Title: Extractors: applications and constructions
1Extractors applications and constructions
Seeded
Randomness
- Avi Wigderson
- IAS, Princeton
2Extractors original motivation
Extractor Theory
3Applications of Extractors
- Using weak random sources in prob algorithms
- B84,SV84,V85,VV85,CG85,V87,CW89,Z90-91
- Randomness-efficient error reduction of prob
algorithms Sip88, GZ97, MV99,STV99 - Derandomization of space-bounded algorithms
NZ93, INW94, RR99, GW02 - Distributed Algorithms WZ95, Zuc97, RZ98,
Ind02. - Hardness of Approximation Zuc93, Uma99, MU01
- Cryptography CDHKS00, MW00, Lu02 Vad03
- Data Structures Ta02
4Unifying Role of Extractors
- Extractors are intimately related to
- Hash Functions ILL89,SZ94,GW94
- Expander Graphs NZ93, WZ93, GW94, RVW00, TUZ01,
CRVW02 - Samplers G97, Z97
- Pseudorandom Generators Trevisan 99,
- Error-Correcting Codes T99, TZ01, TZS01, SU01,
U02 - Ergodic Theory Lindenstrauss 07
- Exponential sums? Unify the theory of
pseudorandomness.
5Definitions
6Weak random sources
- Distributions X on 0,1n with some entropy
- vN sources n coins of unknown fixed bias
- SV sources PrXi1 1X1b1,,Xibi ? (d,
1-d) - Bit fixing n coins, some good, some sticky
- ..
- Z k-sources H8(X) k
- ?x PrX x ? 2-k
-
- e.g X uniform with support 2k
- k the entropy in the weak source
7Randomness Extractors(1st attempt)
weak random source X k can be e.g n/2, vn, log
n,
X k-source of length n
EXT
m lt k
m almost-uniform bits
X
- Ext 0,1n ? 0,1m
- Impossible even if kn-1 and m1
8Extractors Nisan Zuckerman 93
X
k-source of length n
EXT
i ? 0,1d
m bits ?-close to uniform
- Exti 0,1n ? 0,1m i ? 0,1d
D - ? k-source X,
- ? but ?-fraction of is, Exti(X) Um1
lt ?
9Probabilistic algorithms with weak random bits
k-source of length n
Where from?
Efficient?
Try all possible D2d indices. Take majority
vote.
m random bits
(upto ? L1 error)
Probabilistic algorithm
Input
Output
?
Error prob ltd
Want efficient Ext, small d, ? , large m
10Extractors - Parameters
k-source of length n
(short) seed
EXT
d random bits
m bits ?-close to uniform
- Goals minimize d, maximize m.
- Non-constructive optimal Sip88,NZ93,RT97
- Seed length d log n O(1).
- Output length m k - O(1).
11Explicit Constructions
- Non-constructive optimal Sip88,NZ93,RT97
- Seed length d log n O(1).
- Output length m k - O(1).
- ...B86,SV86,CG87, NZ93, WZ93, GW94, SZ94, SSZ95,
Zuc96, Ta96, Ta98, Tre99, RRV99a, RRV99b, ISW00,
RSW00, RVW00, TUZ01, TZS01, SU01, LRVW03, - New explicit constructions GUV07, DW08 - Seed
length d O(log n) even for ?1/n - Output length m .99k
12Applications
13Probabilistic algorithms with weak random bits
k-source of length n X
Efficient!
Try all D2d poly(n) strings. Take Majority vote
m random bits
(upto ?)
Probabilistic algorithm
Input
Output
?
Error prob ltd
The error set B? 0,1m of alg is sampled
accurately whp
14Extractors as samplers
(k,?)-extractor Exti 0,1n ?0,1m i ?
0,1d D
Sampling Hashing Amplification Coding Expanders
?
Discrepancy For every B, for all but 2k of the
x? 0,1n Ext(X) ? B/D
- B/2m lt ?
15Beating e-value expansion WZ
Task Construct an graph on N of minimal
degree DEG s.t. every two sets of size K are
connected by an edge.
N
Any such graph DEG gt N/K Ramanujan
graphs DEG lt (N/K)2 Random graphs DEG lt
(N/K)1o(1) Extractors DEG lt
(N/K)1o(1)
K
K
16Extractors as expanders
(k,.01)-extractor Ext 0,1n ? 0,1d
?0,1m 2k K M1o(1) Ext N x
D ? M 2d D lt Mo(1)
N
M
Take G Ext2 on N DEG lt (N/K)1o(1) Many
edges between any two K-sets X,X
x i
Exti(x)
17Extractors as list-decodable error-correcting
codes TZ
d c log n D 2d nc k 2d m 1
C 0,1n ? 0,1D
z
z
Polynomial rate! Efficient encoding!! Efficient
decoding?
Unique decoding Radius lt D/4 List decoding
Radius lt D/2 Can one get radius D/2 and small
list?
For z ? 0,1D let Bz ? 0,1d1 be the set
(i,zi) i ?D List decoding For every z,
at most KD2 of xs have C(x) fall in (1/2 -?)D
hamming ball around z
18Constructions
19Expanders as extractors
B/2m d
r1 r2 ri
rD
r1 r2. rD random G-path (n mO(D) random
bits)
Thm AKS,G Prr1 r2. rt ?B/D d gt ?
lt exp(-?2D) Thm Z Dcm2d, Exti(r1
r2. rD) ri is an (k.9n, ?)extractor of
dO(log n) seed (breaks down for k lt n/2)
20Condensers RR99,RSW00,TUZ01
X k-source of length n
Con
.9k-source of length k
- Thm Sufficient to construct such condensers
- from here we can use Z extractor
21Mergers T96
k k k
nks
X1 X2 XS
X
Mer
.9k-source
k
- Some block Xi is random.
- The other Xj are correlated arbitrarily with it.
- Mer outputs a high entropy distribution.
- Thm Sufficient to construct mergers!
22Mergers
Xi?Fqk q n100 Some Xi is random
LRVW Mer a1X1a2X2asXs ai?Fq (
dslog q ) Mer is a random element in the
subspace spanned by Xis D It works! (proof of
the Wolf conjecture). But d large! DW Mer
a1(y)X1a2(y)X2as(y)Xs y?Fq ( dlog q )
Mer is a random element in the curve through
the Xis
23The proof
x(x1, x2, , xs)
Deg(C) s-1
(Fq)k
B
B
C(x)
Mer(x)
Assume E C(X) ? B gt 2e B small
Prx C(x) ? Bgte gte
Q(Fq)k ? Fq Q(B)? 0, deg lteq/s
? Prx Q(C(x)) ? 0 gte
? Pr Q(xi) ? 0 gte
? Q ? 0
24Open Problems
- Find explicit extractors with
- Seed length d 1log n O(1).
- Output length m 1k - O(1).
- Expand connections to Ergodic Theory and Number
Theory - Find explicit bipartite
- graph, of constant deg
25Extractors - Parameters
k-source of length n
(short) seed
EXT
d random bits
m bits ?-close to uniform
- Goals minimize d, ?, maximize m.
- Non-constructive optimal Sip88,NZ93,RT97
- Seed length d log(n-k) 2 log 1/? O(1).
- Output length m k d - 2 log 1/? - O(1).