Vipul Goyal, Y. Ishai, H. K. Maji, A. Sahai, Alexander A. Sherstov
We consider the problem of distributing a computation between two parties, such that any bounded-communication leakage function applied to the local views of the two parties reveals essentially nothing about the input. This problem can be motivated by the goal of outsourcing computations on sensitive data to two servers in the cloud, where both servers can be simultaneously corrupted by viruses that have a limited communication bandwidth. We present a simple and efficient reduction of the above problem to that of constructing parity-resilient circuits, namely circuits that map an encoded input to an encoded output so that the parity of any subset of the wires is essentially independent of the input. We then construct parity-resilient circuits from circuits that are resilient to local leakage, which can in turn be obtained from protocols for secure multiparty computation. Our main reduction builds on a novel generalization of the ε-biased masking lemma that applies to interactive protocols. Applying the above, we obtain two-party protocols with resilience to bounded-communication leakage either in the information-theoretic setting, relying on random oblivious transfer correlations, or in the computational setting, relying on non-committing encryption which can be based on a variety of standard cryptographic assumptions.
{"title":"Bounded-Communication Leakage Resilience via Parity-Resilient Circuits","authors":"Vipul Goyal, Y. Ishai, H. K. Maji, A. Sahai, Alexander A. Sherstov","doi":"10.1109/FOCS.2016.10","DOIUrl":"https://doi.org/10.1109/FOCS.2016.10","url":null,"abstract":"We consider the problem of distributing a computation between two parties, such that any bounded-communication leakage function applied to the local views of the two parties reveals essentially nothing about the input. This problem can be motivated by the goal of outsourcing computations on sensitive data to two servers in the cloud, where both servers can be simultaneously corrupted by viruses that have a limited communication bandwidth. We present a simple and efficient reduction of the above problem to that of constructing parity-resilient circuits, namely circuits that map an encoded input to an encoded output so that the parity of any subset of the wires is essentially independent of the input. We then construct parity-resilient circuits from circuits that are resilient to local leakage, which can in turn be obtained from protocols for secure multiparty computation. Our main reduction builds on a novel generalization of the ε-biased masking lemma that applies to interactive protocols. Applying the above, we obtain two-party protocols with resilience to bounded-communication leakage either in the information-theoretic setting, relying on random oblivious transfer correlations, or in the computational setting, relying on non-committing encryption which can be based on a variety of standard cryptographic assumptions.","PeriodicalId":414001,"journal":{"name":"2016 IEEE 57th Annual Symposium on Foundations of Computer Science (FOCS)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128123450","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Lipschitz extensions were proposed as a tool for designing differentially private algorithms for approximating graph statistics. However, efficiently computable Lipschitz extensions were known only for 1-dimensional functions (that is, functions that output a single real value). We study efficiently computable Lipschitz extensions for multi-dimensional (that is, vector-valued) functions on graphs. We show that, unlike for 1-dimensional functions, Lipschitz extensions of higher-dimensional functions on graphs do not always exist, even with a non-unit stretch. We design Lipschitz extensions with small stretch for the sorted degree list and degree distribution of a graph, viewed as functions from the space of graphs equipped with the node distance into real space equipped with l1. Our extensions are from the space of bounded-degree graphs to the space of arbitrary graphs. The extensions use convex programming and are efficiently computable. We also develop a new tool for employing Lipschitz extensions in differentially private algorithms that operate with no prior knowledge of the graph (and, in particular, no knowledge of the degree bound). Specifically, we generalize the exponential mechanism, a widely used tool in data privacy. The exponential mechanism is given a collection of score functions that map datasets to real values. It returns the name of the function with nearly minimum value on the dataset. Our generalized exponential mechanism provides better accuracy than the standard exponential mechanism when the sensitivity of an optimal score function is much smaller than the maximum sensitivity over all score functions. We use our Lipschitz extensions and the generalized exponential mechanism to design a node differentially private algorithm for approximating the degree distribution of a sensitive graph. Our algorithm is much more accurate than those from previous work. In particular, our algorithm is accurate on all graphs whose degree distributions decay at least as fast as those of "scale-free" graphs. Using our methodology, we also obtain more accurate node-private algorithms for 1-dimensional statistics.
