Oded Goldreich – Defining Moments

Slides:



Advertisements
Similar presentations
Impagliazzos Worlds in Arithmetic Complexity: A Progress Report Scott Aaronson and Andrew Drucker MIT 100% QUANTUM-FREE TALK (FROM COWS NOT TREATED WITH.
Advertisements

On the (Im)Possibility of Arthur-Merlin Witness Hiding Protocols Iftach Haitner, Alon Rosen and Ronen Shaltiel 1.
Coin Tossing With A Man In The Middle Boaz Barak.
Extracting Randomness From Few Independent Sources Boaz Barak, IAS Russell Impagliazzo, UCSD Avi Wigderson, IAS.
Statistical Zero-Knowledge Arguments for NP from Any One-Way Function Salil Vadhan Minh Nguyen Shien Jin Ong Harvard University.
On the Amortized Complexity of Zero-Knowledge Proofs Ronald Cramer, CWI Ivan Damgård, Århus University.
Approximate List- Decoding and Hardness Amplification Valentine Kabanets (SFU) joint work with Russell Impagliazzo and Ragesh Jaiswal (UCSD)
Inaccessible Entropy Iftach Haitner Microsoft Research Omer Reingold Weizmann & Microsoft Hoeteck Wee Queens College, CUNY Salil Vadhan Harvard University.
Individual Position Slides: Jonathan Katz (University of Maryland) (Apologies I can’t be here in person)
Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.
Foundations of Cryptography Lecture 11 Lecturer: Moni Naor.
Derandomized parallel repetition theorems for free games Ronen Shaltiel, University of Haifa.
PCPs and Inapproximability Introduction. My T. Thai 2 Why Approximation Algorithms  Problems that we cannot find an optimal solution.
Foundations of Cryptography Lecture 12 Lecturer: Moni Naor.
1 Slides by Roel Apfelbaum & Eti Ezra. Enhanced by Amit Kagan. Adapted from Oded Goldreich’s course lecture notes.
1 Adapted from Oded Goldreich’s course lecture notes.
The Bright Side of Hardness Relating Computational Complexity and Cryptography Oded Goldreich Weizmann Institute of Science.
1 Constructing Pseudo-Random Permutations with a Prescribed Structure Moni Naor Weizmann Institute Omer Reingold AT&T Research.
Cramer-Shoup is Plaintext Aware in the Standard Model Alexander W. Dent Information Security Group Royal Holloway, University of London.
Foundations of Cryptography Lecture 8 Lecturer: Moni Naor.
Why Extractors? … Extractors, and the closely related “Dispersers”, exhibit some of the most “random-like” properties of explicitly constructed combinatorial.
Introduction to Modern Cryptography Sharif University Spring 2015 Data and Network Security Lab Sharif University of Technology Department of Computer.
Kentucky Presentation November, 2006 Cryptography from an art to a science Ganesh Sundaram.
Foundations of Cryptography Lecture 6 Lecturer: Moni Naor.
Introduction to Modern Cryptography Sharif University Spring 2015 Data and Network Security Lab Sharif University of Technology Department of Computer.
On the work of Shafi Goldwasser and Silvio Micali By Oded Goldreich WIS, Dec 2013.
Cryptography CS Lecture 19 Prof. Amit Sahai.
Does Privacy Require True Randomness? Yevgeniy Dodis New York University Joint work with Carl Bosley.
Dominique Unruh Quantum Proofs of Knowledge Dominique Unruh University of Tartu Tartu, April 12, 2012.
Chapter 3 The Fundamentals: Algorithms, the integers, and matrices Section 3.4: The integers and division Number theory: the part of mathematics involving.
Topic 36: Zero-Knowledge Proofs
Axiomatic Number Theory and Gödel’s Incompleteness Theorems
Probabilistic Algorithms
Introduction to Randomized Algorithms and the Probabilistic Method
Randomness and Computation
Sampling of min-entropy relative to quantum knowledge Robert König in collaboration with Renato Renner TexPoint fonts used in EMF. Read the TexPoint.
Zero Knowledge Anupam Datta CMU Fall 2017
CS154, Lecture 18:.
Topic 14: Random Oracle Model, Hashing Applications
Course Business I am traveling April 25-May 3rd
NP-Completeness Yin Tat Lee
Complexity of Expander-Based Reasoning and the Power of Monotone Proofs Sam Buss (UCSD), Valentine Kabanets (SFU), Antonina Kolokolova.
Cryptography Lecture 19.
Shorter Quasi-Adaptive NIZK Proofs for Linear Subspaces
CAS CS 538 Cryptography.
Zero Knowledge Proofs. 20 Years after its Invention
Cryptography Lecture 6.
Soundness of Formal Encryption in the Presence of Key Cycles
When are Fuzzy Extractors Possible?
Conditional Computational Entropy
Robust PCPs of Proximity (Shorter PCPs, applications to Coding)
Interactive Proofs Adapted from Oded Goldreich’s course lecture notes.
When are Fuzzy Extractors Possible?
On Kripke’s Alleged Proof of Church-Turing Thesis
Fiat-Shamir for Highly Sound Protocols is Instantiable
NP-Completeness Yin Tat Lee
Cryptography Lecture 8.
Interactive Proofs Adapted from Oded Goldreich’s course lecture notes.
Cryptography Lecture 14.
Interactive Proofs Adapted from Oded Goldreich’s course lecture notes.
Every set in P is strongly testable under a suitable encoding
Post-Quantum Security of Fiat-Shamir
The Zig-Zag Product and Expansion Close to the Degree
What should I talk about? Aspects of Human Communication
Cryptography Lecture 7.
Impossibility of SNARGs
Cryptography Lecture 15.
On Derandomizing Algorithms that Err Extremely Rarely
The Use of Random Numbers
Interactive Proofs Adapted from Oded Goldreich’s course lecture notes.
Presentation transcript:

