More Like this

1. Almost Chor-Goldreich Sources and Adversarial Random Walks

   https://doi.org/10.1145/3564246.3585134  

   Doron, Dean; Moshkovitz, Dana; Oh, Justin; Zuckerman, David (June 2023, Proceedings of the annual ACM Symposium on Theory of Computing)

   A Chor–Goldreich (CG) source is a sequence of random variables X = X1 ∘ … ∘ Xt, where each Xi ∼ {0,1}d and Xi has δ d min-entropy conditioned on any fixing of X1 ∘ … ∘ Xi−1. The parameter 0<δ≤ 1 is the entropy rate of the source. We typically think of d as constant and t as growing. We extend this notion in several ways, defining almost CG sources. Most notably, we allow each Xi to only have conditional Shannon entropy δ d. We achieve pseudorandomness results for almost CG sources which were not known to hold even for standard CG sources, and even for the weaker model of Santha–Vazirani sources: We construct a deterministic condenser that on input X, outputs a distribution which is close to having constant entropy gap, namely a distribution Z ∼ {0,1}m for m ≈ δ dt with min-entropy m−O(1). Therefore, we can simulate any randomized algorithm with small failure probability using almost CG sources with no multiplicative slowdown. This result extends to randomized protocols as well, and any setting in which we cannot simply cycle over all seeds, and a “one-shot” simulation is needed. Moreover, our construction works in an online manner, since it is based on random walks on expanders. Our main technical contribution is a novel analysis of random walks, which should be of independent interest. We analyze walks with adversarially correlated steps, each step being entropy-deficient, on good enough lossless expanders. We prove that such walks (or certain interleaved walks on two expanders), starting from a fixed vertex and walking according to X1∘ … ∘ Xt, accumulate most of the entropy in X. 

   more » « less
2. On the Existence of Seedless Condensers: Exploring the Terrain

   Chattopadhyay, Eshan; Gurumukhani, Mohit; Ringach, Noam (November 2024, IEEE)

   While the existence of randomness extractors, both seeded and seedless, has been studied for many sources of randomness, currently, not much is known regarding the existence of seedless condensers in many settings. Here, we prove several new results for seedless condensers in the context of three related classes of sources: Non-Oblivious Symbol Fixing (NOSF) sources, online NOSF (oNOSF) sources (originally defined as SHELA sources in \cite{aggarwal_how_2020}), and almost Chor-Goldreich (CG) sources as defined in \cite{doron_almost_2023}. We will think of these sources as a sequence of random variables $$\mathbf{X}=\mathbf{X}_1,\dots,\mathbf{X}_\ell$$ on $$\ell$$ symbols where at least $$g$$ out of these $$\ell$$ symbols are ``good'' (i.e., have some min-entropy requirement), denoted as a $$(g,\ell)$$-source, and the remaining ``bad'' $$\ell-g$$ symbols may adversarially depend on these $$g$$ good blocks. The difference between each of these sources is realized by restrictions on the power of the adversary, with the adversary in NOSF sources having no restrictions. Prior to our work, the only known seedless condenser upper or lower bound in these settings is due to \cite{doron_almost_2023}, where they explicitly construct a seedless condenser for a restricted subset of $$(g,\ell)$$-adversarial CG sources. The following are our main results concerning seedless condensers for each of these sources. \begin{enumerate} \item oNOSF sources \begin{enumerate} \item When $$g\leq\ell/2$, we prove that condensing with error 0.99 above rate $$\frac{1}{\lfloor \ell/g \rfloor}$$ is impossible. In fact, we show that this is tight. \item Quite surprisingly, for $$g> \ell/2$$, we show the existence of excellent condensers for uniform oNOSF sources. In addition, we show the existence of similar condensers for oNOSF sources with only logarithmic min-entropy. Our results are based on a new type of two-source extractors, called \emph{output-light two-source extractors}, that we introduce and prove the existence of. \end{enumerate} \item Adversarial CG sources \begin{enumerate} \item We observe that uniform adversarial CG sources are equivalent to uniform oNOSF sources and consequently inherit the same results. \item We show that one cannot condense beyond the min-entropy gap of each block or condense low min-entropy CG sources above rate $1/2$$. \end{enumerate} \item NOSF sources \begin{enumerate} \item We show that condensing with constant error above rate $$\frac{g}{\ell}$ is impossible for uniform NOSF sources for any $$g$$ and $$\ell$$, thus ruling out the possibility of any non-trivial condensing. This shows an interesting distinction between NOSF and oNOSF sources. \end{enumerate} \end{enumerate} 

   more » « less
3. Two-Source and Affine Non-Malleable Extractors for Small Entropy

   https://doi.org/10.4230/lipics.icalp.2024.108  

   Li, Xin; Zhong, Yan (January 2024, Schloss Dagstuhl – Leibniz-Zentrum für Informatik)

   Bringmann, Karl; Grohe, Martin; Puppis, Gabriele; Svensson, Ola (Ed.)