{"title":"Lipschitz Extensions for Node-Private Graph Statistics and the Generalized Exponential Mechanism","authors":"Sofya Raskhodnikova, Adam D. Smith","doi":"10.1109/FOCS.2016.60","DOIUrl":"https://doi.org/10.1109/FOCS.2016.60","url":null,"abstract":"Lipschitz extensions were proposed as a tool for designing differentially private algorithms for approximating graph statistics. However, efficiently computable Lipschitz extensions were known only for 1-dimensional functions (that is, functions that output a single real value). We study efficiently computable Lipschitz extensions for multi-dimensional (that is, vector-valued) functions on graphs. We show that, unlike for 1-dimensional functions, Lipschitz extensions of higher-dimensional functions on graphs do not always exist, even with a non-unit stretch. We design Lipschitz extensions with small stretch for the sorted degree list and degree distribution of a graph, viewed as functions from the space of graphs equipped with the node distance into real space equipped with l1. Our extensions are from the space of bounded-degree graphs to the space of arbitrary graphs. The extensions use convex programming and are efficiently computable. We also develop a new tool for employing Lipschitz extensions in differentially private algorithms that operate with no prior knowledge of the graph (and, in particular, no knowledge of the degree bound). Specifically, we generalize the exponential mechanism, a widely used tool in data privacy. The exponential mechanism is given a collection of score functions that map datasets to real values. It returns the name of the function with nearly minimum value on the dataset. Our generalized exponential mechanism provides better accuracy than the standard exponential mechanism when the sensitivity of an optimal score function is much smaller than the maximum sensitivity over all score functions. We use our Lipschitz extensions and the generalized exponential mechanism to design a node differentially private algorithm for approximating the degree distribution of a sensitive graph. Our algorithm is much more accurate than those from previous work. In particular, our algorithm is accurate on all graphs whose degree distributions decay at least as fast as those of \"scale-free\" graphs. Using our methodology, we also obtain more accurate node-private algorithms for 1-dimensional statistics.","PeriodicalId":414001,"journal":{"name":"2016 IEEE 57th Annual Symposium on Foundations of Computer Science (FOCS)","volume":"136 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123255305","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The main contribution of this work is an explicit construction of extractors for near logarithmic min-entropy. For any δ > 0 we construct an extractor for O(1/δ) n-bit sources with min-entropy (logn)1+δ. This is most interesting when δ is set to a small constant, though the result also yields an extractor for O(log logn) sources with logarithmic min-entropy. Prior to this work, the best explicit extractor in terms of supporting least-possible min-entropy, due to Li (FOCS'15), requires min-entropy (logn)2+δ from its O(1/δ) sources. Further, all current techniques for constructing multi-source extractors "break" below min-entropy (log n)2. In fact, existing techniques do not provide even a disperser for o(log n) sources each with min-entropy (log n)1.99. Apart from being a natural problem, supporting logarithmic min-entropy has applications to combinatorics. A two-source disperser, let alone an extractor, for min-entropy O(log n) induces a (log, nO(1))-Ramsey graph on n vertices. Thus, constructing such dispersers would be a significant step towards constructively matching Erdös' proof for the existence of (2log n)-Ramsey graphs on n vertices. Our construction does not rely on the sophisticated primitives that were key to the substantial recent progress on multi-source extractors, such as non-malleable extractors, correlation breakers, the lightest-bin condenser, or extractors for non-oblivious bit-fixing sources, although some of these primitives can be combined with our construction so to improve the output length and the error guarantee. Instead, at the heart of our construction is a new primitive called an independence-preserving merger. The construction of the latter builds on the alternating extraction technique.
