76 research outputs found

### Sketching Cuts in Graphs and Hypergraphs

Sketching and streaming algorithms are in the forefront of current research
directions for cut problems in graphs. In the streaming model, we show that
$(1-\epsilon)$-approximation for Max-Cut must use $n^{1-O(\epsilon)}$ space;
moreover, beating $4/5$-approximation requires polynomial space. For the
sketching model, we show that $r$-uniform hypergraphs admit a
$(1+\epsilon)$-cut-sparsifier (i.e., a weighted subhypergraph that
approximately preserves all the cuts) with $O(\epsilon^{-2} n (r+\log n))$
edges. We also make first steps towards sketching general CSPs (Constraint
Satisfaction Problems)

### Futures Prices in a Production Economy with Investment Constraints

We document a new stylized fact regarding the term-structure of futures volatility. We show that the relation between the volatility of futures prices and the slope of the term structure of prices is non-monotone and has a %u201CV-shape%u201D'. This aspect of the data cannot be generated by basic models that emphasize storage while this fact is consistent with models that emphasize investment constraints or, more generally, time-varying supply-elasticity. We develop an equilibrium model in which futures prices are determined endogenously in a production economy in which investment is both irreversible and is capacity constrained. Investment constraints affect firms' investment decisions, which in turn determine the dynamic properties of their output and consequently imply that the supply-elasticity of the commodity changes over time. Since demand shocks must be absorbed either by changes in prices, or by changes in supply, time-varying supply-elasticity results in time-varying volatility of futures prices. Calibrating this model, we show it is quantitatively consistent with the aforementioned %u201CV-shape%u201D relation between the volatility of futures prices and the slope of the term-structure.

### Oil futures prices in a production economy with investment constraints

We document a new stylized fact regarding the term structure of futures volatility. We show that the relationship between the volatility of futures prices and the slope of the term structure of prices is non-monotone and has a "V-shape." This aspect of the data cannot be generated by basic models that emphasize storage while this fact is consistent with models that emphasize the investment constraints or, more generally, time-varying supply-elasticity. We develop an equilibrium model in which futures prices are determined endogenously in a production economy in which investment is both irreversible and is capacity constrained. Investment constraints affect firms' investment decisions, which in turn determine the dynamic properties of their output and consequently imply that the supply-elasticity of the commodity changes over time. Since demand shocks must be absorbed either by changes in prices, or by changes in supply, time-varying supply-elasticity results in time-varying volatility of futures prices. Estimating this model, we show it is quantitatively consistent with the aforementioned "V-shape" relationship between the volatility of futures prices and the slope of the term structure

### The Discrete-Logarithm Problem with Preprocessing

This paper studies discrete-log algorithms that use preprocessing. In our model, an adversary may use a very large amount of precomputation to produce an advice string about a specific group (e.g., NIST P-256). In a subsequent online phase, the adversary\u27s task is to use the preprocessed advice to quickly compute discrete logarithms in the group. Motivated by surprising recent preprocessing attacks on the discrete-log problem, we study the power and limits of such algorithms. In particular, we focus on generic algorithms -- these are algorithms that operate in every cyclic group. We show that any generic discrete-log algorithm with preprocessing that uses an $S$-bit advice string, runs in online time $T$, and succeeds with probability $\epsilon$, in a group of prime order $N$, must satisfy $ST^2 = \tilde{\Omega}(\epsilon N)$.
Our lower bound, which is tight up to logarithmic factors, uses a synthesis of incompressibility techniques and classic methods for generic-group lower bounds. We apply our techniques to prove related lower bounds for the CDH, DDH, and multiple-discrete-log problems.
Finally, we demonstrate two new generic preprocessing attacks: one for the multiple-discrete-log problem and one for certain decisional-type problems in groups. This latter result demonstrates that, for generic algorithms with preprocessing, distinguishing tuples of the form $(g, g^x, g^{(x^2)})$ from random is much easier than the discrete-log problem

