Collision Times in Multicolor Urn Models and Sequential Graph Coloring With Applications to Discrete Logarithms

Consider an urn model where at each step one of $q$ colors is sampled according to some probability distribution and a ball of that color is placed in an urn. The distribution of assigning balls to urns may depend on the color of the ball. Collisions occur when a ball is placed in an urn which already contains a ball of different color. Equivalently, this can be viewed as sequentially coloring a complete $q$-partite graph wherein a collision corresponds to the appearance of a monochromatic edge. Using a Poisson embedding technique, the limiting distribution of the first collision time is determined and the possible limits are explicitly described. Joint distribution of successive collision times and multi-fold collision times are also derived. The results can be used to obtain the limiting distributions of running times in various birthday problem based algorithms for solving the discrete logarithm problem, generalizing previous results which only consider expected running times. Asymptotic distributions of the time of appearance of a monochromatic edge are also obtained for other graphs.Comment: Minor revision. 35 pages, 2 figures. To appear in Annals of Applied Probabilit

Combinatorics on words in information security: Unavoidable regularities in the construction of multicollision attacks on iterated hash functions

Classically in combinatorics on words one studies unavoidable regularities that appear in sufficiently long strings of symbols over a fixed size alphabet. In this paper we take another viewpoint and focus on combinatorial properties of long words in which the number of occurrences of any symbol is restritced by a fixed constant. We then demonstrate the connection of these properties to constructing multicollision attacks on so called generalized iterated hash functions.Comment: In Proceedings WORDS 2011, arXiv:1108.341

Sparse Allreduce: Efficient Scalable Communication for Power-Law Data

Many large datasets exhibit power-law statistics: The web graph, social networks, text data, click through data etc. Their adjacency graphs are termed natural graphs, and are known to be difficult to partition. As a consequence most distributed algorithms on these graphs are communication intensive. Many algorithms on natural graphs involve an Allreduce: a sum or average of partitioned data which is then shared back to the cluster nodes. Examples include PageRank, spectral partitioning, and many machine learning algorithms including regression, factor (topic) models, and clustering. In this paper we describe an efficient and scalable Allreduce primitive for power-law data. We point out scaling problems with existing butterfly and round-robin networks for Sparse Allreduce, and show that a hybrid approach improves on both. Furthermore, we show that Sparse Allreduce stages should be nested instead of cascaded (as in the dense case). And that the optimum throughput Allreduce network should be a butterfly of heterogeneous degree where degree decreases with depth into the network. Finally, a simple replication scheme is introduced to deal with node failures. We present experiments showing significant improvements over existing systems such as PowerGraph and Hadoop

The Power of Unentanglement

The class QMA(k). introduced by Kobayashi et al., consists of all languages that can be verified using k unentangled quantum proofs. Many of the simplest questions about this class have remained embarrassingly open: for example, can we give any evidence that k quantum proofs are more powerful than one? Does QMA(k) = QMA(2) for k ≥ 2? Can QMA(k) protocols be amplified to exponentially small error? In this paper, we make progress on all of the above questions. * We give a protocol by which a verifier can be convinced that a 3SAT formula of size m is satisfiable, with constant soundness, given Õ (√m) unentangled quantum witnesses with O(log m) qubits each. Our protocol relies on the existence of very short PCPs. * We show that assuming a weak version of the Additivity Conjecture from quantum information theory, any QMA(2) protocol can be amplified to exponentially small error, and QMA(k) = QMA(2) for all k ≥ 2. * We prove the nonexistence of "perfect disentanglers" for simulating multiple Merlins with one

Combinatorial and Stochastic Approach to Parallelization of the Kangaroo Method of Solving the Discrete Logarithm Problem

The kangaroo method for the Pollard\u27s rho algorithm provides a powerful way to solve discrete log problems. There exist parameters for it that allow it to be optimized in such a way as to prevent what are known as useless collisions in exchange for the limitation that the number of parallel resources used must be both finite and known ahead of time. This thesis puts forward an analysis of the situation and examines the potential acceleration that can be gained through the use of parallel resources beyond those initially utilized by an algorithm so configured. In brief, the goal in doing this is to reconcile the rapid rate of increase in parallel processing capabilities present in consumer level hardware with the still largely sequential nature of a large portion of the algorithms used in the software that is run on that hardware. The core concept, then, would be to allow spare parallel resources to be utilized in an advanced sort of guess-and-check to potentially produce occasional speedups whenever, for lack of a better way to put it, those guesses are correct. The methods presented in this thesis are done so with an eye towards expanding and reapplying them to this broadly expressed problem, however herein the discrete log problem has been chosen to be utilized as a suitable example of how such an application can proceed. This is primarily due to the observation that Pollard\u27s parameters for the avoidance of so-called useless collisions generated from the kangaroo method of solving said problem are restrictive in the number of kangaroos used at any given time. The more relevant of these restrictions to this point is the fact that they require the total number of kangaroos to be odd. Most consumer-level hardware which provides more than a single computational core provides an even number of such cores, so as a result it is likely the utilization of such hardware for this purpose will leave one or more cores idle. While these idle compute cores could also potentially be utilized for other tasks given that we are expressly operating in the context of consumer-level hardware, such considerations are largely outside the scope of this thesis. Besides, with the rate of change consumer computational hardware and software environments have historically changed it seems to be more useful to address the topic on a more purely algorithmic level; at the very least, it is more efficient as less effort needs to be expended future-proofing this thesis against future changes to its context than might have otherwise been necessary