{"title":"Extractors for Near Logarithmic Min-Entropy","authors":"Gil Cohen, L. Schulman","doi":"10.1109/FOCS.2016.27","DOIUrl":"https://doi.org/10.1109/FOCS.2016.27","url":null,"abstract":"The main contribution of this work is an explicit construction of extractors for near logarithmic min-entropy. For any δ > 0 we construct an extractor for O(1/δ) n-bit sources with min-entropy (logn)1+δ. This is most interesting when δ is set to a small constant, though the result also yields an extractor for O(log logn) sources with logarithmic min-entropy. Prior to this work, the best explicit extractor in terms of supporting least-possible min-entropy, due to Li (FOCS'15), requires min-entropy (logn)2+δ from its O(1/δ) sources. Further, all current techniques for constructing multi-source extractors \"break\" below min-entropy (log n)2. In fact, existing techniques do not provide even a disperser for o(log n) sources each with min-entropy (log n)1.99. Apart from being a natural problem, supporting logarithmic min-entropy has applications to combinatorics. A two-source disperser, let alone an extractor, for min-entropy O(log n) induces a (log, nO(1))-Ramsey graph on n vertices. Thus, constructing such dispersers would be a significant step towards constructively matching Erdös' proof for the existence of (2log n)-Ramsey graphs on n vertices. Our construction does not rely on the sophisticated primitives that were key to the substantial recent progress on multi-source extractors, such as non-malleable extractors, correlation breakers, the lightest-bin condenser, or extractors for non-oblivious bit-fixing sources, although some of these primitives can be combined with our construction so to improve the output length and the error guarantee. Instead, at the heart of our construction is a new primitive called an independence-preserving merger. The construction of the latter builds on the alternating extraction technique.","PeriodicalId":414001,"journal":{"name":"2016 IEEE 57th Annual Symposium on Foundations of Computer Science (FOCS)","volume":"52 2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130262394","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A typical obstacle one faces when constructing pseudorandom objects is undesired correlations between random variables. Identifying this obstacle and constructing certain types of “correlation breakers” was central for recent exciting advances in the construction of multi-source and nonmalleable extractors. One instantiation of correlation breakers is correlation breakers with advice. These are algorithms that break the correlation a “bad” random variable Y ' has with a “good” random variable Y using an “advice” - a fixed string α that is associated with Y which is guaranteed to be distinct from the corresponding string α' associated with Y '. Prior to this work, explicit constructions of correlation breakers with advice require the entropy of the involved random variables to depend linearly on the advice length. In this work, building on independence-preserving mergers, a pseudorandom primitive that was recently introduced by Cohen and Schulman, we devise a new construction of correlation breakers with advice that has optimal, logarithmic, dependence on the advice length. This enables us to obtain the following results. . We construct an extractor for 5 independent n-bit sources with min-entropy (log n)1+o(1). This result puts us tantalizingly close to the goal of constructing extractors for 2 sources with min-entropy O(log n), which would have exciting implications to Ramsey theory. . We construct non-malleable extractors with error guarantee ε for n-bit sources, with seed length d = O(log n)+ (log(1/ε))1+o(1) for any min-entropy k = Ω(d). Prior to this work, all constructions require either very high minentropy or otherwise have seed length ω(log n) for any ε. Further, our extractor has near-optimal output length. Prior constructions that achieve comparable output length work only for very high min-entropy k ≈ n/2. . By instantiating the Dodis-Wichs framework with our non-malleable extractor, we obtain near-optimal privacy amplification protocols against active adversaries, improving upon all (incomparable) known protocols.
{"title":"Making the Most of Advice: New Correlation Breakers and Their Applications","authors":"Gil Cohen","doi":"10.1109/FOCS.2016.28","DOIUrl":"https://doi.org/10.1109/FOCS.2016.28","url":null,"abstract":"A typical obstacle one faces when constructing pseudorandom objects is undesired correlations between random variables. Identifying this obstacle and constructing certain types of “correlation breakers” was central for recent exciting advances in the construction of multi-source and nonmalleable extractors. One instantiation of correlation breakers is correlation breakers with advice. These are algorithms that break the correlation a “bad” random variable Y ' has with a “good” random variable Y using an “advice” - a fixed string α that is associated with Y which is guaranteed to be distinct from the corresponding string α' associated with Y '. Prior to this work, explicit constructions of correlation breakers with advice require the entropy of the involved random variables to depend linearly on the advice length. In this work, building on independence-preserving mergers, a pseudorandom primitive that was recently introduced by Cohen and Schulman, we devise a new construction of correlation breakers with advice that has optimal, logarithmic, dependence on the advice length. This enables us to obtain the following results. . We construct an extractor for 5 independent n-bit sources with min-entropy (log n)1+o(1). This result puts us tantalizingly close to the goal of constructing extractors for 2 sources with min-entropy O(log n), which would have exciting implications to Ramsey theory. . We construct non-malleable extractors with error guarantee ε for n-bit sources, with seed length d = O(log n)+ (log(1/ε))1+o(1) for any min-entropy k = Ω(d). Prior to this work, all constructions require either very high minentropy or otherwise have seed length ω(log n) for any ε. Further, our extractor has near-optimal output length. Prior constructions that achieve comparable output length work only for very high min-entropy k ≈ n/2. . By instantiating the Dodis-Wichs framework with our non-malleable extractor, we obtain near-optimal privacy amplification protocols against active adversaries, improving upon all (incomparable) known protocols.","PeriodicalId":414001,"journal":{"name":"2016 IEEE 57th Annual Symposium on Foundations of Computer Science (FOCS)","volume":"89 1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123560711","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Robert Robere, T. Pitassi, Benjamin Rossman, S. Cook
