1,311 research outputs found
On Extractors and Exposure-Resilient Functions for Sublogarithmic Entropy
We study deterministic extractors for oblivious bit-fixing sources (a.k.a.
resilient functions) and exposure-resilient functions with small min-entropy:
of the function's n input bits, k << n bits are uniformly random and unknown to
the adversary. We simplify and improve an explicit construction of extractors
for bit-fixing sources with sublogarithmic k due to Kamp and Zuckerman (SICOMP
2006), achieving error exponentially small in k rather than polynomially small
in k. Our main result is that when k is sublogarithmic in n, the short output
length of this construction (O(log k) output bits) is optimal for extractors
computable by a large class of space-bounded streaming algorithms.
Next, we show that a random function is an extractor for oblivious bit-fixing
sources with high probability if and only if k is superlogarithmic in n,
suggesting that our main result may apply more generally. In contrast, we show
that a random function is a static (resp. adaptive) exposure-resilient function
with high probability even if k is as small as a constant (resp. log log n). No
explicit exposure-resilient functions achieving these parameters are known
Impossibility of independence amplification in Kolmogorov complexity theory
The paper studies randomness extraction from sources with bounded
independence and the issue of independence amplification of sources, using the
framework of Kolmogorov complexity. The dependency of strings and is
, where
denotes the Kolmogorov complexity. It is shown that there exists a
computable Kolmogorov extractor such that, for any two -bit strings with
complexity and dependency , it outputs a string of length
with complexity conditioned by any one of the input
strings. It is proven that the above are the optimal parameters a Kolmogorov
extractor can achieve. It is shown that independence amplification cannot be
effectively realized. Specifically, if (after excluding a trivial case) there
exist computable functions and such that for all -bit strings and with , then
Recommended from our members
Extracting Randomness from Samplable Distributions
The standard notion of a randomness extractor is a procedure which converts any weak source of randomness into an almost uniform distribution. The conversion necessarily uses a small amount of pure randomness, which can be eliminated by complete enumeration in some, but not all, applications.
Here, we consider the problem of deterministically converting a weak source of randomness into an almost uniform distribution. Previously, deterministic extraction procedures were known only for sources satisfying strong independence requirements. In this paper, we look at sources which are samplable, i.e., can be generated by an efficient sampling algorithm. We seek an efficient deterministic procedure that, given a sample from any samplable distribution of sufficiently large min-entropy, gives an almost uniformly distributed output. We explore the conditions under which such deterministic extractors exist.
We observe that no deterministic extractor exists if the sampler is allowed to use more computational resources than the extractor. On the other hand, if the extractor is allowed (polynomially) more resources than the sampler, we show that deterministic extraction becomes possible. This is true unconditionally in the nonuniform setting (i.e., when the extractor can be computed by a small circuit), and (necessarily) relies on complexity assumptions in the uniform setting.
One of our uniform constructions is as follows: assuming that there are problems in E=DTIME(2^{{O(n)}) that are not solvable by subexponential-size circuits with Sigma_6 gates, there is an efficient extractor that transforms any samplable distribution of length n and min-entropy (1-gamma)n into an output distribution of length (1-O(gamma))n, where gamma is any sufficiently small constant. The running time of the extractor is polynomial in n and the circuit complexity of the sampler. These extractors are based on a connection between deterministic extraction from samplable distributions and hardness against nondeterministic circuits, and on the use of nondeterminism to substantially speed up "list decoding" algorithms for error-correcting codes such as multivariate polynomial codes and Hadamard-like codes.Engineering and Applied Science
Randomness amplification against no-signaling adversaries using two devices
Recently, a physically realistic protocol amplifying the randomness of
Santha-Vazirani sources producing cryptographically secure random bits was
proposed; however for reasons of practical relevance, the crucial question
remained open whether this can be accomplished under the minimal conditions
necessary for the task. Namely, is it possible to achieve randomness
amplification using only two no-signaling components and in a situation where
the violation of a Bell inequality only guarantees that some outcomes of the
device for specific inputs exhibit randomness? Here, we solve this question and
present a device-independent protocol for randomness amplification of
Santha-Vazirani sources using a device consisting of two non-signaling
components. We show that the protocol can amplify any such source that is not
fully deterministic into a fully random source while tolerating a constant
noise rate and prove the composable security of the protocol against general
no-signaling adversaries. Our main innovation is the proof that even the
partial randomness certified by the two-party Bell test (a single input-output
pair () for which the conditional probability
is bounded away from for all no-signaling
strategies that optimally violate the Bell inequality) can be used for
amplification. We introduce the methodology of a partial tomographic procedure
on the empirical statistics obtained in the Bell test that ensures that the
outputs constitute a linear min-entropy source of randomness. As a technical
novelty that may be of independent interest, we prove that the Santha-Vazirani
source satisfies an exponential concentration property given by a recently
discovered generalized Chernoff bound.Comment: 15 pages, 3 figure
On the Round Complexity of Randomized Byzantine Agreement
We prove lower bounds on the round complexity of randomized Byzantine agreement (BA) protocols, bounding the halting probability of such protocols after one and two rounds. In particular, we prove that:
1) BA protocols resilient against n/3 [resp., n/4] corruptions terminate (under attack) at the end of the first round with probability at most o(1) [resp., 1/2+ o(1)].
2) BA protocols resilient against n/4 corruptions terminate at the end of the second round with probability at most 1-Theta(1).
3) For a large class of protocols (including all BA protocols used in practice) and under a plausible combinatorial conjecture, BA protocols resilient against n/3 [resp., n/4] corruptions terminate at the end of the second round with probability at most o(1) [resp., 1/2 + o(1)].
The above bounds hold even when the parties use a trusted setup phase, e.g., a public-key infrastructure (PKI).
The third bound essentially matches the recent protocol of Micali (ITCS\u2717) that tolerates up to n/3 corruptions and terminates at the end of the third round with constant probability
- …