Presentation is loading. Please wait.

Presentation is loading. Please wait.

Pseudo-random generators Talk for Amnon ’ s seminar.

Published byRhoda George Modified over 9 years ago

Similar presentations

Presentation on theme: "Pseudo-random generators Talk for Amnon ’ s seminar."— Presentation transcript:

1 Pseudo-random generators Talk for Amnon ’ s seminar

2 This talk Probabilistic algorithms (introduced in the 70 ’ s) play an important role in CS. Derandomization: Replacing probabilistic algorithms by efficient deterministic algorithms. A brief introduction to this area. Pseudo-random generators. How to construct explicit PRGs.

3 Review: Deterministic Algorithms Computational problem P: Input: x Output: P(x) A outputinput

4 Review: Probabilistic Algorithms Allow algorithm A to: Use random bits. Make errors. Answers correctly with high probability. for every x, Pr r [A(x,r)=P(x)]>1- ε. (for very small ε, say 10 -1000 ). A input random bits output

5 Two famous problems with prob. poly-time algorithms Primality testing Input: a number N. Output: Is N a prime? Polynomial identities Input: A black-box which computes a polynomial p(X 1..X d ). Output: Is p ≡ 0 ? Can be derandomized! [AKS02] “ hard ” to derandomize! [IK02]

6 The general question Can every probabilistic algorithm be efficiently derandomized? How powerful are probabilistic algorithms?

7 Exponential time Derandomization After 20 years of research we only have the following trivial theorem. Thm: Probabilistic Poly-time algorithms can be simulated deterministically in exponential time. (Time 2 poly(n) ).

8 Proof: Suppose that A uses r random bits. Run A using all 2 r choices for random bits. A input random bits output 00000000000 00000000001 00000000010. 11111111111 2r2r Time: 2 r ·poly(n) Take the Majority vote of outputs.

9 Algorithms which use few bits Time: 2 r ·poly(n) A input random bits output Algorithms with few random coins can be efficiently derandomized! 0000 0001. 1111 2r2r r=O(log n) Polynomial time deterministic algorithm!

10 Derandomization paradigm Given a probabilistic algorithm that uses many random bits. Convert it into a probabilistic algorithm that uses few random bits. Derandomize it by “ brute-force ” using the previous Theorem.

11 Pseudo-Random Generators A input output pseudo-random bits PRG seed Use a short “ seed ” of very few truly random bits to generate a long string of pseudo-random bits. A input random bits output Pseudo-randomness: no efficient algorithm can distinguish truly random bits from pseudo-random bits. few truly random bits many “ pseudo-random ” bits circuit

12 Pseudo-Random Generators A input output pseudo-random bits PRG short seed New probabilistic algorithm. => can be derandomized by brute force! few truly random bits

13 The concept of pseudo-randomness Mathematics. Probability theory. Computer science. Complexity theory. Randomness is a property of the object. Pseudo-randomness is in the eyes of the beholder! A random distribution: Its density function is balanced. A pseudo-random distribution: No feasible algorithm distinguishes it from the uniform distribution.

14 The concept of pseudo-randomness Mathematics. Probability theory. Computer science. Complexity theory. Randomness is a property of the object. Pseudo-randomness is in the eyes of the beholder! Information Theory: Impossible to generate many random bits from few random bits. Complexity theory: Possible to generate many pseudo-random bits from few random bits.

15 Efficient PRG ’ s Existence isn ’ t good enough! We need PRG ’ s which are efficiently computable. input A output pseudo-random bits PRG short seed Open problem: Construct an efficient PRG.

16 Efficient PRG ’ s have strong unproven implications Efficient PRG ’ s => explicit hard functions exist. Essentially, efficient PRG ’ s => NP≠P. (More precisely: => EXP≠P/poly). Proving the existence of explicit hard functions is the biggest open problem in CS. Little progress in 40 years! It ’ s very hard to construct efficient PRG ’ s!

17 Hardness versus Randomness Initiated by [BM,Yao,Shamir]. Assumption: explicit hard functions exist Efficient PRG ’ s exist Derandomization of prob. algorithms

18 A quick overview Hardness vs. Randomness: Cryptography: [BM,Y,S,HILL] Derandomization: [NW88,BFNW93,I95,IW97, IW98,STV99,ISW99,ISW00,SU01,U02]. Important milestone [NW88,IW97]: Under suitable hardness assumptions: Every probabilistic algorithm can be completely and efficiently derandomized! deterministic algorithms are just as strong as probabilistic algorithms!

19 The Impagliazzo-Wigderson assumption Computable in time 2 O(n). Cannot be computed by boolean circuits of size 2 δn, for some 0<δ<1. Computable in non-deterministic time poly(n) Cannot be computed in time poly(n). There exists a function f which is NP≠P

20 Converting Hardness into pseudo-randomness Basic idea: f is “ very hard ” for efficient algorithms. f(x) “ looks ” like a random coin to an efficient algorithm which gets x. Suggestion: PRG(x)=x,f(x). We make sure that PRG is efficient by: Assuming it is feasible to compute f on very short (logarithmic) instances. For example we may get that PRG runs in time n 4 and is pseudo-random for algorithms with time n 2.

