9 research outputs found
Entropic Compressibility of L\'evy Processes
In contrast to their seemingly simple and shared structure of independence
and stationarity, L\'evy processes exhibit a wide variety of behaviors, from
the self-similar Wiener process to piecewise-constant compound Poisson
processes. Inspired by the recent paper of Ghourchian, Amini, and Gohari, we
characterize their compressibility by studying the entropy of their double
discretization (both in time and amplitude) in the regime of vanishing
discretization steps. For a L\'evy process with absolutely continuous
marginals, this reduces to understanding the asymptotics of the differential
entropy of its marginals at small times. We generalize known results for stable
processes to the non-stable case, and conceptualize a new compressibility
hierarchy of L\'evy processes, captured by their Blumenthal-Getoor index.Comment: 26 pages, 1 figur
Towards Data Auctions with Externalities
The design of data markets has gained importance as firms increasingly use
predictions from machine learning models to streamline operations, yet need to
externally acquire training data to fit such models. One aspect that has
received limited consideration is the externality a firm faces when data is
allocated to competing firms. Such externalities couple firms' optimal
allocations, despite the inherent free replicability of data. In this paper, we
demonstrate that the presence of externalities increases the optimal revenue of
a monopolistic data seller by letting firms pay to prevent allocations to other
competing firms. This is shown by first reducing the combinatorial problem of
allocating and pricing multiple datasets to the auction of a single digital
good. We achieve this by modeling utility for data solely through the increase
in prediction accuracy it provides. Then, we find the welfare and revenue
maximizing mechanisms, highlighting how the forms of firms' private information
- whether they know the externalities they exert on others or vice-versa -
affects their overall structures. In all cases, the optimal allocation rule is
a single threshold (one per firm), where either all data is allocated or none
is
How to Subvert Backdoored Encryption: Security Against Adversaries that Decrypt All Ciphertexts
In this work, we examine the feasibility of secure and undetectable point-to-point communication when an adversary (e.g., a government) can read all encrypted communications of surveillance targets. We consider a model where the only permitted method of communication is via a government-mandated encryption scheme, instantiated with government-mandated keys. Parties cannot simply encrypt ciphertexts of some other encryption scheme, because citizens caught trying to communicate outside the government\u27s knowledge (e.g., by encrypting strings which do not appear to be natural language plaintexts) will be arrested. The one guarantee we suppose is that the government mandates an encryption scheme which is semantically secure against outsiders: a perhaps reasonable supposition when a government might consider it advantageous to secure its people\u27s communication against foreign entities. But then, what good is semantic security against an adversary that holds all the keys and has the power to decrypt?
We show that even in the pessimistic scenario described, citizens can communicate securely and undetectably. In our terminology, this translates to a positive statement: all semantically secure encryption schemes support subliminal communication. Informally, this means that there is a two-party protocol between Alice and Bob where the parties exchange ciphertexts of what appears to be a normal conversation even to someone who knows the secret keys and thus can read the corresponding plaintexts. And yet, at the end of the protocol, Alice will have transmitted her secret message to Bob. Our security definition requires that the adversary not be able to tell whether Alice and Bob are just having a normal conversation using the mandated encryption scheme, or they are using the mandated encryption scheme for subliminal communication.
Our topics may be thought to fall broadly within the realm of steganography. However, we deal with the non-standard setting of an adversarially chosen distribution of cover objects (i.e., a stronger-than-usual adversary), and we take advantage of the fact that our cover objects are ciphertexts of a semantically secure encryption scheme to bypass impossibility results which we show for broader classes of steganographic schemes. We give several constructions of subliminal communication schemes under the assumption that key exchange protocols with pseudorandom messages exist (such as Diffie-Hellman, which in fact has truly random messages)
Data Structures Meet Cryptography: 3SUM with Preprocessing
This paper shows several connections between data structure problems and
cryptography against preprocessing attacks. Our results span data structure
upper bounds, cryptographic applications, and data structure lower bounds, as
summarized next.
First, we apply Fiat--Naor inversion, a technique with cryptographic origins,
to obtain a data structure upper bound. In particular, our technique yields a
suite of algorithms with space and (online) time for a preprocessing
version of the -input 3SUM problem where .
This disproves a strong conjecture (Goldstein et al., WADS 2017) that there is
no data structure that solves this problem for and for any constant .
Secondly, we show equivalence between lower bounds for a broad class of
(static) data structure problems and one-way functions in the random oracle
model that resist a very strong form of preprocessing attack. Concretely, given
a random function (accessed as an oracle) we show how to
compile it into a function which resists -bit
preprocessing attacks that run in query time where
(assuming a corresponding data structure lower bound
on 3SUM). In contrast, a classical result of Hellman tells us that itself
can be more easily inverted, say with -bit preprocessing in
time. We also show that much stronger lower bounds follow from the hardness of
kSUM. Our results can be equivalently interpreted as security against
adversaries that are very non-uniform, or have large auxiliary input, or as
security in the face of a powerfully backdoored random oracle.
Thirdly, we give non-adaptive lower bounds for 3SUM and a range of geometric
problems which match the best known lower bounds for static data structure
problems
Budget-Feasible Mechanism Design for Non-Monotone Submodular Objectives: Offline and Online
The framework of budget-feasible mechanism design studies procurement
auctions where the auctioneer (buyer) aims to maximize his valuation function
subject to a hard budget constraint. We study the problem of designing truthful
mechanisms that have good approximation guarantees and never pay the
participating agents (sellers) more than the budget. We focus on the case of
general (non-monotone) submodular valuation functions and derive the first
truthful, budget-feasible and -approximate mechanisms that run in
polynomial time in the value query model, for both offline and online auctions.
