109 research outputs found
Improved Bounds on Quantum Learning Algorithms
In this article we give several new results on the complexity of algorithms
that learn Boolean functions from quantum queries and quantum examples.
Hunziker et al. conjectured that for any class C of Boolean functions, the
number of quantum black-box queries which are required to exactly identify an
unknown function from C is ,
where is a combinatorial parameter of the class C. We
essentially resolve this conjecture in the affirmative by giving a quantum
algorithm that, for any class C, identifies any unknown function from C using
quantum black-box
queries.
We consider a range of natural problems intermediate between the exact
learning problem (in which the learner must obtain all bits of information
about the black-box function) and the usual problem of computing a predicate
(in which the learner must obtain only one bit of information about the
black-box function). We give positive and negative results on when the quantum
and classical query complexities of these intermediate problems are
polynomially related to each other.
Finally, we improve the known lower bounds on the number of quantum examples
(as opposed to quantum black-box queries) required for -PAC
learning any concept class of Vapnik-Chervonenkis dimension d over the domain
from to . This new lower bound comes
closer to matching known upper bounds for classical PAC learning.Comment: Minor corrections. 18 pages. To appear in Quantum Information
Processing. Requires: algorithm.sty, algorithmic.sty to buil
Learning Convex Partitions and Computing Game-theoretic Equilibria from Best Response Queries
Suppose that an -simplex is partitioned into convex regions having
disjoint interiors and distinct labels, and we may learn the label of any point
by querying it. The learning objective is to know, for any point in the
simplex, a label that occurs within some distance from that point.
We present two algorithms for this task: Constant-Dimension Generalised Binary
Search (CD-GBS), which for constant uses queries, and Constant-Region Generalised Binary
Search (CR-GBS), which uses CD-GBS as a subroutine and for constant uses
queries.
We show via Kakutani's fixed-point theorem that these algorithms provide
bounds on the best-response query complexity of computing approximate
well-supported equilibria of bimatrix games in which one of the players has a
constant number of pure strategies. We also partially extend our results to
games with multiple players, establishing further query complexity bounds for
computing approximate well-supported equilibria in this setting.Comment: 38 pages, 7 figures, second version strengthens lower bound in
Theorem 6, adds footnotes with additional comments and fixes typo
Random Oracles in a Quantum World
The interest in post-quantum cryptography - classical systems that remain
secure in the presence of a quantum adversary - has generated elegant proposals
for new cryptosystems. Some of these systems are set in the random oracle model
and are proven secure relative to adversaries that have classical access to the
random oracle. We argue that to prove post-quantum security one needs to prove
security in the quantum-accessible random oracle model where the adversary can
query the random oracle with quantum states.
We begin by separating the classical and quantum-accessible random oracle
models by presenting a scheme that is secure when the adversary is given
classical access to the random oracle, but is insecure when the adversary can
make quantum oracle queries. We then set out to develop generic conditions
under which a classical random oracle proof implies security in the
quantum-accessible random oracle model. We introduce the concept of a
history-free reduction which is a category of classical random oracle
reductions that basically determine oracle answers independently of the history
of previous queries, and we prove that such reductions imply security in the
quantum model. We then show that certain post-quantum proposals, including ones
based on lattices, can be proven secure using history-free reductions and are
therefore post-quantum secure. We conclude with a rich set of open problems in
this area.Comment: 38 pages, v2: many substantial changes and extensions, merged with a
related paper by Boneh and Zhandr
Some Results on Average-Case Hardness Within the Polynomial Hierarchy
Abstract. We prove several results about the average-case complexity of problems in the Polynomial Hierarchy (PH). We give a connection among average-case, worst-case, and non-uniform complexity of optimization problems. Specifically, we show that if P NP is hard in the worst-case then it is either hard on the average (in the sense of Levin) or it is non-uniformly hard (i.e. it does not have small circuits). Recently, Gutfreund, Shaltiel and Ta-Shma (IEEE Conference on Computational Complexity, 2005) showed an interesting worst-case to averagecase connection for languages in NP, under a notion of average-case hardness defined using uniform adversaries. We show that extending their connection to hardness against quasi-polynomial time would imply that NEXP doesn’t have polynomial-size circuits. Finally we prove an unconditional average-case hardness result. We show that for each k, there is an explicit language in P Σ2 which is hard on average for circuits of size n k.
