296 research outputs found
Fast Pseudorandom Functions Based on Expander Graphs
We present direct constructions of pseudorandom function (PRF) families based on Goldreich\u27s one-way function. Roughly speaking, we assume that non-trivial local mappings whose input-output dependencies graph form an expander are hard to invert. We show that this one-wayness assumption yields PRFs with relatively low complexity. This includes weak PRFs which can be computed in linear time of on a RAM machine with word size, or by a depth-3 circuit with unbounded fan-in AND and OR gates (AC0 circuit), and standard PRFs that can be computed by a quasilinear size circuit or by a constant-depth circuit with unbounded fan-in AND, OR and Majority gates (TC0).
Our proofs are based on a new search-to-decision reduction for expander-based functions. This extends a previous reduction of the first author (STOC 2012) which was applicable for the special case of \emph{random} local functions. Additionally, we present a new family of highly efficient hash functions whose output on exponentially many inputs jointly forms (with high probability) a good expander graph. These hash functions are based on the techniques of Miles and Viola (Crypto 2012). Although some of our reductions provide only relatively weak security guarantees, we believe that they yield novel approach for constructing PRFs, and therefore enrich the study of pseudorandomness
Gossip vs. Markov Chains, and Randomness-Efficient Rumor Spreading
We study gossip algorithms for the rumor spreading problem which asks one
node to deliver a rumor to all nodes in an unknown network. We present the
first protocol for any expander graph with nodes such that, the
protocol informs every node in rounds with high probability, and
uses random bits in total. The runtime of our protocol is
tight, and the randomness requirement of random bits almost
matches the lower bound of random bits for dense graphs. We
further show that, for many graph families, polylogarithmic number of random
bits in total suffice to spread the rumor in rounds.
These results together give us an almost complete understanding of the
randomness requirement of this fundamental gossip process.
Our analysis relies on unexpectedly tight connections among gossip processes,
Markov chains, and branching programs. First, we establish a connection between
rumor spreading processes and Markov chains, which is used to approximate the
rumor spreading time by the mixing time of Markov chains. Second, we show a
reduction from rumor spreading processes to branching programs, and this
reduction provides a general framework to derandomize gossip processes. In
addition to designing rumor spreading protocols, these novel techniques may
have applications in studying parallel and multiple random walks, and
randomness complexity of distributed algorithms.Comment: 41 pages, 1 figure. arXiv admin note: substantial text overlap with
arXiv:1304.135
Linear Programming Relaxations for Goldreich's Generators over Non-Binary Alphabets
Goldreich suggested candidates of one-way functions and pseudorandom
generators included in . It is known that randomly generated
Goldreich's generator using -wise independent predicates with input
variables and output variables is not pseudorandom generator with
high probability for sufficiently large constant . Most of the previous
works assume that the alphabet is binary and use techniques available only for
the binary alphabet. In this paper, we deal with non-binary generalization of
Goldreich's generator and derives the tight threshold for linear programming
relaxation attack using local marginal polytope for randomly generated
Goldreich's generators. We assume that input
variables are known. In that case, we show that when , there is an
exact threshold
such
that for , the LP relaxation can determine
linearly many input variables of Goldreich's generator if
, and that the LP relaxation cannot determine
input variables of Goldreich's generator if
. This paper uses characterization of LP solutions by
combinatorial structures called stopping sets on a bipartite graph, which is
related to a simple algorithm called peeling algorithm.Comment: 14 pages, 1 figur
MV3: A new word based stream cipher using rapid mixing and revolving buffers
MV3 is a new word based stream cipher for encrypting long streams of data. A
direct adaptation of a byte based cipher such as RC4 into a 32- or 64-bit word
version will obviously need vast amounts of memory. This scaling issue
necessitates a look for new components and principles, as well as mathematical
analysis to justify their use. Our approach, like RC4's, is based on rapidly
mixing random walks on directed graphs (that is, walks which reach a random
state quickly, from any starting point). We begin with some well understood
walks, and then introduce nonlinearity in their steps in order to improve
security and show long term statistical correlations are negligible. To
minimize the short term correlations, as well as to deter attacks using
equations involving successive outputs, we provide a method for sequencing the
outputs derived from the walk using three revolving buffers. The cipher is fast
-- it runs at a speed of less than 5 cycles per byte on a Pentium IV processor.