   Non-malleable extractors are generalizations and strengthening of standard randomness extractors, that are resilient to adversarial tampering. Such extractors have wide applications in cryptography and have become important cornerstones in recent breakthroughs of explicit constructions of two-source extractors and affine extractors for small entropy. However, explicit constructions of non-malleable extractors appear to be much harder than standard extractors. Indeed, in the well-studied models of two-source and affine non-malleable extractors, the previous best constructions only work for entropy rate > 2/3 and 1-γ for some small constant γ > 0 respectively by Li (FOCS' 23). In this paper, we present explicit constructions of two-source and affine non-malleable extractors that match the state-of-the-art constructions of standard ones for small entropy. Our main results include: - Two-source and affine non-malleable extractors (over 𝖥₂) for sources on n bits with min-entropy k ≥ log^C n and polynomially small error, matching the parameters of standard extractors by Chattopadhyay and Zuckerman (STOC' 16, Annals of Mathematics' 19) and Li (FOCS' 16). - Two-source and affine non-malleable extractors (over 𝖥₂) for sources on n bits with min-entropy k = O(log n) and constant error, matching the parameters of standard extractors by Li (FOCS' 23). Our constructions significantly improve previous results, and the parameters (entropy requirement and error) are the best possible without first improving the constructions of standard extractors. In addition, our improved affine non-malleable extractors give strong lower bounds for a certain kind of read-once linear branching programs, recently introduced by Gryaznov, Pudlák, and Talebanfard (CCC' 22) as a generalization of several well studied computational models. These bounds match the previously best-known average-case hardness results given by Chattopadhyay and Liao (CCC' 23) and Li (FOCS' 23), where the branching program size lower bounds are close to optimal, but the explicit functions we use here are different. Our results also suggest a possible deeper connection between non-malleable extractors and standard ones. 

   more » « less
4. Communication-rounds tradeoffs for common randomness and secret key generation

   Bafna, Mitali; Ghazi, Badih; Golowich, Noah; Sudan, Madhu (January 2019, Proceedings of the Thirtieth Annual ACM-SIAM Symposium on Discrete Algorithms)

   We study the role of interaction in the Common Randomness Generation (CRG) and Secret Key Generation (SKG) problems. In the CRG problem, two players, Alice and Bob, respectively get samples X1, X2, . . . and Y1, Y2, . . . with the pairs (X1, Y1), (X2, Y2), . . . being drawn independently from some known probability distribution μ. They wish to communicate so as to agree on L bits of randomness. The SKG problem is the restriction of the CRG problem to the case where the key is required to be close to random even to an eavesdropper who can listen to their communication (but does not have access to the inputs of Alice and Bob). In this work, we study the relationship between the amount of communication and the number of rounds of interaction in both the CRG and the SKG problems. Specifically, we construct a family of distributions μ = μr,n,L, parametrized by integers r, n and L, such that for every r there exists a constant b = b(r) for which CRG (respectively SKG) is feasible when (Xi, Yi) ~ μr,n,L with r + 1 rounds of communication, each consisting of O(log n) bits, but when restricted to r/2 − 2 rounds of interaction, the total communication must exceed Ω(n/ logb(n)) bits. Prior to our work no separations were known for r ≥ 2. 

   more » « less
5. Extractors for Polynomial Sources over 𝔽₂

   https://doi.org/10.4230/LIPIcs.ITCS.2024.28  

   Chattopadhyay, Eshan; Goodman, Jesse; Gurumukhani, Mohit (January 2024, Schloss Dagstuhl – Leibniz-Zentrum für Informatik)

   Guruswami, Venkatesan (Ed.)

   We explicitly construct the first nontrivial extractors for degree d ≥ 2 polynomial sources over 𝔽₂. Our extractor requires min-entropy k ≥ n - (√{log n})/((log log n / d)^{d/2}). Previously, no constructions were known, even for min-entropy k ≥ n-1. A key ingredient in our construction is an input reduction lemma, which allows us to assume that any polynomial source with min-entropy k can be generated by O(k) uniformly random bits. We also provide strong formal evidence that polynomial sources are unusually challenging to extract from, by showing that even our most powerful general purpose extractors cannot handle polynomial sources with min-entropy below k ≥ n-o(n). In more detail, we show that sumset extractors cannot even disperse from degree 2 polynomial sources with min-entropy k ≥ n-O(n/log log n). In fact, this impossibility result even holds for a more specialized family of sources that we introduce, called polynomial non-oblivious bit-fixing (NOBF) sources. Polynomial NOBF sources are a natural new family of algebraic sources that lie at the intersection of polynomial and variety sources, and thus our impossibility result applies to both of these classical settings. This is especially surprising, since we do have variety extractors that slightly beat this barrier - implying that sumset extractors are not a panacea in the world of seedless extraction. 

   more » « less