Prior to our work, the only -approximation mechanism known for
non-monotone submodular objectives required an exponential number of value
queries.
At the heart of our approach lies a novel greedy algorithm for non-monotone
submodular maximization under a knapsack constraint. Our algorithm builds two
candidate solutions simultaneously (to achieve a good approximation), yet
ensures that agents cannot jump from one solution to the other (to implicitly
enforce truthfulness). Ours is the first mechanism for the problem
where---crucially---the agents are not ordered with respect to their marginal
value per cost. This allows us to appropriately adapt these ideas to the online
setting as well.
To further illustrate the applicability of our approach, we also consider the
case where additional feasibility constraints are present. We obtain
-approximation mechanisms for both monotone and non-monotone submodular
objectives, when the feasible solutions are independent sets of a -system.
With the exception of additive valuation functions, no mechanisms were known
for this setting prior to our work. Finally, we provide lower bounds suggesting
that, when one cares about non-trivial approximation guarantees in polynomial
time, our results are asymptotically best possible.Comment: Accepted to EC 201
Budget-feasible mechanism design for non-monotone submodular objectives: Offline and online
The framework of budget-feasible mechanism design studies procurement auctions where the auctioneer (buyer) aims to maximize his valuation function subject to a hard budget constraint. We study the problem of designing truthful mechanisms that have good approximation guarantees and never pay the participating agents (sellers) more than the budget. We focus on the case of general (non-monotone) submodular valuation functions and derive the first truthful, budget-feasible and O(1)-approximation mechanisms that run in polynomial time in the value query model, for both offline and online auctions. Since the introduction of the problem by Singer [40], obtaining efficient mechanisms for objectives that go beyond the class of monotone submodular functions has been elusive. Prior to our work, the only O(1)-approximation mechanism known for non-monotone submodular objectives required an exponential number of value queries. At the heart of our approach lies a novel greedy algorithm for non-monotone submodular maximization under a knapsack constraint. Our algorithm builds two candidate solutions simultaneously (to achieve a good approximation), yet ensures that agents cannot jump from one solution to the other (to implicitly enforce truthfulness). Ours is the first mechanism for the problem where-crucially-the agents are not ordered according to their marginal value per cost. This allows us to appropriately adapt these ideas to the online setting as well. To further illustrate the applicability of our approach, we also consider the case where additional feasibility constraints are present, e.g., at most k agents can be selected. We obtain O(p)-approximation mechanisms for both monotone and non-monotone submodular objectives, when the feasible solutions are independent sets of a p-system. With the exception of additive valuation functions, no mechanisms were known for this setting prior to our work. Finally, we provide lower bounds suggesting that, when one cares about non-trivial approximation guaran
Maximization of Approximately Submodular Functions
We study the problem of maximizing a function that is approximately submodular under a cardinality constraint. Approximate submodularity implicitly appears in a wide range of applications as in many cases errors in evaluation of a submodular function break submodularity. Say that F is ε-approximately submodular if there exists a submodular function f such that (1−ε)f (S) ≤ F (S) ≤ (1+ε)f (S) for all subsets S. We are interested in characterizing the query-complexity of maximizing F subject to a cardinality constraint k as a function of the error level ε > 0. We provide both lower and upper bounds: for ε > n −1/2 we show an exponential query-complexity lower bound. In contrast, when ε < 1/k or under a stronger bounded curvature assumption, we give constant approximation algorithms
How to subvert backdoored encryption: Security against adversaries that decrypt all ciphertexts
© Thibaut Horel, Sunoo Park, Silas Richelson, and Vinod Vaikuntanathan. In this work, we examine the feasibility of secure and undetectable point-to-point communication when an adversary (e.g., a government) can read all encrypted communications of surveillance targets. We consider a model where the only permitted method of communication is via a government-mandated encryption scheme, instantiated with government-mandated keys. Parties cannot simply encrypt ciphertexts of some other encryption scheme, because citizens caught trying to communicate outside the government’s knowledge (e.g., by encrypting strings which do not appear to be natural language plaintexts) will be arrested. The one guarantee we suppose is that the government mandates an encryption scheme which is semantically secure against outsiders: a perhaps reasonable supposition when a government might consider it advantageous to secure its people’s communication against foreign entities. But then, what good is semantic security against an adversary that holds all the keys and has the power to decrypt? We show that even in the pessimistic scenario described, citizens can communicate securely and undetectably. In our terminology, this translates to a positive statement: all semantically secure encryption schemes support subliminal communication. Informally, this means that there is a two-party protocol between Alice and Bob where the parties exchange ciphertexts of what appears to be a normal conversation even to someone who knows the secret keys and thus can read the corresponding plaintexts. And yet, at the end of the protocol, Alice will have transmitted her secret message to Bob. Our security definition requires that the adversary not be able to tell whether Alice and Bob are just having a normal conversation using the mandated encryption scheme, or they are using the mandated encryption scheme for subliminal communication. Our topics may be thought to fall broadly within the realm of steganography. However, we deal with the non-standard setting of an adversarially chosen distribution of cover objects (i.e., a stronger-than-usual adversary), and we take advantage of the fact that our cover objects are ciphertexts of a semantically secure encryption scheme to bypass impossibility results which we show for broader classes of steganographic schemes. We give several constructions of subliminal communication schemes under the assumption that key exchange protocols with pseudorandom messages exist (such as Diffie-Hellman, which in fact has truly random messages)