Presentation is loading. Please wait.

Presentation is loading. Please wait.

Explicit Exclusive Set Systems with Applications David P. Woodruff Joint work with Craig Gentry and Zulfikar Ramzan.

Published byMia Gordon Modified over 10 years ago

Similar presentations

Presentation on theme: "Explicit Exclusive Set Systems with Applications David P. Woodruff Joint work with Craig Gentry and Zulfikar Ramzan."— Presentation transcript:

1 Explicit Exclusive Set Systems with Applications David P. Woodruff Joint work with Craig Gentry and Zulfikar Ramzan

2 Outline 1. The Combinatorics Problem 2. Our Techniques 3. Applications 1. Broadcast encryption 2. Certificate revocation 3. Group testing

3 The Combinatorics Problem Find a family C of subsets of {1, 2, …., n} such that any large set S µ {1, 2, …, n} is the union of a small number of sets in C S = S 1 [ S 2 [ [ S t Parameters: Universe is [n] = {1, …, n} |S| >= n-r Write S as a union of · t sets in C Goal: Minimize |C|

4 The Combinatorics Problem Find a family C of subsets of [n] such that any set S µ [n] with |S| ¸ n-r is union of t sets in C: S = S 1 [ S 2 [ [ S t Example: t = 1 C = all sets of size ¸ n-r |C| = Example: t = n C = all sets of size 1 |C| = n C excludes sets of size · r C is an exclusive set system

5 Another Example Example: r = 1, t = 2 Write each i 2 [n] as (i 1, i 2 ) 2 [n 1/2 ] 2 x S: 1 i n … excludes 1st coordinate i 1 = excludes 2nd coordinate i 2 |C| = 2n 1/2

6 Another Example (Generalized) r = 1, t · log n Write each i 2 [n] as (i 1, i 2, …, i t ) 2 [n 1/t ] t Sets in C are named (x, y) 2 [t] x [n 1/t ] i 2 (x,y) iff i x y |C| = tn 1/t If S = [n] n i, S = (1, i 1 ) [ (2, i 2 ) [ … [ (t, i t )

7 Example Summary r arbitrary t = 1: |C| = t = n: |C| = n t · log n r = 1: |C| = tn 1/t How does |C| grow given n, r, and t?

8 A Lower Bound Claim: 1. At least sets of size ¸ n-r 2. Only different unions 3. Thus, 4. Solve for |C| Proof:

9 Example Summary r arbitrary t = 1: |C| = t = n: |C| = n t · log n r = 1: |C| = tn 1/t tight What happens for arbitrary n, r, and t?

10 Known Results Bad: once n and r are chosen, t and |C| are fixed t|C|authors (r log n / log r) 2 GSY r log n/r2nLNN, ALO 2rn log nLNN r 3 log n / log r KRS

11 Known Results Only known general result: If r · t, then |C| = O(t 3 (nt) r/t log n) [KR] Drawbacks: Probabilistic method Set-Cover To write S = S 1 [ S 2 [ … [ S t, solve Set-Cover C has large description Bad for applications Suboptimal size:

12 Our Results Main result: |C| = poly(r,t) n, r, t all arbitrary Match lower bound up to poly(r,t) In applications r, t << n When r,t << n, get |C| = O(rt ) Our construction is explicit Find sets S = S 1 [ … [ S t in poly(r, t, log n) time Improved cryptographic applications

13 Outline 1. The Combinatorics Problem 2. Our Techniques 3. Applications 1. Broadcast encryption 2. Certificate revocation 3. Group testing

14 Techniques Case analysis: r, t << n: algebraic solution general r, t: use divide-and-conquer approach to reduce to previous case

15 Case: r,t << n Find a prime p = n 1/t + Integers [n] are points in (F p ) t Consider the ring F p [X 1, …, X t ] Goal: find set of polynomials C such that for any R ½ [n] with |R| · r, there exist p 1, …, p t 2 C such that R = Variety(p 1, …, p t )

16 The Polynomial Collection Consider the following collection: and

17 The Polynomial Collection (Cond) and Claim: If no two points in R have the same ith coordinate for any i, then we can find p 1, …, p t with Variety(p 1, …, p t ) = R Proof: choose j=1 |R| (X 1 – u j 1 ) let u i 1, u i 2, …, u i |R| be the ith coordinates and u i+1 1, u i+1 2, …, u i+1 |R| be the (i+1)st coordinates choose p i+1 = f(X i ) – X i+1 by interpolating from f(u i j ) = u i+1 j for all j

