Local correlation breakers and applications Gil Cohen

Breaking correlations X Y X f(X,Y) The “breaking pairwise correlations” problem:

Breaking correlations The “breaking pairwise correlations” problem: * Yet, for applications in mind we do not have truly random bits. * Cannot be done deterministically. * A strengthening of an object used in [Li13].

Local correlation breakers (LCBs)

* Local correlation breakers * Applications * Mergers with weak-seeds * 3-source extractors * The LCB construction Roadmap * 2-source non-malleable extractors

[Ta-Shma96, LuReingoldVadhanWigderson03, Raz05, DvirShpilka07, Zuckerman07, DvirRaz08, DvirWigderson11, DvirKoppartySarafSudan09] * Existential argument works for Mergers with weak-seeds * Cannot be done deterministically. (n,k)

Theorem. There exists an explicit merger with weak-seeds for Mergers with weak-seeds via LCBs

* Local correlation breakers * Applications * Mergers with weak-seeds * 3-source extractors Roadmap * 2-source non-malleable extractors * The LCB construction

multi-source extractors [ChorGoldreich88, BarakImpagliazzoWigderson06, Bourgain05, Raz05, BarakKindlerShaltielSudakovWigderson05, Rao09, Li11, Li13, Li15] * Explicit 2-source extractors: * Explicit 3-source extractors: + lower exponent

Roadmap * The LCB construction * Seeded extractors * Two-steps look-ahead extractors * The construction

[NisanZuckerman96, …, Trevisan01, RazReingoldVadhan99, Ta-ShmaZuckermanSafra02, Shaltiel Umans01, GuruswamiUmansVadhan09, DvirKoppartySarafWigderson09, Ta-ShmaUmans12] * E is called strong if E(X,S) is uniform for almost all fixings S=s. Seeded extractors * Thou shalt have enough entropy in the source. * Thou shalt have a uniform seed. * Thou shalt not use correlated source and seed.

Hierarchy of independence W1W1 W2W2 WrWr Y AB

W1W1 W2W2 WrWr Y AB

W1W1 W2W2 WrWr Y AB * A of a uniform row is uniform.

Hierarchy of independence AB W1W1 W2W2 WrWr Y * B of a uniform row is uniform even given all A’s. * A of a uniform row is uniform.

[DziembowskiPietrzak07, DodisWichs09] A = E(Y,S ) Y T = E(W,A) B = E(Y,T) W 2-steps look-ahead extractors LA(W,Y) = (A,B) S

Theorem [DziembowskiPietrzak07]. Let W 1 be uniform and W 2 arbitrarily correlated with W 1. Let Y be an independent random variable. Let (A 1, B 1 ) = LA(W 1,Y), (A 2, B 2 ) = LA(W 2,Y). 2-steps look-ahead extractors [DziembowskiPietrzak07, DodisWichs09] Then, B 1 is uniform (even) given W 1, W 2, A 1, A 2.

A 1 = E(Y,S 1 ) Y W1W1 S1S1 W2W2 S2S2 A 2 = E(Y,S 2 ) T 1 = E(W 1,A 1 ) T 2 = E(W 2,A 2 ) B 1 = E(Y,T 1 ) B 2 = E(Y,T 2 ) 2-steps look-ahead extractors [DziembowskiPietrzak07, DodisWichs09]

A 1 = E(Y,s 1 ) Y W1W1 s1s1 W2W2 S2S2 A 2 = E(Y,S 2 ) T 1 = E(W 1,A 1 ) T 2 = E(W 2,A 2 ) B 2 = E(Y,T 2 ) Fixed 2-steps look-ahead extractors [DziembowskiPietrzak07, DodisWichs09] B 1 = E(Y,T 1 )

