Cryptographic Sensing

Is it possible to measure a physical object in a way that makes the measurement signals unintelligible to an external observer? Alternatively, can one learn a natural concept by using a contrived training set that makes the labeled examples useless without the line of thought that has led to their choice? We initiate a study of ``cryptographic sensing\u27\u27 problems of this type, presenting definitions, positive and negative results, and directions for further research

Parameterized Approximation Algorithms for Bidirected Steiner Network Problems

The Directed Steiner Network (DSN) problem takes as input a directed edge-weighted graph $G=(V,E)$ and a set $\mathcal{D}\subseteq V\times V$ of $k$ demand pairs. The aim is to compute the cheapest network $N\subseteq G$ for which there is an $s\to t$ path for each $(s,t)\in\mathcal{D}$. It is known that this problem is notoriously hard as there is no $k^{1/4-o(1)}$-approximation algorithm under Gap-ETH, even when parametrizing the runtime by $k$ [Dinur & Manurangsi, ITCS 2018]. In light of this, we systematically study several special cases of DSN and determine their parameterized approximability for the parameter $k$. For the bi-DSN$_\text{Planar}$ problem, the aim is to compute a planar optimum solution $N\subseteq G$ in a bidirected graph $G$, i.e., for every edge $uv$ of $G$ the reverse edge $vu$ exists and has the same weight. This problem is a generalization of several well-studied special cases. Our main result is that this problem admits a parameterized approximation scheme (PAS) for $k$. We also prove that our result is tight in the sense that (a) the runtime of our PAS cannot be significantly improved, and (b) it is unlikely that a PAS exists for any generalization of bi-DSN$_\text{Planar}$, unless FPT=W[1]. One important special case of DSN is the Strongly Connected Steiner Subgraph (SCSS) problem, for which the solution network $N\subseteq G$ needs to strongly connect a given set of $k$ terminals. It has been observed before that for SCSS a parameterized $2$-approximation exists when parameterized by $k$ [Chitnis et al., IPEC 2013]. We give a tight inapproximability result by showing that for $k$ no parameterized $(2-\varepsilon)$-approximation algorithm exists under Gap-ETH. Additionally we show that when restricting the input of SCSS to bidirected graphs, the problem remains NP-hard but becomes FPT for $k$

Fast Public-Key Silent OT and More from Constrained Naor-Reingold

Pseudorandom Correlation Functions (PCFs) allow two parties, given correlated evaluation keys, to locally generate arbitrarily many pseudorandom correlated strings, e.g. Oblivious Transfer (OT) correlations, which can then be used by the two parties to jointly run secure computation protocols. In this work, we provide a novel and simple approach for constructing PCFs for OT correlation, by relying on constrained pseudorandom functions for a class of constraints containing a weak pseudorandom function (wPRF). We then show that tweaking the Naor-Reingold pseudorandom function and relying on low-complexity pseudorandom functions allow us to instantiate our paradigm. We further extend our ideas to obtain efficient public-key PCFs, which allow the distribution of correlated keys between parties to be non-interactive: each party can generate a pair of public/secret keys, and any pair of parties can locally derive their correlated evaluation key by combining their secret key with the other party\u27s public key. In addition to these theoretical contributions, we detail various optimizations and provide concrete instantiations of our paradigm relying on the Boneh-Ishai-Passelègue-Sahai-Wu wPRF and the Goldreich-Applebaum-Raykov wPRF. Putting everything together, we obtain public-key PCFs with a throughput of 15k-40k OT/s, which is of a similar order of magnitude to the state-of-the-art interactive PCFs and about 4 orders of magnitude faster than state-of-the-art public-key PCFs. As a side result, we also show that public-key PCFs can serve as a building block to construct reusable designated-verifier non-interactive zero-knowledge proofs (DV-NIZK) for NP. Combined with our instantiations, this yields simple and efficient reusable DV-NIZKs for NP in pairing-free groups

Parameterized approximation algorithms for bidirected Steiner network problems

The Directed Steiner Network (DSN) problem takes as input a directed graph G=(V, E) with non-negative edge-weights and a set D⊆ V × V of k demand pairs. The aim is to compute the cheapest network N⊆ G for which there is an s\rightarrow t path for each (s, t)∈ D. It is known that this problem is notoriously hard, as there is no k1/4−o(1)-approximation algorithm under Gap-ETH, even when parametrizing the runtime by k [Dinur & Manurangsi, ITCS 2018]. In light of this, we systematically study several special cases of DSN and determine their parameterized approximability for the parameter k. For the bi-DSNPlanar problem, the aim is to compute a solution N⊆ G whose cost is at most that of an optimum planar solution in a bidirected graph G, i.e., for every edge uv of G the reverse edge vu exists and has the same weight. This problem is a generalization of several well-studied special cases. Our main result is that this problem admits a parameterized approximation scheme (PAS) for k. We also prove that our result is tight in the sense that (a) the runtime of our PAS cannot be significantly improved, and (b) no PAS exists for any generalization of bi-DSNPlanar, under standard complexity assumptions. The techniques we use also imply a polynomial-sized approximate kernelization scheme (PSAKS). Additionally, we study several generalizations of bi-DSNPlanar and obtain upper and lower bounds on obtainable runtimes parameterized by k. One important special case of DSN is the Strongly Connected Steiner Subgraph (SCSS) problem, for which the solution network N⊆ G needs to strongly connect a given set of k terminals. It has been observed before that for SCSS a parameterized 2-approximation exists for parameter k [Chitnis et al., IPEC 2013]. We give a tight inapproximability result by showing that for k no parameterized (2 − ε)-approximation algorithm exists under Gap-ETH. Additionally, we show that when restricting the input of SCSS to bidirected graphs, the problem remains NP-hard but becomes FPT for k