162 research outputs found

    Low-Complexity Codes for Random and Clustered High-Order Failures in Storage Arrays

    Get PDF
    RC (Random/Clustered) codes are a new efficient array-code family for recovering from 4-erasures. RC codes correct most 4-erasures, and essentially all 4-erasures that are clustered. Clustered erasures are introduced as a new erasure model for storage arrays. This model draws its motivation from correlated device failures, that are caused by physical proximity of devices, or by age proximity of endurance-limited solid-state drives. The reliability of storage arrays that employ RC codes is analyzed and compared to known codes. The new RC code is significantly more efficient, in all practical implementation factors, than the best known 4-erasure correcting MDS code. These factors include: small-write update-complexity, full-device update-complexity, decoding complexity and number of supported devices in the array

    A Dichotomy for Local Small-Bias Generators

    Get PDF
    We consider pseudorandom generators in which each output bit depends on a constant number of input bits. Such generators have appealingly simple structure: they can be described by a sparse input-output dependency graph and a small predicate that is applied at each output. Following the works of Cryan and Miltersen (MFCS\u2701) and by Mossel et al (STOC\u2703), we focus on the study of ``small-bias generators (that fool linear distinguishers). We prove that for most graphs, all but a handful of ``degenerate\u27\u27 predicates yield small-bias generators, f\colon \bit^n \rightarrow \bit^m, with output length m = n^{1 + \eps} for some constant \eps > 0. Conversely, we show that for most graphs, ``degenerate\u27\u27 predicates are not secure against linear distinguishers. Taken together, these results expose a dichotomy: every predicate is either very hard or very easy, in the sense that it either yields a small-bias generator for almost all graphs or fails to do so for almost all graphs. As a secondary contribution, we attempt to support the view that small-bias is a good measure of pseudorandomness for local functions with large stretch. We do so by demonstrating that resilience to linear distinguishers implies resilience to a larger class of attacks

    Luby-Velickovic-Wigderson Revisited: Improved Correlation Bounds and Pseudorandom Generators for Depth-Two Circuits

    Get PDF
    We study correlation bounds and pseudorandom generators for depth-two circuits that consist of a SYM\mathsf{SYM}-gate (computing an arbitrary symmetric function) or THR\mathsf{THR}-gate (computing an arbitrary linear threshold function) that is fed by SS AND\mathsf{AND} gates. Such circuits were considered in early influential work on unconditional derandomization of Luby, Veli\v{c}kovi\'c, and Wigderson [LVW93], who gave the first non-trivial PRG with seed length 2O(log⁥(S/Δ))2^{O(\sqrt{\log(S/\varepsilon)})} that Δ\varepsilon-fools these circuits. In this work we obtain the first strict improvement of [LVW93]'s seed length: we construct a PRG that Δ\varepsilon-fools size-SS {SYM,THR}∘AND\{\mathsf{SYM},\mathsf{THR}\} \circ\mathsf{AND} circuits over {0,1}n\{0,1\}^n with seed length 2O(log⁥S)+polylog(1/Δ), 2^{O(\sqrt{\log S })} + \mathrm{polylog}(1/\varepsilon), an exponential (and near-optimal) improvement of the Δ\varepsilon-dependence of [LVW93]. The above PRG is actually a special case of a more general PRG which we establish for constant-depth circuits containing multiple SYM\mathsf{SYM} or THR\mathsf{THR} gates, including as a special case {SYM,THR}∘AC0\{\mathsf{SYM},\mathsf{THR}\} \circ \mathsf{AC^0} circuits. These more general results strengthen previous results of Viola [Vio06] and essentially strengthen more recent results of Lovett and Srinivasan [LS11]. Our improved PRGs follow from improved correlation bounds, which are transformed into PRGs via the Nisan--Wigderson "hardness versus randomness" paradigm [NW94]. The key to our improved correlation bounds is the use of a recent powerful \emph{multi-switching} lemma due to H{\aa}stad [H{\aa}s14]