A 1 = E(Y,s 1 ) Y W1W1 s1s1 W2W2 s2s2 A 2 = E(Y,s 2 ) T 1 = E(W 1,A 1 ) T 2 = E(W 2,A 2 ) B 2 = E(Y,T 2 ) Fixed 2-steps look-ahead extractors [DziembowskiPietrzak07, DodisWichs09] Fixed B 1 = E(Y,T 1 )

a 1 = E(Y,s 1 ) Y W1W1 s1s1 W2W2 s2s2 A 2 = E(Y,s 2 ) T 1 = E(W 1,a 1 ) T 2 = E(W 2,A 2 ) B 2 = E(Y,T 2 ) Fixed 2-steps look-ahead extractors [DziembowskiPietrzak07, DodisWichs09] Fixed B 1 = E(Y,T 1 ) Fixed

a 1 = E(Y,s 1 ) Y W1W1 s1s1 W2W2 s2s2 a 2 = E(Y,s 2 ) T 1 = E(W 1,a 1 ) T 2 = E(W 2,a 2 ) B 2 = E(Y,T 2 ) Fixed 2-steps look-ahead extractors [DziembowskiPietrzak07, DodisWichs09] Fixed B 1 = E(Y,T 1 ) Fixed

a 1 = E(Y,s 1 ) Y W1W1 s1s1 W2W2 s2s2 a 2 = E(Y,s 2 ) t 1 = E(W 1,a 1 ) T 2 = E(W 2,a 2 ) B 2 = E(Y,T 2 ) Fixed 2-steps look-ahead extractors [DziembowskiPietrzak07, DodisWichs09] Fixed B 1 = E(Y,t 1 ) Fixed

Roadmap * The LCB construction * Seeded extractors * Two-steps look-ahead extractors * The construction

X1X1 AB W’ 1 = E(X 1,B 1 ) W’ 2 = E(X 2,A 2 ) W’ 3 = E(X 3,A 3 ) A’B’ A’’B’’ X2X2 X3X3 Z 1 = E(X 1,A’’ 1 ) Z 2 = E(X 2,A’’ 2 ) Z 3 = E(X 3,B’’ 3 ) W’’ 1 = E(X 1,A’ 1 ) W’’ 2 = E(X 2,B’ 2 ) W’’ 3 = E(X 3,A’ 3 ) 3-LCB for 3 rows Y W1W1 W2W2 W3W3 (A 1, B 1 ) = LA(W 1,Y) (A 2, B 2 ) = LA(W 2,Y) (A 3, B 3 ) = LA(W 3,Y) (A’ 1, B’ 1 ) = LA(W’ 1,Y) (A’ 2, B’ 2 ) = LA(W’ 2,Y) (A’ 3, B’ 3 ) = LA(W’ 3,Y) (A’’ 1, B’’ 1 ) = LA(W’’ 1,Y) (A’’ 2, B’’ 2 ) = LA(W’’ 2,Y) (A’’ 3, B’’ 3 ) = LA(W’’ 3,Y) (Z 1,Z 2,Z 3 ) = LCB((X 1,X 2,X 3 ),Y)

X1X1 AB W’ 1 = E(X 1,B 1 ) W’ 2 = E(X 2,A 2 ) W’ 3 = E(X 3,A 3 ) A’B’ A’’B’’ X2X2 X3X3 Z 1 = E(X 1,A’’ 1 ) Z 2 = E(X 2,A’’ 2 ) Z 3 = E(X 3,B’’ 3 ) W’’ 1 = E(X 1,A’ 1 ) W’’ 2 = E(X 2,B’ 2 ) W’’ 3 = E(X 3,A’ 3 ) 3-LCB for 3 rows Y W1W1 W2W2 W3W3 (Z 1,Z 2,Z 3 ) = LCB((X 1,X 2,X 3 ),Y)

X1X1 AB W’ 1 = E(X 1,B 1 ) W’ 2 = E(X 2,A 2 ) W’ 3 = E(X 3,A 3 ) A’B’ A’’B’’ X2X2 X3X3 Z 1 = E(X 1,A’’ 1 ) Z 2 = E(X 2,A’’ 2 ) Z 3 = E(X 3,B’’ 3 ) W’’ 1 = E(X 1,A’ 1 ) W’’ 2 = E(X 2,B’ 2 ) W’’ 3 = E(X 3,A’ 3 ) 3-LCB for 3 rows Y W1W1 W2W2 W3W3 (Z 1,Z 2,Z 3 ) = LCB((X 1,X 2,X 3 ),Y)