Monotone span programs are a linear-algebraic model of computation which were introduced by Karchmer and Wigderson in 1993 [1]. They are known to be equivalent to linear secret sharing schemes, and have various applications in complexity theory and cryptography. Lower bounds for monotone span programs have been difficult to obtain because they use non-monotone operations to compute monotone functions, in fact, the best known lower bounds are quasipolynomial for a function in (nonmonotone) P [2]. A fundamental open problem is to prove exponential lower bounds on monotone span program size for any explicit function. We resolve this open problem by giving exponential lower bounds on monotone span program size for a function in monotone P. This also implies the first exponential lower bounds for linear secret sharing schemes. Our result is obtained by proving exponential lower bounds using Razborov's rank method [3], a measure that is strong enough to prove lower bounds for many monotone models. As corollaries we obtain new proofs of exponential lower bounds for monotone formula size, monotone switching network size, and the first lower bounds for monotone comparator circuit size for a function in monotone P. We also obtain new polynomial degree lower bounds for Nullstellensatz refutations using an interpolation theorem of Pudlak and Sgall [4]. Finally, we obtain quasipolynomial lower bounds on the rank measure for the st-connectivity function, implying tight bounds for st-connectivity in all of the computational models mentioned above.
{"title":"Exponential Lower Bounds for Monotone Span Programs","authors":"Robert Robere, T. Pitassi, Benjamin Rossman, S. Cook","doi":"10.1109/FOCS.2016.51","DOIUrl":"https://doi.org/10.1109/FOCS.2016.51","url":null,"abstract":"Monotone span programs are a linear-algebraic model of computation which were introduced by Karchmer and Wigderson in 1993 [1]. They are known to be equivalent to linear secret sharing schemes, and have various applications in complexity theory and cryptography. Lower bounds for monotone span programs have been difficult to obtain because they use non-monotone operations to compute monotone functions, in fact, the best known lower bounds are quasipolynomial for a function in (nonmonotone) P [2]. A fundamental open problem is to prove exponential lower bounds on monotone span program size for any explicit function. We resolve this open problem by giving exponential lower bounds on monotone span program size for a function in monotone P. This also implies the first exponential lower bounds for linear secret sharing schemes. Our result is obtained by proving exponential lower bounds using Razborov's rank method [3], a measure that is strong enough to prove lower bounds for many monotone models. As corollaries we obtain new proofs of exponential lower bounds for monotone formula size, monotone switching network size, and the first lower bounds for monotone comparator circuit size for a function in monotone P. We also obtain new polynomial degree lower bounds for Nullstellensatz refutations using an interpolation theorem of Pudlak and Sgall [4]. Finally, we obtain quasipolynomial lower bounds on the rank measure for the st-connectivity function, implying tight bounds for st-connectivity in all of the computational models mentioned above.","PeriodicalId":414001,"journal":{"name":"2016 IEEE 57th Annual Symposium on Foundations of Computer Science (FOCS)","volume":"211 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115222486","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The most classic textbook hash function, e.g. taught in CLRS [MIT Press'09], is h(x) = ((ax + b) mod p) mod m, (◇) where x, a, b ϵ {0, 1, ..., p-1} and a, b are chosen uniformly at random. It is known that (◇) is 2-independent and almost uniform provided p is a prime and p ≫ m. This implies that when using (◇) to build a hash table with chaining that contains n ≤ m keys, the expected query time is O(1) and the expected length of the longest chain is O(√n). This result holds for any 2-independent hash function. No hash function can improve on the expected query time, but the upper bound on the expected length of the longest chain is not known to be tight for (◇). Partially addressing this problem, Alon et al. [STOC'97] proved the existence of a class of linear hash functions such that the expected length of the longest chain is (√n) and leave as an open problem to decide which nontrivial properties (◇) has. We make the first progress on this fundamental problem, by showing that the expected length of the longest chain is at most n1/3o(1) which means that the performance of (◇) is similar to that of a independent hash function for which we can prove an upper bound of O(n1/3). As a lemma we show that within a fixed set of integers there are few pairs such that the height of the ratio of the pairs are small. Given two non-zero coprime integers n, m ϵ ℤ with the height of n/m is max t{|n|, |m|}, and the height is a way of measuring how complex a fraction is. This is proved using a mixture of techniques from additive combinatorics and number theory, and we believe that the result might be of independent interest. For a natural variation of (◇), we show that it is possible to apply second order moment bounds even when a hash value is fixed. As a consequence: For min-wise hashing it was known that any key from a set of n keys has the smallest hash value with probability O (1√n). We improve this to n-1+o(1). For linear probing it was known that the worst case expected query time is O (√n). We improve this to no(1).