Download ppt "Pseudo-random generators Talk for Amnon ’ s seminar."

Similar presentations

Unconditional Weak derandomization of weak algorithms Explicit versions of Yao s lemma Ronen Shaltiel, University of Haifa :

Unconditional Weak derandomization of weak algorithms Explicit versions of Yao s lemma Ronen Shaltiel, University of Haifa :
Low-End Uniform Hardness vs. Randomness Tradeoffs for Arthur-Merlin Games. Ronen Shaltiel, University of Haifa Chris Umans, Caltech.

Low-End Uniform Hardness vs. Randomness Tradeoffs for Arthur-Merlin Games. Ronen Shaltiel, University of Haifa Chris Umans, Caltech.
PRG for Low Degree Polynomials from AG-Codes Gil Cohen Joint work with Amnon Ta-Shma.

PRG for Low Degree Polynomials from AG-Codes Gil Cohen Joint work with Amnon Ta-Shma.
An Introduction to Randomness Extractors Ronen Shaltiel University of Haifa Daddy, how do computers get random bits?

An Introduction to Randomness Extractors Ronen Shaltiel University of Haifa Daddy, how do computers get random bits?
Linear-Degree Extractors and the Inapproximability of Max Clique and Chromatic Number David Zuckerman University of Texas at Austin.

Linear-Degree Extractors and the Inapproximability of Max Clique and Chromatic Number David Zuckerman University of Texas at Austin.
Randomness Extractors: Motivation, Applications and Constructions Ronen Shaltiel University of Haifa.

Randomness Extractors: Motivation, Applications and Constructions Ronen Shaltiel University of Haifa.
Extracting Randomness From Few Independent Sources Boaz Barak, IAS Russell Impagliazzo, UCSD Avi Wigderson, IAS.

Extracting Randomness From Few Independent Sources Boaz Barak, IAS Russell Impagliazzo, UCSD Avi Wigderson, IAS.
Derandomization & Cryptography Boaz Barak, Weizmann Shien Jin Ong, MIT Salil Vadhan, Harvard.

Derandomization & Cryptography Boaz Barak, Weizmann Shien Jin Ong, MIT Salil Vadhan, Harvard.
Approximate List- Decoding and Hardness Amplification Valentine Kabanets (SFU) joint work with Russell Impagliazzo and Ragesh Jaiswal (UCSD)

Approximate List- Decoding and Hardness Amplification Valentine Kabanets (SFU) joint work with Russell Impagliazzo and Ragesh Jaiswal (UCSD)
Talk for Topics course. Pseudo-Random Generators pseudo-random bits PRG seed Use a short “ seed ” of very few truly random bits to generate a long string.

Talk for Topics course. Pseudo-Random Generators pseudo-random bits PRG seed Use a short “ seed ” of very few truly random bits to generate a long string.
Simple extractors for all min- entropies and a new pseudo- random generator Ronen Shaltiel Chris Umans.

Simple extractors for all min- entropies and a new pseudo- random generator Ronen Shaltiel Chris Umans.
Uniform Hardness vs. Randomness Tradeoffs for Arthur-Merlin Games. Danny Gutfreund, Hebrew U. Ronen Shaltiel, Weizmann Inst. Amnon Ta-Shma, Tel-Aviv U.

Uniform Hardness vs. Randomness Tradeoffs for Arthur-Merlin Games. Danny Gutfreund, Hebrew U. Ronen Shaltiel, Weizmann Inst. Amnon Ta-Shma, Tel-Aviv U.
Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.
CS151 Complexity Theory Lecture 8 April 22, 2004.

CS151 Complexity Theory Lecture 8 April 22, 2004.
Simple Affine Extractors using Dimension Expansion. Matt DeVos and Ariel Gabizon.

Simple Affine Extractors using Dimension Expansion. Matt DeVos and Ariel Gabizon.
Circuit Complexity and Derandomization Tokyo Institute of Technology Akinori Kawachi.

Circuit Complexity and Derandomization Tokyo Institute of Technology Akinori Kawachi.
A survey on derandomizing BPP and AM Danny Gutfreund, Hebrew U. Ronen Shaltiel, Weizmann Inst. Amnon Ta-Shma, Tel-Aviv U.

A survey on derandomizing BPP and AM Danny Gutfreund, Hebrew U. Ronen Shaltiel, Weizmann Inst. Amnon Ta-Shma, Tel-Aviv U.
Randomized Algorithms Kyomin Jung KAIST Applied Algorithm Lab Jan 12, WSAC 2010 1.

Randomized Algorithms Kyomin Jung KAIST Applied Algorithm Lab Jan 12, WSAC
Using Nondeterminism to Amplify Hardness Emanuele Viola Joint work with: Alex Healy and Salil Vadhan Harvard University.

Using Nondeterminism to Amplify Hardness Emanuele Viola Joint work with: Alex Healy and Salil Vadhan Harvard University.
Time vs Randomness a GITCS presentation February 13, 2012.

Time vs Randomness a GITCS presentation February 13, 2012.

Similar presentations

Ads by Google