18 The Polynomial Collection (Cond) Proof: choose j=1 |R| (X 1 – u j 1 ) let u i 1, u i 2, …, u i |R| be the ith coordinates and u i+1 1, u i+1 2, …, u i+1 |R| be the (i+1)st coordinates choose p i+1 = f(X i ) – X i+1 by interpolating from f(u i j ) = u i j+1 for all j Claim 1: Every point in R is in Variety(p 1, …, p t ) Proof: Induction. If x in variety, x 1 = u 1 j for some j p i+1 (x) = f(x i ) – x i+1 = 0 so: f(x i ) = f(u i j ) = u i+1 j = x i+1 Claim 2: If x 2 [n] n R, then x not in Variety(p 1, …, p t ) Proof: Immediate

19 The Polynomial Collection (Cond) |C| = O(tp r ), where p = n 1/t + Density theorems ! |C| = O(tn r/t ) Only works if R has distinct coordinates… and

20 Handling Non-distinct Coordinates Perform coordinate tranformations Each u 2 [n] is a degree-(t-1) polynomial p u in F p [x] Translate polynomial representation to point representation by evaluation: p u -> (p u (1), p u (2), …, p u (t)) p u p u implies translations are distinct Idea: choose many transformations (sets of t points in F p ), so every R has a transformation with distinct coordinates Apply previous construction

21 Handling Non-distinct Coordinates 1 2 3 … t (t+1) (t+2) … 2t (2t+1) … … Suppose R = {1, …, r} p1p2p3…prp1p2p3…pr 1 2 3 … t 2 2 3 … t 3 2 3 … t r 2 3 … t (t+1) (t+2) … 2t(2t+1) … … …

22 Handling Non-Distinct Coordinates How many blocks of t points do we need to consider? Two distinct degree-(t-1) polynomials can agree on at most t-1 points. Thus, at most can have non-distinct coordinates So choose blocks, apply distinct coordinate construction for each block Take union of constructions for all blocks

23 Summary and Improvements O(r 2 t) blocks, each O(t n r/t ) sets O(r 2 t 2 n r/t ) sets in total! Can improve to O(rt )

24 Improvements Choose special points in F p for blocks Mix the blocks with an expander Balance complexity of two types of sets

25 General n, r, t 1n Let m be such that r/m, t/m << n For every interval [i, j], form an exclusive set system with n = j-i+1, r = r/m, t = t/m Given a set R, find intervals which evenly partition R. ij x x x Problem! n 2 term ?!? Fix:- hash [n] to [r 2 ] first - do enough hashes so there is an injective hash for every R - apply construction above on [r 2 ]

26 Outline 1. The Combinatorics Problem 2. Our Techniques 3. Applications 1. Broadcast encryption 2. Certificate revocation 3. Group testing

27 Broadcast Encryption Server Clients 1 server, n clients Server broadcasts to all clients at once E.g., payperview TV, music, videos Only privileged users can understand broadcasts E.g., those who pay their monthly bills Need to encrypt broadcasts Offline phase - Server distributes keys Online phase - Server encrypts a session key so only privileged users can decrypt

28 Subset Cover Framework [NNL] Offline stage: For some S ½ [n], server creates a key K(S) and distributes it to all users in S Idea: choose sets S from an exclusive set system C Server space complexity ~ |C| ith user space complexity ~ # S containing i

29 Subset Cover Framework [NNL] Online stage: Given a set R ½ [n] of at most r revoked users Server establishes a session key M that only users in the set [n] n R know Finds S 1, …, S t with [n] n R = S 1 [ … [ S t Encrypt M under each of K(S 1 ), …, K(S t ) For u 2 [n] n R, there is S i with u 2 S i For u 2 R, no S i with u 2 S i Content encrypted using session key M

30 Subset Cover Framework [NNL] Online stage: Communication complexity ~ t Tolerate up to r revoked users Tolerate any number of colluders Information-theoretic security

31 Our Results Use our explicit exclusive set system General n,r,t Contrasts with previous explicit systems Poly(r,t, log n) time to find keys for broadcast Contrasts with probabilistic constructions Parameters For poly(r, log n) server storage complexity, we can set t = r log (n/r), but previously t = (r 2 log n)

32 More Reasons to Study Exclusive Sets Other applications Certificate revocation Group testing Fun mathematical problem

33 Open problems O(rt ) versus (t ) Our O(rt ) bound needs t = o(log n) Bound for general r,t is poly(r,t) Improve the poly(r,t) factor Find more applications

Download ppt "Explicit Exclusive Set Systems with Applications David P. Woodruff Joint work with Craig Gentry and Zulfikar Ramzan."

Similar presentations

Explicit Exclusive Set Systems with Applications to Broadcast Encryption David Woodruff Joint with Craig Gentry and Zulfikar Ramzan To appear in FOCS 2006.