最经典的教科书哈希函数,例如在CLRS [MIT出版社'09]中教授的,是h(x) = ((ax + b) mod p) mod m,(◇)其中x, a, b ε{0,1,…, p-1}和a, b是均匀随机选择的。已知(◇)是2独立的且几乎一致的,只要p是素数且p < m。这意味着当使用(◇)构建包含n≤m个键的链哈希表时,期望查询时间为O(1),最长链的期望长度为O(√n)。这个结果适用于任何2独立的哈希函数。没有哈希函数可以提高期望的查询时间,但是最长链的期望长度的上界对于(◇)来说并不紧。Alon等人[STOC'97]部分解决了这个问题,证明了一类线性哈希函数的存在性,使得最长链的期望长度为(√n),并留下一个开放问题来决定哪些非平凡性质(◇)具有。我们在这个基本问题上取得了第一个进展,通过证明最长链的期望长度最多为n1/ 30(1),这意味着(◇)的性能类似于我们可以证明上界为O(n /3)的独立哈希函数的性能。作为一个引理,我们证明了在一个固定的整数集合中,很少有对使得这些对之比的高度很小。给定两个高度为n/m的非零素数n, m λ m等于max t{|n|, |m|},高度是衡量分数复杂程度的一种方式。这是使用加性组合学和数论的混合技术证明的,我们相信结果可能是独立的兴趣。对于(◇)的自然变化,我们证明了即使哈希值是固定的,也可以应用二阶矩界。结果是:对于最小散列,已知n个键的集合中的任何键具有最小的散列值,概率为O(1√n)。我们把它改进成n-1+ 0 (1)对于线性探测,已知最坏情况下的预期查询时间为O(√n)。我们将其改进为no(1)
{"title":"Linear Hashing Is Awesome","authors":"M. B. T. Knudsen","doi":"10.1109/FOCS.2016.45","DOIUrl":"https://doi.org/10.1109/FOCS.2016.45","url":null,"abstract":"The most classic textbook hash function, e.g. taught in CLRS [MIT Press'09], is h(x) = ((ax + b) mod p) mod m, (◇) where x, a, b ϵ {0, 1, ..., p-1} and a, b are chosen uniformly at random. It is known that (◇) is 2-independent and almost uniform provided p is a prime and p ≫ m. This implies that when using (◇) to build a hash table with chaining that contains n ≤ m keys, the expected query time is O(1) and the expected length of the longest chain is O(√n). This result holds for any 2-independent hash function. No hash function can improve on the expected query time, but the upper bound on the expected length of the longest chain is not known to be tight for (◇). Partially addressing this problem, Alon et al. [STOC'97] proved the existence of a class of linear hash functions such that the expected length of the longest chain is (√n) and leave as an open problem to decide which nontrivial properties (◇) has. We make the first progress on this fundamental problem, by showing that the expected length of the longest chain is at most n1/3o(1) which means that the performance of (◇) is similar to that of a independent hash function for which we can prove an upper bound of O(n1/3). As a lemma we show that within a fixed set of integers there are few pairs such that the height of the ratio of the pairs are small. Given two non-zero coprime integers n, m ϵ ℤ with the height of n/m is max t{|n|, |m|}, and the height is a way of measuring how complex a fraction is. This is proved using a mixture of techniques from additive combinatorics and number theory, and we believe that the result might be of independent interest. For a natural variation of (◇), we show that it is possible to apply second order moment bounds even when a hash value is fixed. As a consequence: For min-wise hashing it was known that any key from a set of n keys has the smallest hash value with probability O (1√n). We improve this to n-1+o(1). For linear probing it was known that the worst case expected query time is O (√n). We improve this to no(1).","PeriodicalId":414001,"journal":{"name":"2016 IEEE 57th Annual Symposium on Foundations of Computer Science (FOCS)","volume":"72 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127490437","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper, we apply tools from algebraic geometry to prove new results concerning extractors for algebraic sets, the recursive Fourier sampling problem, and VC dimension. We present a new construction of an extractor which works for algebraic sets defined by polynomials over GF(2) of substantially higher degree than the current state-of-the-art construction. We also exactly determine the GF(2)-polynomial degree of the recursive Fourier sampling problem and use this to provide new partial results towards a circuit lower bound for this problem. Finally, we answer a question concerning VC dimension, interpolation degree and the Hilbert function.
