Distributed computing and cryptography with general weak random sources

The use of randomness in computer science is ubiquitous. Randomized protocols have turned out to be much more efficient than their deterministic counterparts. In addition, many problems in distributed computing and cryptography are impossible to solve without randomness. However, these applications typically require uniform random bits, while in practice almost all natural random phenomena are biased. Moreover, even originally uniform random bits can be damaged if an adversary learns some partial information about these bits. In this thesis, we study how to run randomized protocols in distributed computing and cryptography with imperfect randomness. We use the most general model for imperfect randomness where the weak random source is only required to have a certain amount of min-entropy. One important tool here is the randomness extractor. A randomness extractor is a function that takes as input one or more weak random sources, and outputs a distribution that is close to uniform in statistical distance. Randomness extractors are interesting in their own right and are closely related to many other problems in computer science. Giving efficient constructions of randomness extractors with optimal parameters is one of the major open problems in the area of pseudorandomness. We construct network extractor protocols that extract private random bits for parties in a communication network, assuming that they each start with an independent weak random source, and some parties are corrupted by an adversary who sees all communications in the network. These protocols imply fault-tolerant distributed computing protocols and secure multi-party computation protocols where only imperfect randomness is available. The probabilistic method shows that there exists an extractor for two independent sources with logarithmic min-entropy, while known constructions are far from achieving these parameters. In this thesis we construct extractors for two independent sources with any linear min-entropy, based on a computational assumption. We also construct the best known extractors for three independent sources and affine sources. Finally we study the problem of privacy amplification. In this model, two parties share a private weak random source and they wish to agree on a private uniform random string through communications in a channel controlled by an adversary, who has unlimited computational power and can change the messages in arbitrary ways. All previous results assume that the two parties have local uniform random bits. We show that this problem can be solved even if the two parties only have local weak random sources. We also improve previous results in various aspects by constructing the first explicit non-malleable extractor and giving protocols based on this extractor.Computer Science

Three-Source Extractors for Polylogarithmic Min-Entropy

We continue the study of constructing explicit extractors for independent general weak random sources. The ultimate goal is to give a construction that matches what is given by the probabilistic method --- an extractor for two independent $n$-bit weak random sources with min-entropy as small as $\log n+O(1)$. Previously, the best known result in the two-source case is an extractor by Bourgain \cite{Bourgain05}, which works for min-entropy $0.49n$; and the best known result in the general case is an earlier work of the author \cite{Li13b}, which gives an extractor for a constant number of independent sources with min-entropy $\mathsf{polylog(n)}$. However, the constant in the construction of \cite{Li13b} depends on the hidden constant in the best known seeded extractor, and can be large; moreover the error in that construction is only $1/\mathsf{poly(n)}$. In this paper, we make two important improvements over the result in \cite{Li13b}. First, we construct an explicit extractor for \emph{three} independent sources on $n$ bits with min-entropy $k \geq \mathsf{polylog(n)}$. In fact, our extractor works for one independent source with poly-logarithmic min-entropy and another independent block source with two blocks each having poly-logarithmic min-entropy. Thus, our result is nearly optimal, and the next step would be to break the $0.49n$ barrier in two-source extractors. Second, we improve the error of the extractor from $1/\mathsf{poly(n)}$ to $2^{-k^{\Omega(1)}}$, which is almost optimal and crucial for cryptographic applications. Some of the techniques developed here may be of independent interests

Coherence effects in disordered geometries with a field-theory dual

We investigate the holographic dual of a probe scalar in an asymptotically Anti-de-Sitter (AdS) disordered background which is an exact solution of Einstein's equations in three bulk dimensions. Unlike other approaches to model disorder in holography, we are able to explore quantum wave-like interference effects between an oscillating or random source and the geometry. In the weak-disorder limit, we compute analytically and numerically the one-point correlation function of the dual field theory for different choices of sources and backgrounds. The most interesting feature is the suppression of the one-point function in the presence of an oscillating source and weak random background. We have also computed analytically and numerically the two-point function in the weak disorder limit. We have found that, in general, the perturbative contribution induces an additional power-law decay whose exponent depends on the distribution of disorder. For certain choices of the gravity background, this contribution becomes dominant for large separations which indicates breaking of perturbation theory and the possible existence of a phase transition induced by disorder.Comment: 36 pages, 19 figs, v3 accepted versio