X1X1 AB W’ 1 = E(X 1,B 1 ) W’ 2 = E(X 2,A 2 ) W’ 3 = E(X 3,A 3 ) A’B’ A’’B’’ X2X2 X3X3 Z 1 = E(X 1,A’’ 1 ) Z 2 = E(X 2,A’’ 2 ) Z 3 = E(X 3,B’’ 3 ) W’’ 1 = E(X 1,A’ 1 ) W’’ 2 = E(X 2,B’ 2 ) W’’ 3 = E(X 3,A’ 3 ) 3-LCB for 3 rows Y W1W1 W2W2 W3W3 (Z 1,Z 2,Z 3 ) = LCB((X 1,X 2,X 3 ),Y) The assumption on the input is maintained

X1X1 AB W’ 1 = E(X 1,B 1 ) W’ 2 = E(X 2,A 2 ) W’ 3 = E(X 3,A 3 ) A’B’ A’’B’’ X2X2 X3X3 Z 1 = E(X 1,A’’ 1 ) Z 2 = E(X 2,A’’ 2 ) Z 3 = E(X 3,B’’ 3 ) W’’ 1 = E(X 1,A’ 1 ) W’’ 2 = E(X 2,B’ 2 ) W’’ 3 = E(X 3,A’ 3 ) 3-LCB for 3 rows Y W1W1 W2W2 W3W3 (Z 1,Z 2,Z 3 ) = LCB((X 1,X 2,X 3 ),Y)

X1X1 AB W’ 1 = E(X 1,B 1 ) W’ 2 = E(X 2,A 2 ) W’ 3 = E(X 3,A 3 ) A’B’ A’’B’’ X2X2 X3X3 Z 1 = E(X 1,A’’ 1 ) Z 2 = E(X 2,A’’ 2 ) Z 3 = E(X 3,B’’ 3 ) W’’ 1 = E(X 1,A’ 1 ) W’’ 2 = E(X 2,B’ 2 ) W’’ 3 = E(X 3,A’ 3 ) 3-LCB for 3 rows Y W1W1 W2W2 W3W3 (Z 1,Z 2,Z 3 ) = LCB((X 1,X 2,X 3 ),Y) The good row gains its independence when given the lead

X1X1 AB W’ 1 = E(X 1,B 1 ) W’ 2 = E(X 2,A 2 ) W’ 3 = E(X 3,A 3 ) A’B’ A’’B’’ X2X2 X3X3 Z 1 = E(X 1,A’’ 1 ) Z 2 = E(X 2,A’’ 2 ) Z 3 = E(X 3,B’’ 3 ) W’’ 1 = E(X 1,A’ 1 ) W’’ 2 = E(X 2,B’ 2 ) W’’ 3 = E(X 3,A’ 3 ) 3-LCB for 3 rows Y W1W1 W2W2 W3W3 (Z 1,Z 2,Z 3 ) = LCB((X 1,X 2,X 3 ),Y)

X1X1 AB W’ 1 = E(X 1,B 1 ) W’ 2 = E(X 2,A 2 ) W’ 3 = E(X 3,A 3 ) A’B’ A’’B’’ X2X2 X3X3 Z 1 = E(X 1,A’’ 1 ) Z 2 = E(X 2,A’’ 2 ) Z 3 = E(X 3,B’’ 3 ) W’’ 1 = E(X 1,A’ 1 ) W’’ 2 = E(X 2,B’ 2 ) W’’ 3 = E(X 3,A’ 3 ) 3-LCB for 3 rows Y W1W1 W2W2 W3W3 (Z 1,Z 2,Z 3 ) = LCB((X 1,X 2,X 3 ),Y) The independence is preserved when other rows are given the lead

Reducing the number of rounds B A B A B A …

A B B A Use arbitrary cuts in a “flip-flop”. …

Reducing the number of rounds A B B A Use a sequence of log(r) cuts such that for any two distinct vertices there is a cut that separates them. Use arbitrary cuts in a “flip-flop”.

* We’ve introduced and constructed LCBs. Summary and problem problems * Applications: * Mergers with weak-seeds with double-logarithmic entropy. * 3-source extractors with one double-logarithmic entropy source. A possible future research direction * Improved two-source extractors - perhaps further ideas can be used to remove the need for the third loglog(n)-entropy source. Thank you! * 2-source non-malleable extractors.