Explicit Exclusive Set Systems with Applications to Broadcast Encryption David Woodruff Joint with Craig Gentry and Zulfikar Ramzan To appear in FOCS 2006.
Explicit Exclusive Set Systems with Applications to Broadcast Encryption David P. Woodruff MIT FOCS 2006 Craig Gentry Stanford Zulfikar Ramzan Symantec.

Explicit Exclusive Set Systems with Applications to Broadcast Encryption David P. Woodruff MIT FOCS 2006 Craig Gentry Stanford Zulfikar Ramzan Symantec.
Estimating Distinct Elements, Optimally

Estimating Distinct Elements, Optimally
1+eps-Approximate Sparse Recovery Eric Price MIT David Woodruff IBM Almaden.

1+eps-Approximate Sparse Recovery Eric Price MIT David Woodruff IBM Almaden.
Tight Bounds for Distributed Functional Monitoring David Woodruff IBM Almaden Qin Zhang Aarhus University MADALGO Based on a paper in STOC, 2012.

Tight Bounds for Distributed Functional Monitoring David Woodruff IBM Almaden Qin Zhang Aarhus University MADALGO Based on a paper in STOC, 2012.
Optimal Space Lower Bounds for All Frequency Moments David Woodruff MIT

Optimal Space Lower Bounds for All Frequency Moments David Woodruff MIT
Parikshit Gopalan Georgia Institute of Technology Atlanta, Georgia, USA.

Parikshit Gopalan Georgia Institute of Technology Atlanta, Georgia, USA.
Routing Complexity of Faulty Networks Omer Angel Itai Benjamini Eran Ofek Udi Wieder The Weizmann Institute of Science.

Routing Complexity of Faulty Networks Omer Angel Itai Benjamini Eran Ofek Udi Wieder The Weizmann Institute of Science.
Lower Bounds for Additive Spanners, Emulators, and More David P. Woodruff MIT and Tsinghua University To appear in FOCS, 2006.

Lower Bounds for Additive Spanners, Emulators, and More David P. Woodruff MIT and Tsinghua University To appear in FOCS, 2006.
Xiaoming Sun Tsinghua University David Woodruff MIT

Xiaoming Sun Tsinghua University David Woodruff MIT
Truthful Mechanisms for Combinatorial Auctions with Subadditive Bidders Speaker: Shahar Dobzinski Based on joint works with Noam Nisan & Michael Schapira.

Truthful Mechanisms for Combinatorial Auctions with Subadditive Bidders Speaker: Shahar Dobzinski Based on joint works with Noam Nisan & Michael Schapira.
Coordination Mechanisms for Unrelated Machine Scheduling Yossi Azar joint work with Kamal Jain Vahab Mirrokni.

Coordination Mechanisms for Unrelated Machine Scheduling Yossi Azar joint work with Kamal Jain Vahab Mirrokni.
Fast Johnson-Lindenstrauss Transform(s) Nir Ailon Edo Liberty, Bernard Chazelle Bertinoro Workshop on Sublinear Algorithms May 2011.

Fast Johnson-Lindenstrauss Transform(s) Nir Ailon Edo Liberty, Bernard Chazelle Bertinoro Workshop on Sublinear Algorithms May 2011.
Inapproximability of Hypergraph Vertex-Cover. A k-uniform hypergraph H= : V – a set of vertices E - a collection of k-element subsets of V Example: k=3.

Inapproximability of Hypergraph Vertex-Cover. A k-uniform hypergraph H= : V – a set of vertices E - a collection of k-element subsets of V Example: k=3.
Lower bounds for epsilon-nets

Lower bounds for epsilon-nets
Time-Space Tradeoffs in Resolution: Superpolynomial Lower Bounds for Superlinear Space Chris Beck Princeton University Joint work with Paul Beame & Russell.

Time-Space Tradeoffs in Resolution: Superpolynomial Lower Bounds for Superlinear Space Chris Beck Princeton University Joint work with Paul Beame & Russell.
Gillat Kol joint work with Ran Raz Locally Testable Codes Analogues to the Unique Games Conjecture Do Not Exist.

Gillat Kol joint work with Ran Raz Locally Testable Codes Analogues to the Unique Games Conjecture Do Not Exist.
Introduction to Kernel Lower Bounds Daniel Lokshtanov.

Introduction to Kernel Lower Bounds Daniel Lokshtanov.
Approximation Algorithms Chapter 14: Rounding Applied to Set Cover.

Approximation Algorithms Chapter 14: Rounding Applied to Set Cover.
Heuristics for the Hidden Clique Problem Robert Krauthgamer (IBM Almaden) Joint work with Uri Feige (Weizmann)

Heuristics for the Hidden Clique Problem Robert Krauthgamer (IBM Almaden) Joint work with Uri Feige (Weizmann)

Similar presentations

Ads by Google