### The Function-Inversion Problem: Barriers and Opportunities

The task of function inversion is central to cryptanalysis: breaking
block ciphers, forging signatures, and cracking password hashes are all
special cases of the function-inversion problem. In 1980, Hellman showed
that it is possible to invert a random function $f\colon [N] \to [N]$ in
time $T = \widetilde{O}(N^{2/3})$ given only
$S = \widetilde{O}(N^{2/3})$ bits of precomputed advice aboutÂ $f$.
Hellmanâs algorithm is the basis for the popular âRainbow Tablesâ
technique (Oechslin, 2003), which achieves the same asymptotic cost and
is widely used in practical cryptanalysis.
Is Hellmanâs method the best possible algorithm for inverting functions
with preprocessed advice? The best known lower bound, due to Yao (1990),
shows that $ST = \widetilde{\Omega}(N)$, which still admits the
possibility of an $S = T = \widetilde{O}(N^{1/2})$ attack. There remains
a long-standing and vexing gap between Hellmanâs $N^{2/3}$ upper bound
and Yaoâs $N^{1/2}$ lower bound. Understanding the feasibility of an
$S = T = N^{1/2}$ algorithm is cryptanalytically relevant since such an
algorithm could perform a key-recovery attack on AES-128 in time
$2^{64}$ using a precomputed table of sizeÂ $2^{64}$.
For the past 29 years, there has been no progress either in improving
Hellmanâs algorithm or in strengthening Yaoâs lower bound. In this work,
we connect function inversion to problems in other areas of theory to
(1) explain why progress may be difficult and (2) explore possible ways
forward.
Our results are as follows:
- We show that *any* improvement on Yaoâs lower bound on
function-inversion algorithms will imply new lower bounds on
depth-two circuits with arbitrary gates. Further, we show that
proving strong lower bounds on *non-adaptive* function-inversion
algorithms would imply breakthrough circuit lower bounds on
linear-size log-depth circuits.
- We take first steps towards the study of the *injective*
function-inversion problem, which has manifold cryptographic
applications. In particular, we show that improved algorithms for
breaking PRGs with preprocessing would give improved algorithms for
inverting injective functions with preprocessing.
- Finally, we show that function inversion is closely related to
well-studied problems in communication complexity and data
structures. Through these connections we immediately obtain the best
known algorithms for problems in these domains

### Private Information Retrieval with Sublinear Online Time

We present the first protocols for private information retrieval that allow fast (sublinear-time) database lookups without increasing the server-side storage requirements. To achieve these efficiency goals, our protocols work in an offline/online model. In an offline phase, which takes place before the client has decided which database bit it wants to read, the client fetches a short string from the servers. In a subsequent online phase, the client can privately retrieve its desired bit of the database by making a second query to the servers. By pushing the bulk of the server-side computation into the offline phase (which is independent of the client\u27s query), our protocols allow the online phase to complete very quicklyâin time sublinear in the size of the database. Our protocols can provide statistical security in the two-server setting and computational security in the single-server setting. Finally, we prove that, in this model, our protocols are optimal in terms of the trade-off they achieve between communication and running time

### Private Blocklist Lookups with Checklist

This paper presents Checklist, a system for private blocklist lookups. In Checklist, a client can determine whether a particular string appears on a server-held blocklist of strings, without leaking its string to the server. Checklist is the first blocklist-lookup system that (1) leaks no information about the client\u27s string to the server, (2) does not require the client to store the blocklist in its entirety, and (3) allows the server to respond to the client\u27s query in time sublinear in the blocklist size. To make this possible, we construct a new two-server private-information-retrieval protocol that is both asymptotically and concretely faster, in terms of server-side time, than those of prior work. We evaluate Checklist in the context of Google\u27s âSafe Browsingâ blocklist, which all major browsers use to prevent web clients from visiting malware-hosting URLs. Today, lookups to this blocklist leak partial hashes of a subset of clients\u27 visited URLs to Google\u27s servers. We have modified Firefox to perform Safe-Browsing blocklist lookups via Checklist servers, which eliminates the leakage of partial URL hashes from the Firefox client to the blocklist servers. This privacy gain comes at the cost of increasing communication by a factor of 3.3Ă, and the server-side compute costs by 9.8Ă. Checklist reduces end-to-end server-side costs by 6.7Ă, compared to what would be possible with prior state-of-the-art two-server private information retrieval

### Single-Server Private Information Retrieval with Sublinear Amortized Time

We construct new private-information-retrieval protocols in the single-server setting. Our schemes allow a client to privately fetch a sequence of database records from a server, while the server answers each query in average time sublinear in the database size. Specifically, we introduce the first single-server private-information-retrieval schemes that have sublinear amortized server time, require sublinear additional storage, and allow the client to make her queries adaptively. Our protocols rely only on standard cryptographic assumptions (decision Diffie-Hellman, quadratic residuosity, learning with errors, etc.). They work by having the client first fetch a small hint about the database contents from the server. Generating this hint requires server time linear in the database size. Thereafter, the client can use the hint to make a bounded number of adaptive queries to the server, which the server answers in sub-linear time--yielding sublinear amortized cost. Finally, we give lower bounds proving that our most efficient scheme is optimal with respect to the trade-off it achieves between server online time and client storage

### Bloch-Redfield theory of high-temperature magnetic fluctuations in interacting spin systems

We study magnetic fluctuations in a system of interacting spins on a lattice
at high temperatures and in the presence of a spatially varying magnetic field.
Starting from a microscopic Hamiltonian we derive effective equations of motion
for the spins and solve these equations self-consistently. We find that the
spin fluctuations can be described by an effective diffusion equation with a
diffusion coefficient which strongly depends on the ratio of the magnetic field
gradient to the strength of spin-spin interactions. We also extend our studies
to account for external noise and find that the relaxation times and the
diffusion coefficient are mutually dependent

- âŠ