we show that (1ϵ)(1-\epsilon)-approximation for Max-Cut must use n1O(ϵ)n^{1-O(\epsilon)} space; moreover, beating 4/54/5-approximation requires polynomial space. For the sketching model, we show that rr-uniform hypergraphs admit a (1+ϵ)(1+\epsilon)-cut-sparsifier (i.e., a weighted subhypergraph that approximately preserves all the cuts) with O(ϵ2n(r+logn))O(\epsilon^{-2} n (r+\log n)) edges. We also make first steps towards sketching general CSPs (Constraint Satisfaction Problems)

    Futures Prices in a Production Economy with Investment Constraints

    Get PDF
    We document a new stylized fact regarding the term-structure of futures volatility. We show that the relation between the volatility of futures prices and the slope of the term structure of prices is non-monotone and has a %u201CV-shape%u201D'. This aspect of the data cannot be generated by basic models that emphasize storage while this fact is consistent with models that emphasize investment constraints or, more generally, time-varying supply-elasticity. We develop an equilibrium model in which futures prices are determined endogenously in a production economy in which investment is both irreversible and is capacity constrained. Investment constraints affect firms' investment decisions, which in turn determine the dynamic properties of their output and consequently imply that the supply-elasticity of the commodity changes over time. Since demand shocks must be absorbed either by changes in prices, or by changes in supply, time-varying supply-elasticity results in time-varying volatility of futures prices. Calibrating this model, we show it is quantitatively consistent with the aforementioned %u201CV-shape%u201D relation between the volatility of futures prices and the slope of the term-structure.

    Oil futures prices in a production economy with investment constraints

    Get PDF
    We document a new stylized fact regarding the term structure of futures volatility. We show that the relationship between the volatility of futures prices and the slope of the term structure of prices is non-monotone and has a "V-shape." This aspect of the data cannot be generated by basic models that emphasize storage while this fact is consistent with models that emphasize the investment constraints or, more generally, time-varying supply-elasticity. We develop an equilibrium model in which futures prices are determined endogenously in a production economy in which investment is both irreversible and is capacity constrained. Investment constraints affect firms' investment decisions, which in turn determine the dynamic properties of their output and consequently imply that the supply-elasticity of the commodity changes over time. Since demand shocks must be absorbed either by changes in prices, or by changes in supply, time-varying supply-elasticity results in time-varying volatility of futures prices. Estimating this model, we show it is quantitatively consistent with the aforementioned "V-shape" relationship between the volatility of futures prices and the slope of the term structure

    The Discrete-Logarithm Problem with Preprocessing

    Get PDF
    This paper studies discrete-log algorithms that use preprocessing. In our model, an adversary may use a very large amount of precomputation to produce an advice string about a specific group (e.g., NIST P-256). In a subsequent online phase, the adversary\u27s task is to use the preprocessed advice to quickly compute discrete logarithms in the group. Motivated by surprising recent preprocessing attacks on the discrete-log problem, we study the power and limits of such algorithms. In particular, we focus on generic algorithms -- these are algorithms that operate in every cyclic group. We show that any generic discrete-log algorithm with preprocessing that uses an SS-bit advice string, runs in online time TT, and succeeds with probability ϵ\epsilon, in a group of prime order NN, must satisfy ST2=Ω~(ϵN)ST^2 = \tilde{\Omega}(\epsilon N). Our lower bound, which is tight up to logarithmic factors, uses a synthesis of incompressibility techniques and classic methods for generic-group lower bounds. We apply our techniques to prove related lower bounds for the CDH, DDH, and multiple-discrete-log problems. Finally, we demonstrate two new generic preprocessing attacks: one for the multiple-discrete-log problem and one for certain decisional-type problems in groups. This latter result demonstrates that, for generic algorithms with preprocessing, distinguishing tuples of the form (g,gx,g(x2))(g, g^x, g^{(x^2)}) from random is much easier than the discrete-log problem

