1 / 33

The Unified Theory of Pseudorandomness

The Unified Theory of Pseudorandomness. Salil Vadhan Harvard University See also monograph-in-progress Pseudorandomness http://seas.harvard.edu/~salil/pseudorandomness. Pseudorandomness. Theory of efficiently generating objects that “look random” despite being constructed

naomi-clarke
Download Presentation

The Unified Theory of Pseudorandomness

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Unified Theory ofPseudorandomness Salil VadhanHarvard University See also monograph-in-progress Pseudorandomnesshttp://seas.harvard.edu/~salil/pseudorandomness

  2. Pseudorandomness Theory of efficiently generating objects that “look random” despite being constructed with little or no randomness.

  3. Motivation Computer Science • Derandomization: converting randomized algorithms into deterministic algorithms. • Cryptography: generating lots of unpredictable bits (e.g. for encryption) from a short key • Useful “Pseudorandom Objects” (e.g. error-correcting codes). Mathematics • Explicit Constructions matching Probabilistic Method (e.g. Ramsey graphs) • Analyzing mathematical structures: e.g. the primes are dense in a “pseudorandom” set of integers [Green-Tao04]

  4. “Pseudorandom Objects” • Error-correcting codes: make data resilient to corruption • Expander graphs: highly connected but sparse graphs • Samplers: estimate avg with few samples & random bits • Randomness extractors: convert biased & correlated bits to almost-uniform random bits. • Hardness amplifiers: convert worst-case hard functions into average-case hard ones. • Pseudorandom generators: stretch short seed to many bits that “look random” to efficient algorithms. For each, randomly chosen object achieves very good parameters. Goal is explicit constructions – ones that are efficient & deterministic.

  5. “Pseudorandom Objects” • Error-correcting codes: make data resilient to corruption • Expander graphs: highly connected but sparse graphs • Samplers: estimate avg with few samples & random bits • Randomness extractors: convert biased & correlated bits to almost-uniform random bits. • Hardness amplifiers: convert worst-case hard functions into average-case hard ones. • Pseudorandom generators: stretch short seed to many bits that “look random” to efficient algorithms. For each, randomly chosen object achieves very good parameters. Goal is explicit constructions – ones that are efficient & deterministic.

  6. A Unified Theory Through work of many researchers over 2 decades: • All of these objects are essentially the same when viewed appropriately. • Much progress by exploiting connections to translate constructions and ideas from one object to another. This talk: • Single “list-decoding” framework that captures all the objects. • Highlights similarities and differences.

  7. An Incomplete List of References • D. Zuckerman “Randomness-optimal oblivious sampling”, 1996. • L. Trevisan “Extractors and Pseudorandom Generators”, 1999. • M. Sudan, L. Trevisan, S. Vadhan “Pseudorandom Generators without the XOR Lemma”, 1999. • A. Ta-Shma, D. Zuckerman “Extractor codes”, 2001. • V. Guruswami, C. Umans, S. Vadhan “Unbalanced Expanders and Randomness Extractors from Parvaresh-Vardy Codes”, 2007. • See proceedings & monograph for more.

  8. The Framework Syntactic form of object: : [N]x[D][M] For T [M], let LIST(T,)={x[N] : Pry[(x,y)T] > } Semantic property: For all TC, |LIST (T,)| K Notes/conventions: • Sometimes require “constructing” LIST(T,) to be “efficient” • LIST(T,1)={x[N] : Pry[(x,y)T] = 1} • A=2a, B=2b,...,  : {0,1}n {0,1}d {0,1}m

  9. List-Decodable Codes

  10. Error-Correcting Codes Goal: encode data s.t. can recover from errors. D q-ary symbols n bits encoding message m codeword Enc(m) corrupt < frac. decoding received word r • Example: Reed-Solomon code Enc(f)=(f(1),…,f(D)), fFq[x]

  11. List-Decodable Codes Q: What if noise too high (=1-1/q-) for unique decoding? D q-ary symbols n bits encoding message m codeword Enc(m)  corrupt < 1-1/q-frac. message m1 decoding received word r message m2 • Def: Enc : [N] [q]D is (K,) list-decodableif r [q]D, there are  K messages m s.t. Enc(m) agrees with r in more than 1/q+ positions. message mK

  12. List-Decodable Codes • Def: Enc : [N] [q]D is (K,) list-decodableif r [q]D, there are  K messages m s.t. Enc(m) agrees with r in more than 1/q+ positions. • Goals • Minimize D (e.g.Dlog q=O(n)). • Minimize  (e.g. small constant independent of n). • Minimize q (e.g. q=O(1) or q=poly(n)). • Minimize K (e.g. K=poly(n)).

  13. List-Decodable Codes in the Framework Given Enc : [N] [q]D, define  : [N] [D] [D][q] via (x,y)=(y,Enc(x)y). Proposition: Enc (K,) list-decodable  r [q]D |LIST(Tr,1/q+)|  K, where Tr = {(y,ry) : y [D]} Proof:x LIST(Tr,1/q+) Pry[(x,y)Tr]>1/q+ Pry[Enc(x)y=ry]>1/q+.

  14. Comparison •  : [N][D] [M] • N=2n,D=2d,… • T  [M] • LIST(T,)={x[N] : Pry[(x,y)T] > }

  15. AVERAGING SAMPLERS

  16. Sampling • Goal: given “oracle access” to a function f : [M] {0,1}, estimate (f) := Ez[f(z)] by making few queries to f. • Natural approach: choose random points z1,…,zD[M], and output (1/D)if(zi). • For D=O((1/2)log(1/)), correct within  with probability  1-. • Don’t need full independence; “pseudorandom” samples suffice, such as: • pairwise independence (e.g. zi=ai+b, for a,bFM) • random walks on expander graphs.

