Oded Goldreich Weizmann Institute of Science Demystifying the Master Thesis and Research in General: The Story of Some Master Theses While it seems impossible to give a receipt for “doing” a master thesis (resp., researching in general), the fact is that it happens, and in happens in many different ways. I’ll try to illustrate some of the possible ways here. Oded Goldreich Weizmann Institute of Science

My own thesis (1981) Out of an accident :                A permutation group over D is represented by a set of generators S. The group is denoted <S>. <S> = {g1○g2 ○ ∙ ∙ ∙ ○gt : g1,g2,…,gtS} Given S and a permutation π, does p belong to <S>? Given S, π, and t, can π be expressed by a sequence of up to t elements of S? Actually, we were looking at the search problem. It all started from my algorithm for arranging the Cube, which was finding excessively long permutation sequences. Shimon asked “can one determine the shortest possible sequence?”

My first MSc student: Ronen Vainish (1988) Background: A general construction of secure multi-party protocols by reduction to the two-party case. Suffices to compute the inner product mod 2 of two input vectors held by the two parties. 1st 2nd (n=2 suffices) Inputs: x1,…,xn y1,…,yn Outputs: r r+∑ixiyi (N.B.: rnd) Study it 1st 2nd Inputs: x,z y Outputs: - z+xy Out of general interest. No concrete goal. The $i$th invocation uses inputs $(x_i,r_i)$ and $y_i$, where $r_i\rnd\bitset$. The final output is the sum of $r_i$’s and sum of $r_i+x_iy_i$’s. From a randomized functionality to a deterministic one (OT) Sender Receiver Inputs: s0,s1 c Outputs: - sc

Eyal Kushilevitz (1989) Background: Few sets known to have perfect zero-knowledge proof systems. E.g., Graph-Iso, Quad-Res. Can we provide stronger evidence to PZK not in BPP? Solve it Known open problem communicated through the advisor. YES: A promise problem based on DLP.

Ran Canetti (1992) Invent your own... (inspired by a course) Background: communication complexity, gap between the complexity of randomized and deterministic protocols. Is there a randomness-communication trade-off? YES: Presents a trade-off. The ID function: two parties, each holds an n-bit long string. Deterministic lower bound: need n bits of communication. Randomized protocols: (1) via error-correcting codes: send a random position. (2) via the CRT: send integer modulo a random prime

Problem suggested by the adviser Iftach Haitner (2004) OT Sender Receiver Inputs: s0,s1 c Outputs: - sc Background: assuming a collection of TDP {fi:Di→Di} Sender Receiver Inputs: s0,s1 c desired outputs: - sc selects an index i yc=fi(xc) , y1-c find the fi-preimages of both: z0 , z1 b(z0)+s0 , b(z1)+s1 The problem: what is assumed about sampling Di? Arising from my writing FOC2. Can we relax? Problem suggested by the adviser

Initiate a research program Or Meir (2007) Background: Constructions of PCP and LTC, which mostly rely on algebraic machinery. Specifically, best LTCs are constructed based on PCPs, whereas LTCs seem simpler constructs. Initiate a research program The work: A combinatorial construction of LTCs (wo PCPs). The project continued to a PhD, which consists of several combinatorial constructions of PCPs (and also an IP). This project is so aligned with my taste that all think it was suggested by me. It wasn’t! Definitely NOT the expectation, but the unexpected may happen

For a start: Extend this result to any blow-up Lidor Avigad (2009) Background: property testing, the dense graph model, lowest level of query complexity. Specifically, c-CC is in that low level. For a start: Extend this result to any blow-up A blow-up of a 3-star Essentially, c-CC is the set of blow-ups of a c-clique. The work: Testing Graph blow-up in minimum query complexity (i.e., linear in 1/proximity, non-adaptively)

Take the question elsewhere Roei Tell (2015) Context: Property testing (i.e. super-fast approximate decision algorithms). Question: Characterize properties (of strings) that are close under far-from-far operator. Take the question elsewhere I insisted on the characterization, but Roei took the question elsewhere The work: Initiates a systematic study of testing “Dual problems” (i.e., testing the set of objects that are far from a given set). (After refuting my conjecture re the characterization…)

Solve it, and continue to a question that “arises” Maya Leshkowitz (2017) Background: Interactive proof systems. Seeking a more intuitive transformation of general interactive proofs to public-coin ones. Solve it, and continue to a question that “arises” The work: 1. Resolves the original problem (by presenting lower and upper bound on how well this can be done). 2. Shows that any interactive proof that uses $r(n)$ coins can be transformed into one that uses $r/log n$ rounds (and $O(r)$ public coins). Maya: In light of (1), I was wondering where there is any trade-off between round complexity and randomness complexity, which are two measures I cared about in (1). Given that randomness complexity may be much larger than the round complexity, this took me to see if randomness may be much lower than round complexity.

The End The slides of this talk are available at http://www.wisdom.weizmann.ac.il/~oded/T/de-mysti.ppt