{"title":"The Hilbert Function, Algebraic Extractors, and Recursive Fourier Sampling","authors":"Zachary Remscrim","doi":"10.1109/FOCS.2016.29","DOIUrl":"https://doi.org/10.1109/FOCS.2016.29","url":null,"abstract":"In this paper, we apply tools from algebraic geometry to prove new results concerning extractors for algebraic sets, the recursive Fourier sampling problem, and VC dimension. We present a new construction of an extractor which works for algebraic sets defined by polynomials over GF(2) of substantially higher degree than the current state-of-the-art construction. We also exactly determine the GF(2)-polynomial degree of the recursive Fourier sampling problem and use this to provide new partial results towards a circuit lower bound for this problem. Finally, we answer a question concerning VC dimension, interpolation degree and the Hilbert function.","PeriodicalId":414001,"journal":{"name":"2016 IEEE 57th Annual Symposium on Foundations of Computer Science (FOCS)","volume":"113 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133787723","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We study the problem of computing the largest root of a real rooted polynomial p(x) to within error 'z' given only black box access to it, i.e., for any x, the algorithm can query an oracle for the value of p(x), but the algorithm is not allowed access to the coefficients of p(x). A folklore result for this problem is that the largest root of a polynomial can be computed in O(n log (1/z)) polynomial queries using the Newton iteration. We give a simple algorithm that queries the oracle at only O(log n log(1/z)) points, where n is the degree of the polynomial. Our algorithm is based on a novel approach for accelerating the Newton method by using higher derivatives.
我们研究了在给定黑盒访问权限的情况下,计算实根多项式p(x)在误差'z'内的最大根的问题,即对于任意x,算法可以查询到p(x)的值,但算法不允许访问p(x)的系数。这个问题的一个普遍结果是,多项式的最大根可以在使用牛顿迭代的O(n log (1/z))个多项式查询中计算出来。我们给出了一个简单的算法,它只在O(log n log(1/z))个点上查询oracle,其中n是多项式的次数。我们的算法是基于一种新颖的方法,通过使用高导数加速牛顿法。
{"title":"Accelerated Newton Iteration for Roots of Black Box Polynomials","authors":"Anand Louis, S. Vempala","doi":"10.1109/FOCS.2016.83","DOIUrl":"https://doi.org/10.1109/FOCS.2016.83","url":null,"abstract":"We study the problem of computing the largest root of a real rooted polynomial p(x) to within error 'z' given only black box access to it, i.e., for any x, the algorithm can query an oracle for the value of p(x), but the algorithm is not allowed access to the coefficients of p(x). A folklore result for this problem is that the largest root of a polynomial can be computed in O(n log (1/z)) polynomial queries using the Newton iteration. We give a simple algorithm that queries the oracle at only O(log n log(1/z)) points, where n is the degree of the polynomial. Our algorithm is based on a novel approach for accelerating the Newton method by using higher derivatives.","PeriodicalId":414001,"journal":{"name":"2016 IEEE 57th Annual Symposium on Foundations of Computer Science (FOCS)","volume":"63 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127059830","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We give a new, strongly polynomial algorithm and improved analysis of the metric s-t path TSP. It finds a tour of cost less than 1.53 times the optimum of the subtour elimination LP, while known examples show that 1.5 is a lower bound for the integrality gap. A key new idea is the deletion of some edges of Christofides' trees, and we show that the arising "reconnection" problems can be solved for a minor extra cost. On the one hand our algorithm and analysis extend previous tools, at the same time simplifying the framework. On the other hand new tools are introduced, such as a flow problem used for analyzing the reconnection cost, and the use of a set of more and more restrictive minimum cost spanning trees, each of which can still be found by the greedy algorithm. The latter leads to a simple Christofides-like algorithm completely avoiding the computation of a convex combination of spanning trees. Furthermore, the 3/2 target-bound is easily reached in some relevant new cases.