    The Function-Inversion Problem: Barriers and Opportunities

    Get PDF
    The task of function inversion is central to cryptanalysis: breaking block ciphers, forging signatures, and cracking password hashes are all special cases of the function-inversion problem. In 1980, Hellman showed that it is possible to invert a random function f ⁣:[N][N]f\colon [N] \to [N] in time T=O~(N2/3)T = \widetilde{O}(N^{2/3}) given only S=O~(N2/3)S = \widetilde{O}(N^{2/3}) bits of precomputed advice about ff. Hellman’s algorithm is the basis for the popular “Rainbow Tables” technique (Oechslin, 2003), which achieves the same asymptotic cost and is widely used in practical cryptanalysis. Is Hellman’s method the best possible algorithm for inverting functions with preprocessed advice? The best known lower bound, due to Yao (1990), shows that ST=Ω~(N)ST = \widetilde{\Omega}(N), which still admits the possibility of an S=T=O~(N1/2)S = T = \widetilde{O}(N^{1/2}) attack. There remains a long-standing and vexing gap between Hellman’s N2/3N^{2/3} upper bound and Yao’s N1/2N^{1/2} lower bound. Understanding the feasibility of an S=T=N1/2S = T = N^{1/2} algorithm is cryptanalytically relevant since such an algorithm could perform a key-recovery attack on AES-128 in time 2642^{64} using a precomputed table of size 2642^{64}. For the past 29 years, there has been no progress either in improving Hellman’s algorithm or in strengthening Yao’s lower bound. In this work, we connect function inversion to problems in other areas of theory to (1) explain why progress may be difficult and (2) explore possible ways forward. Our results are as follows: - We show that *any* improvement on Yao’s lower bound on function-inversion algorithms will imply new lower bounds on depth-two circuits with arbitrary gates. Further, we show that proving strong lower bounds on *non-adaptive* function-inversion algorithms would imply breakthrough circuit lower bounds on linear-size log-depth circuits. - We take first steps towards the study of the *injective* function-inversion problem, which has manifold cryptographic applications. In particular, we show that improved algorithms for breaking PRGs with preprocessing would give improved algorithms for inverting injective functions with preprocessing. - Finally, we show that function inversion is closely related to well-studied problems in communication complexity and data structures. Through these connections we immediately obtain the best known algorithms for problems in these domains

    Private Information Retrieval with Sublinear Online Time

    Get PDF
    We present the first protocols for private information retrieval that allow fast (sublinear-time) database lookups without increasing the server-side storage requirements. To achieve these efficiency goals, our protocols work in an offline/online model. In an offline phase, which takes place before the client has decided which database bit it wants to read, the client fetches a short string from the servers. In a subsequent online phase, the client can privately retrieve its desired bit of the database by making a second query to the servers. By pushing the bulk of the server-side computation into the offline phase (which is independent of the client\u27s query), our protocols allow the online phase to complete very quickly—in time sublinear in the size of the database. Our protocols can provide statistical security in the two-server setting and computational security in the single-server setting. Finally, we prove that, in this model, our protocols are optimal in terms of the trade-off they achieve between communication and running time

    Private Blocklist Lookups with Checklist

    Get PDF
    This paper presents Checklist, a system for private blocklist lookups. In Checklist, a client can determine whether a particular string appears on a server-held blocklist of strings, without leaking its string to the server. Checklist is the first blocklist-lookup system that (1) leaks no information about the client\u27s string to the server, (2) does not require the client to store the blocklist in its entirety, and (3) allows the server to respond to the client\u27s query in time sublinear in the blocklist size. To make this possible, we construct a new two-server private-information-retrieval protocol that is both asymptotically and concretely faster, in terms of server-side time, than those of prior work. We evaluate Checklist in the context of Google\u27s “Safe Browsing” blocklist, which all major browsers use to prevent web clients from visiting malware-hosting URLs. Today, lookups to this blocklist leak partial hashes of a subset of clients\u27 visited URLs to Google\u27s servers. We have modified Firefox to perform Safe-Browsing blocklist lookups via Checklist servers, which eliminates the leakage of partial URL hashes from the Firefox client to the blocklist servers. This privacy gain comes at the cost of increasing communication by a factor of 3.3×, and the server-side compute costs by 9.8×. Checklist reduces end-to-end server-side costs by 6.7×, compared to what would be possible with prior state-of-the-art two-server private information retrieval

    Single-Server Private Information Retrieval with Sublinear Amortized Time

    Get PDF
    We construct new private-information-retrieval protocols in the single-server setting. Our schemes allow a client to privately fetch a sequence of database records from a server, while the server answers each query in average time sublinear in the database size. Specifically, we introduce the first single-server private-information-retrieval schemes that have sublinear amortized server time, require sublinear additional storage, and allow the client to make her queries adaptively. Our protocols rely only on standard cryptographic assumptions (decision Diffie-Hellman, quadratic residuosity, learning with errors, etc.). They work by having the client first fetch a small hint about the database contents from the server. Generating this hint requires server time linear in the database size. Thereafter, the client can use the hint to make a bounded number of adaptive queries to the server, which the server answers in sub-linear time--yielding sublinear amortized cost. Finally, we give lower bounds proving that our most efficient scheme is optimal with respect to the trade-off it achieves between server online time and client storage

    Bloch-Redfield theory of high-temperature magnetic fluctuations in interacting spin systems

    Full text link
    We study magnetic fluctuations in a system of interacting spins on a lattice at high temperatures and in the presence of a spatially varying magnetic field. Starting from a microscopic Hamiltonian we derive effective equations of motion for the spins and solve these equations self-consistently. We find that the spin fluctuations can be described by an effective diffusion equation with a diffusion coefficient which strongly depends on the ratio of the magnetic field gradient to the strength of spin-spin interactions. We also extend our studies to account for external noise and find that the relaxation times and the diffusion coefficient are mutually dependent
    corecore