21,204 research outputs found
Optimization of Tree Modes for Parallel Hash Functions: A Case Study
This paper focuses on parallel hash functions based on tree modes of
operation for an inner Variable-Input-Length function. This inner function can
be either a single-block-length (SBL) and prefix-free MD hash function, or a
sponge-based hash function. We discuss the various forms of optimality that can
be obtained when designing parallel hash functions based on trees where all
leaves have the same depth. The first result is a scheme which optimizes the
tree topology in order to decrease the running time. Then, without affecting
the optimal running time we show that we can slightly change the corresponding
tree topology so as to minimize the number of required processors as well.
Consequently, the resulting scheme decreases in the first place the running
time and in the second place the number of required processors.Comment: Preprint version. Added citations, IEEE Transactions on Computers,
201
Statistical Zero Knowledge and quantum one-way functions
One-way functions are a very important notion in the field of classical
cryptography. Most examples of such functions, including factoring, discrete
log or the RSA function, can be, however, inverted with the help of a quantum
computer. In this paper, we study one-way functions that are hard to invert
even by a quantum adversary and describe a set of problems which are good such
candidates. These problems include Graph Non-Isomorphism, approximate Closest
Lattice Vector and Group Non-Membership. More generally, we show that any hard
instance of Circuit Quantum Sampling gives rise to a quantum one-way function.
By the work of Aharonov and Ta-Shma, this implies that any language in
Statistical Zero Knowledge which is hard-on-average for quantum computers,
leads to a quantum one-way function. Moreover, extending the result of
Impagliazzo and Luby to the quantum setting, we prove that quantum
distributionally one-way functions are equivalent to quantum one-way functions.
Last, we explore the connections between quantum one-way functions and the
complexity class QMA and show that, similarly to the classical case, if any of
the above candidate problems is QMA-complete then the existence of quantum
one-way functions leads to the separation of QMA and AvgBQP.Comment: 20 pages; Computational Complexity, Cryptography and Quantum Physics;
Published version, main results unchanged, presentation improve
Hashing with binary autoencoders
An attractive approach for fast search in image databases is binary hashing,
where each high-dimensional, real-valued image is mapped onto a
low-dimensional, binary vector and the search is done in this binary space.
Finding the optimal hash function is difficult because it involves binary
constraints, and most approaches approximate the optimization by relaxing the
constraints and then binarizing the result. Here, we focus on the binary
autoencoder model, which seeks to reconstruct an image from the binary code
produced by the hash function. We show that the optimization can be simplified
with the method of auxiliary coordinates. This reformulates the optimization as
alternating two easier steps: one that learns the encoder and decoder
separately, and one that optimizes the code for each image. Image retrieval
experiments, using precision/recall and a measure of code utilization, show the
resulting hash function outperforms or is competitive with state-of-the-art
methods for binary hashing.Comment: 22 pages, 11 figure
On the Combinatorial Version of the Slepian-Wolf Problem
We study the following combinatorial version of the Slepian-Wolf coding
scheme. Two isolated Senders are given binary strings and respectively;
the length of each string is equal to , and the Hamming distance between the
strings is at most . The Senders compress their strings and
communicate the results to the Receiver. Then the Receiver must reconstruct
both strings and . The aim is to minimise the lengths of the transmitted
messages.
For an asymmetric variant of this problem (where one of the Senders transmits
the input string to the Receiver without compression) with deterministic
encoding a nontrivial lower bound was found by A.Orlitsky and K.Viswanathany.
In our paper we prove a new lower bound for the schemes with syndrome coding,
where at least one of the Senders uses linear encoding of the input string.
For the combinatorial Slepian-Wolf problem with randomized encoding the
theoretical optimum of communication complexity was recently found by the first
author, though effective protocols with optimal lengths of messages remained
unknown. We close this gap and present a polynomial time randomized protocol
that achieves the optimal communication complexity.Comment: 20 pages, 14 figures. Accepted to IEEE Transactions on Information
Theory (June 2018
Cache-Oblivious Peeling of Random Hypergraphs
The computation of a peeling order in a randomly generated hypergraph is the
most time-consuming step in a number of constructions, such as perfect hashing
schemes, random -SAT solvers, error-correcting codes, and approximate set
encodings. While there exists a straightforward linear time algorithm, its poor
I/O performance makes it impractical for hypergraphs whose size exceeds the
available internal memory.
We show how to reduce the computation of a peeling order to a small number of
sequential scans and sorts, and analyze its I/O complexity in the
cache-oblivious model. The resulting algorithm requires
I/Os and time to peel a random hypergraph with edges.
We experimentally evaluate the performance of our implementation of this
algorithm in a real-world scenario by using the construction of minimal perfect
hash functions (MPHF) as our test case: our algorithm builds a MPHF of
billion keys in less than hours on a single machine. The resulting data
structure is both more space-efficient and faster than that obtained with the
current state-of-the-art MPHF construction for large-scale key sets
Random Oracles in a Quantum World
The interest in post-quantum cryptography - classical systems that remain
secure in the presence of a quantum adversary - has generated elegant proposals
for new cryptosystems. Some of these systems are set in the random oracle model
and are proven secure relative to adversaries that have classical access to the
random oracle. We argue that to prove post-quantum security one needs to prove
security in the quantum-accessible random oracle model where the adversary can
query the random oracle with quantum states.
We begin by separating the classical and quantum-accessible random oracle
models by presenting a scheme that is secure when the adversary is given
classical access to the random oracle, but is insecure when the adversary can
make quantum oracle queries. We then set out to develop generic conditions
under which a classical random oracle proof implies security in the
quantum-accessible random oracle model. We introduce the concept of a
history-free reduction which is a category of classical random oracle
reductions that basically determine oracle answers independently of the history
of previous queries, and we prove that such reductions imply security in the
quantum model. We then show that certain post-quantum proposals, including ones
based on lattices, can be proven secure using history-free reductions and are
therefore post-quantum secure. We conclude with a rich set of open problems in
this area.Comment: 38 pages, v2: many substantial changes and extensions, merged with a
related paper by Boneh and Zhandr
A Sparse Johnson--Lindenstrauss Transform
Dimension reduction is a key algorithmic tool with many applications
including nearest-neighbor search, compressed sensing and linear algebra in the
streaming model. In this work we obtain a {\em sparse} version of the
fundamental tool in dimension reduction --- the Johnson--Lindenstrauss
transform. Using hashing and local densification, we construct a sparse
projection matrix with just non-zero entries
per column. We also show a matching lower bound on the sparsity for a large
class of projection matrices. Our bounds are somewhat surprising, given the
known lower bounds of both on the number of rows
of any projection matrix and on the sparsity of projection matrices generated
by natural constructions.
Using this, we achieve an update time per
non-zero element for a -approximate projection, thereby
substantially outperforming the update time
required by prior approaches. A variant of our method offers the same
guarantees for sparse vectors, yet its worst case running time
matches the best approach of Ailon and Liberty.Comment: 10 pages, conference version
- …