    Fractional Pseudorandom Generators from Any Fourier Level

    Get PDF
    We prove new results on the polarizing random walk framework introduced in recent works of Chattopadhyay {et al.} [CHHL19,CHLT19] that exploit L1L_1 Fourier tail bounds for classes of Boolean functions to construct pseudorandom generators (PRGs). We show that given a bound on the kk-th level of the Fourier spectrum, one can construct a PRG with a seed length whose quality scales with kk. This interpolates previous works, which either require Fourier bounds on all levels [CHHL19], or have polynomial dependence on the error parameter in the seed length [CHLT10], and thus answers an open question in [CHLT19]. As an example, we show that for polynomial error, Fourier bounds on the first O(log⁥n)O(\log n) levels is sufficient to recover the seed length in [CHHL19], which requires bounds on the entire tail. We obtain our results by an alternate analysis of fractional PRGs using Taylor's theorem and bounding the degree-kk Lagrange remainder term using multilinearity and random restrictions. Interestingly, our analysis relies only on the \emph{level-k unsigned Fourier sum}, which is potentially a much smaller quantity than the L1L_1 notion in previous works. By generalizing a connection established in [CHH+20], we give a new reduction from constructing PRGs to proving correlation bounds. Finally, using these improvements we show how to obtain a PRG for F2\mathbb{F}_2 polynomials with seed length close to the state-of-the-art construction due to Viola [Vio09], which was not known to be possible using this framework

    Fourier Conjectures, Correlation Bounds, and Majority

    Get PDF

    A Complete Study of Two Classes of Boolean Functions: Direct Sums of Monomials and Threshold Functions

    Get PDF
    In this paper, we make a comprehensive study of two classes of Boolean functions whose interest originally comes from hybrid symmetric-FHE encryption (with stream ciphers like FiLIP), but which also present much interest for general stream ciphers. The functions in these two classes are cheap and easy to implement, and they allow the resistance to all classical attacks and to their guess and determine variants as well. We determine exactly all the main cryptographic parameters (algebraic degree, resiliency order, nonlinearity, algebraic immunity) for all functions in these two classes, and we give close bounds for the others (fast algebraic immunity, the dimension of the space of annihilators of minimal degree). This is the first time that this is done for all functions in large classes of cryptographic interest

    Circuit Size Lower Bounds and #SAT Upper Bounds Through a General Framework

    Get PDF
    Most of the known lower bounds for binary Boolean circuits with unrestricted depth are proved by the gate elimination method. The most efficient known algorithms for the #SAT problem on binary Boolean circuits use similar case analyses to the ones in gate elimination. Chen and Kabanets recently showed that the known case analyses can also be used to prove average case circuit lower bounds, that is, lower bounds on the size of approximations of an explicit function. In this paper, we provide a general framework for proving worst/average case lower bounds for circuits and upper bounds for #SAT that is built on ideas of Chen and Kabanets. A proof in such a framework goes as follows. One starts by fixing three parameters: a class of circuits, a circuit complexity measure, and a set of allowed substitutions. The main ingredient of a proof goes as follows: by going through a number of cases, one shows that for any circuit from the given class, one can find an allowed substitution such that the given measure of the circuit reduces by a sufficient amount. This case analysis immediately implies an upper bound for #SAT. To~obtain worst/average case circuit complexity lower bounds one needs to present an explicit construction of a function that is a disperser/extractor for the class of sources defined by the set of substitutions under consideration. We show that many known proofs (of circuit size lower bounds and upper bounds for #SAT) fall into this framework. Using this framework, we prove the following new bounds: average case lower bounds of 3.24n and 2.59n for circuits over U_2 and B_2, respectively (though the lower bound for the basis B_2 is given for a quadratic disperser whose explicit construction is not currently known), and faster than 2^n #SAT-algorithms for circuits over U_2 and B_2 of size at most 3.24n and 2.99n, respectively. Here by B_2 we mean the set of all bivariate Boolean functions, and by U_2 the set of all bivariate Boolean functions except for parity and its complement

    Efficient public-key cryptography with bounded leakage and tamper resilience

    Get PDF
    We revisit the question of constructing public-key encryption and signature schemes with security in the presence of bounded leakage and tampering memory attacks. For signatures we obtain the first construction in the standard model; for public-key encryption we obtain the first construction free of pairing (avoiding non-interactive zero-knowledge proofs). Our constructions are based on generic building blocks, and, as we show, also admit efficient instantiations under fairly standard number-theoretic assumptions. The model of bounded tamper resistance was recently put forward by DamgÄrd et al. (Asiacrypt 2013) as an attractive path to achieve security against arbitrary memory tampering attacks without making hardware assumptions (such as the existence of a protected self-destruct or key-update mechanism), the only restriction being on the number of allowed tampering attempts (which is a parameter of the scheme). This allows to circumvent known impossibility results for unrestricted tampering (Gennaro et al., TCC 2010), while still being able to capture realistic tampering attack
    • 

    corecore