Security of quantum key distribution with imperfect devices

We prove the security of the Bennett-Brassard (BB84) quantum key distribution protocol in the case where the source and detector are under the limited control of an adversary. Our proof applies when both the source and the detector have small basis-dependent flaws, as is typical in practical implementations of the protocol. We derive a general lower bound on the asymptotic key generation rate for weakly basis-dependent eavesdropping attacks, and also estimate the rate in some special cases: sources that emit weak coherent states with random phases, detectors with basis-dependent efficiency, and misaligned sources and detectors.Comment: 22 pages. (v3): Minor changes. (v2): Extensively revised and expanded. New results include a security proof for generic small flaws in the source and the detecto

Moment-Based Ellipticity Measurement as a Statistical Parameter Estimation Problem

We show that galaxy ellipticity estimation for weak gravitational lensing with unweighted image moments reduces to the problem of measuring a combination of the means of three independent normal random variables. Under very general assumptions, the intrinsic image moments of sources can be recovered from observations including effects such as the point-spread function and pixellation. Gaussian pixel noise turns these into three jointly normal random variables, the means of which are algebraically related to the ellipticity. We show that the random variables are approximately independent with known variances, and provide an algorithm for making them exactly independent. Once the framework is developed, we derive general properties of the ellipticity estimation problem, such as the signal-to-noise ratio, a generic form of an ellipticity estimator, and Cram\'er-Rao lower bounds for an unbiased estimator. We then derive the unbiased ellipticity estimator using unweighted image moments. We find that this unbiased estimator has a poorly behaved distribution and does not converge in practical applications, but demonstrates how to derive and understand the behaviour of new moment-based ellipticity estimators.Comment: 11 pages, 7 figures; v2 matches accepted version with minor change

Finite Device-Independent Extraction of a Block Min-Entropy Source against Quantum Adversaries

The extraction of randomness from weakly random seeds is a problem of central importance with multiple applications. In the device-independent setting, this problem of quantum randomness amplification has been mainly restricted to specific weak sources of Santha-Vazirani type, while extraction from the general min-entropy sources has required a large number of separated devices which is impractical. In this paper, we present a device-independent protocol for amplification of a single min-entropy source (consisting of two blocks of sufficiently high min-entropy) using a device consisting of two spatially separated components and show a proof of its security against general quantum adversaries.Comment: 17 page

Chaos and localization in the wavefunctions of complex atoms NdI, PmI and SmI

Wavefunctions of complex lanthanide atoms NdI, PmI and SmI, obtained via multi-configuration Dirac-Fock method, are analyzed for density of states in terms of partial densities, strength functions ($F_k(E)$), number of principal components ($\xi_2(E)$) and occupancies (\lan n_\alpha \ran^E) of single particle orbits using embedded Gaussian orthogonal ensemble of one plus two-body random matrix ensembles [EGOE(1+2)]. It is seen that density of states are in general multi-modal, $F_k(E)$'s exhibit variations as function of the basis states energy and $\xi_2(E)$'s show structures arising from localized states. The sources of these departures from EGOE(1+2) are investigated by examining the partial densities, correlations between $F_k(E)$, $\xi_2(E)$ and \lan n_\alpha \ran^E and also by studying the structure of the Hamiltonian matrices. These studies point out the operation of EGOE(1+2) but at the same time suggest that weak admixing between well separated configurations should be incorporated into EGOE(1+2) for more quantitative description of chaos and localization in NdI, PmI and SmI.Comment: There are 9 figure

Randomness Extraction in AC0 and with Small Locality

Randomness extractors, which extract high quality (almost-uniform) random bits from biased random sources, are important objects both in theory and in practice. While there have been significant progress in obtaining near optimal constructions of randomness extractors in various settings, the computational complexity of randomness extractors is still much less studied. In particular, it is not clear whether randomness extractors with good parameters can be computed in several interesting complexity classes that are much weaker than P. In this paper we study randomness extractors in the following two models of computation: (1) constant-depth circuits (AC0), and (2) the local computation model. Previous work in these models, such as [Vio05a], [GVW15] and [BG13], only achieve constructions with weak parameters. In this work we give explicit constructions of randomness extractors with much better parameters. As an application, we use our AC0 extractors to study pseudorandom generators in AC0, and show that we can construct both cryptographic pseudorandom generators (under reasonable computational assumptions) and unconditional pseudorandom generators for space bounded computation with very good parameters. Our constructions combine several previous techniques in randomness extractors, as well as introduce new techniques to reduce or preserve the complexity of extractors, which may be of independent interest. These include (1) a general way to reduce the error of strong seeded extractors while preserving the AC0 property and small locality, and (2) a seeded randomness condenser with small locality.Comment: 62 page