Oded Goldreich – Defining Moments Omer Reingold, Stanford, on OdedFest 2017

This Talk’s Concept Focus on Oded’s concepts How does he do it? And what awesome concepts they are! Conceptual contributions include everything: the notions, the definitions, the notations … Even if it doesn’t start with Oded, it often ends with him How does he do it? Writing, writing and then some more writing (papers, surveys, books) His famous personal touch (more, I guess, in the evening sessions)

Clarifications and Warnings Chosen definitions not meant to be representative or Oded’s best (but I love them all) Bias towards those that have impacted my own research These are all joint works; There were other papers before them and papers that followed Celebrating a community But don’t expect credits (talk to me when its your fest) Papers contain more than I discuss And to Oded: This is your research and your fest But its my talk! Just saying …

1st Notion: Pseudorandom Functions Goldreich, Goldwasser and Micali, how to construct random functions, FOCS 84 and JACM 86 The title – such commitment to the computational lens. I have set up on a Manchester computer a small programme using only 1000 units of storage, whereby the machine supplied with one sixteen figure number replies with another within two seconds. I would defy anyone to learn from these replies sufficient about the programme to be able to predict any replies to untried values. A. TURING

Poly-Random Collections

Indistinguishability g is uniform or in F ? x1 g(x1) g … xt g(xt)

The Uphill Battle Kolmogorov Complexity: non- constructive and not applicable Comparison with One-Way functions Comparison with CSB (cryptographically strong pseudorandom bit generators) PRFs vs. simulating random oracle In particular, allows for sharing a function (distributed)

My Connection Learned the definition from Oded’s notes Editor of two of the journal versions Some fond memories there 33 years to PRFs + GGM construction and countless papers – no more explanations needed

2nd Notion: Block Sources Chor and Goldreich, Unbiased Bits from Sources of Weak Randomness and Probabilistic Communication Complexity, FOCS 85, SICOMP 88

It Contains Everything Min entropy as THE measure of randomness in a weak random source – X has min-entropy  k if x, Pr[X=x]<2-k Flat distributions (uniform on 2k elements) Inner product (Hadamard code) is a two-source extractor for high entropies Randomized communication complexity, slightly dependent sources, …

Block Source

My Connection Constructions of randomness extractors heavily relied on block sources First extract blocks then extract from the block-source Zig-zag product analysis measure the entropy in a pair (v,a) of (vertex,edge label), as a block source.

3rd Notion: Property Testing Goldreich, Goldwasser and Ron, Property Testing and Its Connection to Learning and Approximation, FOCS 96, JACM 98

So What’s New? Combinatorial properties General Distributions, a la PAC learning (Valinat)

Since Then Flourishing and mathematically deep field – the power of a conceptually strong work (and many more that followed) My connection – PCP composition through a stronger notion, inspired by property testing that we (Dinur and I) called “assignment testers” PCP proofs allow one to prove that a SAT formula  is satisfiable. An assignment tester allows proving that an assignment  is close to a satisfying assignment of . Oded et al rejected the gesture and in an independent work called these objects PCPPs Which stands for “Peace Corps Partnership Program” and “PCPartPicker” and “C99 preprocessor written in pure Python” but also for Probabilistically Checable Proofs of Proximity If you can’t beat them join them …

4th Notion: Auxiliary-Input ZK Goldreich and Oren, Definitions and Properties of Zero- Knowledge Proof Systems. J. Cryptology 1994 Title screams “conceptual” Zero-Knowledge due to Goldwasser, Micali and Rackoff is a jewel in Cryptography’s crown. Much of the way we think of ZK was shaped by Oded’s writings - black-box ZK, auxiliary-input ZK, uniform ZK

What the Verifier Knows? I’m convinced x x … ZK: the verifier doesn’t learn anything (beyond validity) Auxiliary-input ZK: the verifier doesn’t learn anything new Vital for composition (either parallel or sequential)

Formally … Both the verifier V* and the simulator MV* have access to the auxiliary-information y

My Connection This year’s Gödel Prize winner – Differential Privacy Definition of privacy in data analysis What do you learn about a particular row in a database from Differentially-Private analysis? The definition puts auxiliary-input front and center – even if you know all other rows of the database, you do not learn much about this special row (can’t achieve ZK). Here too – composition is key We recently use resilience of DP to composition for better adaptive data analysis

Concluding Remarks Discussed: PRFs, Block Sources, Property Testing, Auxiliary- Input ZK Wow! Conceptual contributions are long lasting What’s next?

Happy Birthday