  17. Averaging Samplers Def: Samp : [N] [M]D is a (,) averaging sampler if for every f : [M] {0,1}, we have Pr(z1,…,zD) Samp(U[N])[(1/D)if(zi) > (f)+]  Goals: • Minimize D (ideally D=O((1/2)log(1/)). • Maximize m=log M. • Minimize n=log N (ideally n=m+log(1/)). • Minimize ,  (often  constant, but =o(1)).

  18. Samplers in the Framework Def: Samp : [N] [M]D is a (,) averaging sampler if for every f : [M] {0,1}, we have Pr(z1,…,zD) Samp(U[N])[(1/D)if(zi) > (f)+]  Given Samp, define  : [N][D] [M] via (x,y)=Samp(x)y. Proposition: Samp (,) averaging samplerT [M] |LIST(T,(T)+)|N

  19. Comparison •  : [N][D] [M] • N=2n,D=2d,… • T  [M] • LIST(T,)={x[N] : Pry[(x,y)T] > }

  20. Expander Graphs

  21. S, |S| K D (Bipartite) Expander Graphs N Goals: • Minimize D • Maximize A • Maximize K • [Minimize M] M “(K,A) expander” |Nbrs(S)|  A¢|S| • Example: • [N]=[M]=Fp • Nbrs(x)={x+1,x-1,x-1} • Classic Params: • M=N • D, A > 1 constants. • K= N /2

  22. S, |S| K D List-Decoding View of Expanders N • Given G, let (x,y) = y’th neighbor of x. • Prop: G is a (K,A) expander iffTµ[M] of size < AK, we have |LIST(T,1)| < |T|/A. M “(K,A) expander” |(S)|  A¢ K

  23. Comparison •  : [N][D] [M] • N=2n,D=2d,… • T  [M] • LIST(T,)={x[N] : Pry[(x,y)T] > }

  24. PSEUDORANDOM GENERATORS

  25. Pseudorandom Generators • looks random: for every “computationally feasible” test T : {0,1}m{0,1}, |Pry[T(G(y))=1]-Prz[T(z)=1]| . • computationally feasible: computable by a circuit of size t, or, equivalently, a time t algorithm with t bits of advice. • useful for cryptography, derandomizing probabilistic algorithms G m bits that “look random” d-bit seed

  26. PRG Constructions • Q: Do efficiently computable PRGs exist? Open! Requires proving NP  P, or at least EXPBPP. • Instead show: if there are sufficiently hard functions (say in EXP), then efficient PRGs exist.

  27. Black-box PRG Constructions construction Def: G is a (t,k,) black-box PRG construction if  R s.t. •  f  T s.t. Pry[T(Gf(y))=1] > Prz[T(z)=1] +  w {0,1}ks.t. RwT computes f everywhere. • R is computable in time t with oracle access to T. Gf : {0,1}d {0,1}m f : {0,1}l {0,1} reduction RwT : {0,1}l {0,1} test T : {0,1}m {0,1} w/ k-bit advice w Prop: if f can’t be computed by circuits of size s, then Gf is -pseudorandom vs. circuits of size  s/t

  28. Black-box PRG Constructions construction Def: G is a (t,k,) black-box PRG construction if  R s.t. •  f  T s.t. Pry[T(Gf(y))=1] > Prz[T(z)=1] +  w {0,1}ks.t. RwT computes f everywhere. • R is computable in time t with oracle access to T. Gf : {0,1}d {0,1}m f : {0,1}l {0,1} reduction RwT : {0,1}l {0,1} test T : {0,1}m {0,1} w/ k-bit advice w • Common parameters: • t=k=m=1/[c, 2/c] for arbitrarily large constant c, d=O().

  29. PRGs in the Framework construction Take n=2l and define (f,y) = Gf(y) Proposition: G an (,k,) PRG const.  T [M] |LIST(T,(T)+)|K. Proof: fLIST(T,(T)+) Pry[T(Gf(y))=1]>Prz[T(z)=1]+  K such f’s they can be named with k bits of advice Gf : {0,1}d {0,1}m f : {0,1}l {0,1} reduction RwT : {0,1}l {0,1} test T : {0,1}m {0,1} w/ k-bit advice w

  30. PRGs in the Framework construction Q: What about efficient reductions? A: Analogous to efficient “local list decoding”: compute each bit of the “message” f using few queries to “received word” T. Gf : {0,1}d {0,1}m f : {0,1}l {0,1} reduction RwT : {0,1}l {0,1} test T : {0,1}m {0,1} w/ k-bit advice w

  31. Comparison •  : [N][D] [M] • N=2n,D=2d,… • T  [M] • LIST(T,)={x[N] : Pry[(x,y)T] > }

  32. Comparison

  33. Conclusions • Many pseudorandom objects are almost equivalent. • Each brings different intuition, techniques, parameters. • Open: single construction  : [N] [D] [M] optimal for all? • For every T [M],  [0,1], |LIST(T,)|  f(|T|,) for f as small as possible. • (x,y) = (y,) •  poly-time computable • Efficient local list-decoding • For more information, see proceedings and http://seas.harvard.edu/~salil/pseudorandomness

More Related