A word based cipher needs to output more bits per step, which exposes more
correlations for attacks. Moreover we seek simplicity of construction and
transparent analysis. To meet these requirements, we use a larger state and
claim security corresponding to only a fraction of it. Our design is for an
adequately secure word-based cipher; our very preliminary estimate puts the
security close to exhaustive search for keys of size < 256 bits.Comment: 27 pages, shortened version will appear in "Topics in Cryptology -
CT-RSA 2007
Expander-based cryptography meets natural proofs
We introduce new forms of attack on expander-based cryptography, and in particular on Goldreich's pseudorandom generator and one-way function. Our attacks exploit low circuit complexity of the underlying expander's neighbor function and/or of the local predicate. Our two key conceptual contributions are: 1) We put forward the possibility that the choice of expander matters in expander-based cryptography. In particular, using expanders whose neighbour function has low circuit complexity might compromise the security of Goldreich's PRG and OWF in certain settings. 2) We show that the security of Goldreich's PRG and OWF is closely related to two other long-standing problems: Specifically, to the existence of unbalanced lossless expanders with low-complexity neighbor function, and to limitations on circuit lower bounds (i.e., natural proofs). In particular, our results further motivate the investigation of affine/local unbalanced lossless expanders and of average-case lower bounds against DNF-XOR circuits. We prove two types of technical results that support the above conceptual messages. First, we unconditionally break Goldreich's PRG when instantiated with a specific expander (whose existence we prove), for a class of predicates that match the parameters of the currently-best "hard" candidates, in the regime of quasi-polynomial stretch. Secondly, conditioned on the existence of expanders whose neighbor functions have extremely low circuit complexity, we present attacks on Goldreich's generator in the regime of polynomial stretch. As one corollary, conditioned on the existence of the foregoing expanders, we show that either the parameters of natural properties for several constant-depth circuit classes cannot be improved, even mildly; or Goldreich's generator is insecure in the regime of a large polynomial stretch, regardless of the predicate used
Outlaw distributions and locally decodable codes
Locally decodable codes (LDCs) are error correcting codes that allow for
decoding of a single message bit using a small number of queries to a corrupted
encoding. Despite decades of study, the optimal trade-off between query
complexity and codeword length is far from understood. In this work, we give a
new characterization of LDCs using distributions over Boolean functions whose
expectation is hard to approximate (in~~norm) with a small number of
samples. We coin the term `outlaw distributions' for such distributions since
they `defy' the Law of Large Numbers. We show that the existence of outlaw
distributions over sufficiently `smooth' functions implies the existence of
constant query LDCs and vice versa. We give several candidates for outlaw
distributions over smooth functions coming from finite field incidence
geometry, additive combinatorics and from hypergraph (non)expanders.
We also prove a useful lemma showing that (smooth) LDCs which are only
required to work on average over a random message and a random message index
can be turned into true LDCs at the cost of only constant factors in the
parameters.Comment: A preliminary version of this paper appeared in the proceedings of
ITCS 201
Gossip vs. Markov Chains, and Randomness-Efficient Rumor Spreading
We study gossip algorithms for the rumor spreading problem which asks one node to deliver a rumor to all nodes in an unknown network, and every node is only allowed to call one neighbor in each round. In this work we introduce two fundamentally new techniques in studying the rumor spreading problem:
First, we establish a new connection between the rumor spreading process in an arbitrary graph and certain Markov chains. While most previous work analyzed the rumor spreading time in general graphs by studying the rate of the number of (un-)informed nodes after every round, we show that the mixing time of a certain Markov chain suffices to bound the rumor spreading time in an arbitrary graph.
Second, we construct a reduction from rumor spreading processes to branching programs. This reduction gives us a general framework to derandomize the rumor spreading and other gossip processes. In particular, we show that, for any n-vertex expander graph, there is a protocol which informs every node in O(log n) rounds with high probability, and uses O (log n · log log n) random bits in total. The runtime of our protocol is tight, and the randomness requirement of O (log n· log log n) random bits almost matches the lower bound of Ω(log n) random bits. We further show that, for many graph families (defined with respect to the expansion and the degree), O (poly log n) random bits in total suffice for fast rumor spreading. These results give us an almost complete understanding of the role of randomness in the rumor spreading process, which was extensively studied over the past years
Explicit Correlation Amplifiers for Finding Outlier Correlations in Deterministic Subquadratic Time
We derandomize G. Valiant\u27s [J.ACM 62(2015) Art.13] subquadratic-time algorithm for finding outlier correlations in binary data. Our derandomized algorithm gives deterministic subquadratic scaling essentially for the same parameter range as Valiant\u27s randomized algorithm, but the precise constants we save over quadratic scaling are more modest. Our main technical tool for derandomization is an explicit family of correlation amplifiers built via a family of zigzag-product expanders in Reingold, Vadhan, and Wigderson [Ann. of Math 155(2002), 157-187]. We say that a function f:{-1,1}^d ->{-1,1}^D is a correlation amplifier with threshold 0 = 1, and strength p an even positive integer if for all pairs of vectors x,y in {-1,1}^d it holds that (i) ||| | >= tau*d implies (/gamma^d})^p*D /d)^p*D
- …