Blockwise -Tampering Attacks on Cryptographic Primitives, Extractors, and Learners
Austrin, Chung, Mahmoody, Pass and Seth (Crypto\u2714) studied the notion of bitwise -tampering attacks over randomized algorithms in which an efficient `virus\u27 gets to control each bit of the randomness with independent probability in an online way. The work of Austrin et al. showed how to break certain `privacy primitives\u27 (e.g., encryption, commitments, etc.) through bitwise -tampering, by giving a bitwise -tampering biasing attack for increasing the average of any efficient function by where is the variance of .
In this work, we revisit and extend the bitwise tampering model of Austrin et al. to blockwise setting, where blocks of randomness becomes tamperable with independent probability . Our main result is an efficient blockwise -tampering attack to bias the average of any efficient function mapping arbitrary to by regardless of how is partitioned into individually tamperable blocks . Relying on previous works, our main biasing attack immediately implies efficient attacks against the privacy primitives as well as seedless multi-source extractors, in a model where the attacker gets to tamper with each block (or source) of the randomness with independent probability . Further, we show how to increase the classification error of deterministic learners in the so called `targeted poisoning\u27 attack model under Valiant\u27s adversarial noise. In this model, an attacker has a `target\u27 test data in mind and wishes to increase the error of classifying while she gets to tamper with each training example with independent probability an in an online way
On the Complexity of Compressing Obfuscation
Indistinguishability obfuscation has become one of the most exciting cryptographic primitives due to its far reaching applications in cryptography and other fields. However, to date, obtaining a plausibly secure construction has been an illusive task, thus motivating the study of seemingly weaker primitives that imply it, with the possibility that they will be easier to construct.
In this work, we provide a systematic study of compressing obfuscation, one of the most natural and simple to describe primitives that is known to imply indistinguishability obfuscation when combined with other standard assumptions. A compressing obfuscator is roughly an indistinguishability obfuscator that outputs just a slightly compressed encoding of the truth table. This generalizes notions introduced by Lin et al.~(PKC 2016) and Bitansky et al.~(TCC 2016) by allowing for a broader regime of parameters.
We view compressing obfuscation as an independent cryptographic primitive and show various positive and negative results concerning its power and plausibility of existence, demonstrating significant differences from full-fledged indistinguishability obfuscation.
First, we show that as a cryptographic building block, compressing obfuscation is weak. In particular, when combined with one-way functions, it cannot be used (in a black-box way) to achieve public-key encryption, even under (sub-)exponential security assumptions. This is in sharp contrast to indistinguishability obfuscation, which together with one-way functions implies almost all cryptographic primitives.
Second, we show that to construct compressing obfuscation with perfect correctness, one only needs to assume its existence with a very weak correctness guarantee and polynomial hardness. Namely, we show a correctness amplification transformation with optimal parameters that relies only on polynomial hardness assumptions. This implies a universal construction assuming only polynomially secure compressing obfuscation with approximate correctness. In the context of indistinguishability obfuscation, we know how to achieve such a result only under sub-exponential security assumptions together with derandomization assumptions.
Lastly, we characterize the existence of compressing obfuscation with \emph{statistical} security. We show that in some range of parameters and for some classes of circuits such an obfuscator exists, whereas it is unlikely to exist with better parameters or for larger classes of circuits. These positive and negative results reveal a deep connection between compressing obfuscation and various concepts in complexity theory and learning theory
ON LEARNING DECISION TREES WITH LARGE OUTPUT DOMAINS
For two disjoint sets of variables, X and Y, and a class
of functions C, we define DT(X,Y,C) to be the class of all
decision trees over X whose leaves are functions from C over
Y. We study the learnability of DT(X,Y,C) using membership and
equivalence queries. Boolean decision trees, DT(X,,{0,1}),
were shown to be exactly learnable in [Bs93] but does this imply the
learnability of decision trees that have non-boolean leaves? A simple
encoding of all possible leaf values will work provided that the size of
C is reasonable. Our investigation involves several cases
where simple encoding is not feasible, i.e., when | C | is large.
We show how to learn decision trees whose leaves are learnable concepts
belonging to a class C, DT(X,Y,C), when the separation between the
variables X and Y is known. A simple algorithm for decision
trees whose leaves are constants, DT(X,,C), is also
presented.
Each case above requires at least s separate executions of the
algorithm from [Bs93] where s is the number of distinct leaves of
the tree but we show that if C is a bounded lattice,
DT(X,,C) is learnable using only one execution of this
algorithm.We are currently acquiring citations for the work deposited into this collection. We recognize the distribution rights of this item may have been assigned to another entity, other than the author(s) of the work.If you can provide the citation for this work or you think you own the distribution rights to this work please contact the Institutional Repository Administrator at [email protected]
- …