{"title":"The Salesman's Improved Paths: A 3/2+1/34 Approximation","authors":"András Sebö, A. V. Zuylen","doi":"10.1109/FOCS.2016.21","DOIUrl":"https://doi.org/10.1109/FOCS.2016.21","url":null,"abstract":"We give a new, strongly polynomial algorithm and improved analysis of the metric s-t path TSP. It finds a tour of cost less than 1.53 times the optimum of the subtour elimination LP, while known examples show that 1.5 is a lower bound for the integrality gap. A key new idea is the deletion of some edges of Christofides' trees, and we show that the arising \"reconnection\" problems can be solved for a minor extra cost. On the one hand our algorithm and analysis extend previous tools, at the same time simplifying the framework. On the other hand new tools are introduced, such as a flow problem used for analyzing the reconnection cost, and the use of a set of more and more restrictive minimum cost spanning trees, each of which can still be found by the greedy algorithm. The latter leads to a simple Christofides-like algorithm completely avoiding the computation of a convex combination of spanning trees. Furthermore, the 3/2 target-bound is easily reached in some relevant new cases.","PeriodicalId":414001,"journal":{"name":"2016 IEEE 57th Annual Symposium on Foundations of Computer Science (FOCS)","volume":"96 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124537183","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Party Ai of k parties A1,...,Ak receives on its forehead a t-tuple (ai1,...,ait) of elements from the group G = SL(2, q). The parties are promised that the interleaved product a11...ak1a12...ak2...a1t...akt is equal either to the identity e or to some other fixed element g ∈ G. Their goal is to determine which of e and g the interleaved product is equal to, using the least amount of communication. We show that for all fixed k and all sufficiently large t the communication is Ω(t log |G|), which is tight. As an application, we establish the security of the leakage-resilient circuits studied by Miles and Viola (STOC 2013) in the "only computation leaks" model. Our main technical contribution is of independent interest. We show that if X is a probability distribution on Gm such that any two coordinates are uniform in G2, then a pointwise product of s independent copies of X is nearly uniform in Gm, where s depends on m only.
{"title":"The Multiparty Communication Complexity of Interleaved Group Products","authors":"W. Gowers, Emanuele Viola","doi":"10.1109/FOCS.2016.39","DOIUrl":"https://doi.org/10.1109/FOCS.2016.39","url":null,"abstract":"Party A<sub>i</sub> of k parties A<sub>1</sub>,...,A<sub>k</sub> receives on its forehead a t-tuple (a<sub>i1</sub>,...,a<sub>it</sub>) of elements from the group G = SL(2, q). The parties are promised that the interleaved product a<sub>11</sub>...a<sub>k1</sub>a<sub>12</sub>...a<sub>k2</sub>...a<sub>1t</sub>...a<sub>kt</sub> is equal either to the identity e or to some other fixed element g ∈ G. Their goal is to determine which of e and g the interleaved product is equal to, using the least amount of communication. We show that for all fixed k and all sufficiently large t the communication is Ω(t log |G|), which is tight. As an application, we establish the security of the leakage-resilient circuits studied by Miles and Viola (STOC 2013) in the \"only computation leaks\" model. Our main technical contribution is of independent interest. We show that if X is a probability distribution on G<sup>m</sup> such that any two coordinates are uniform in G<sup>2</sup>, then a pointwise product of s independent copies of X is nearly uniform in G<sup>m</sup>, where s depends on m only.","PeriodicalId":414001,"journal":{"name":"2016 IEEE 57th Annual Symposium on Foundations of Computer Science (FOCS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130902164","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: