Results 1  10
of
17
A strong direct product theorem for disjointness
 In 42nd ACM Symposium on Theory of Computing (STOC
, 2010
"... A strong direct product theorem says that if we want to compute k independent instances of a function, using less than k times the resources needed for one instance, then the overall success probability will be exponentially small in k. We establish such a theorem for the randomized communication co ..."
Abstract

Cited by 31 (1 self)
 Add to MetaCart
(Show Context)
A strong direct product theorem says that if we want to compute k independent instances of a function, using less than k times the resources needed for one instance, then the overall success probability will be exponentially small in k. We establish such a theorem for the randomized communication complexity of the Disjointness problem, i.e., with communication const · kn the success probability of solving k instances can only be exponentially small in k. We show that this bound even holds in an AM communication protocol with limited ambiguity. The main result implies a new lower bound for Disjointness in a restricted 3player NOF protocol, and optimal communicationspace tradeoffs for Boolean matrix product. Our main result follows from a solution to the dual of a linear programming problem, whose feasibility comes from a socalled Intersection Sampling Lemma that generalizes a result by Razborov [Raz92]. We also discuss a new lower bound technique for randomized communication complexity called the generalized rectangle bound that we use in our proof. 1
Optimal testing of ReedMuller codes
, 2009
"... We consider the problem of testing if a given function ..."
Abstract

Cited by 19 (8 self)
 Add to MetaCart
We consider the problem of testing if a given function
STRONG DIRECT PRODUCT THEOREMS FOR QUANTUM COMMUNICATION AND QUERY COMPLEXITY
"... ABSTRACT. A strong direct product theorem (SDPT) states that solving n instances of a problem requires ˝.n / times the resources for a single instance, even to achieve success probability 2 ˝.n / : We prove that quantum communication complexity obeys an SDPT whenever the communication lower bound fo ..."
Abstract

Cited by 18 (4 self)
 Add to MetaCart
(Show Context)
ABSTRACT. A strong direct product theorem (SDPT) states that solving n instances of a problem requires ˝.n / times the resources for a single instance, even to achieve success probability 2 ˝.n / : We prove that quantum communication complexity obeys an SDPT whenever the communication lower bound for a single instance is proved by the generalized discrepancy method, the strongest technique in that model. We prove that quantum query complexity obeys an SDPT whenever the query lower bound for a single instance is proved by the polynomial method, one of the two main techniques in that model. In both models, we prove the corresponding XOR lemmas and threshold direct product theorems. 1.
Shielding circuits with groups
, 2012
"... We show how to efficiently compile any given circuit C into a leakageresistant circuit Ĉ such that any function on the wires of Ĉ that leaks information during a computation Ĉ(x) yields advantage in computing the product of ĈΩ(1) elements of the alternating group Au. In combination with new compr ..."
Abstract

Cited by 9 (2 self)
 Add to MetaCart
We show how to efficiently compile any given circuit C into a leakageresistant circuit Ĉ such that any function on the wires of Ĉ that leaks information during a computation Ĉ(x) yields advantage in computing the product of ĈΩ(1) elements of the alternating group Au. In combination with new compression bounds for Au products, also obtained here, Ĉ withstands leakage from virtually any class of functions against which averagecase lower bounds are known. This includes communication protocols, and AC 0 circuits augmented with few arbitrary symmetric gates. If NC 1 = TC 0 then the construction resists TC 0 leakage as well. We also conjecture that our construction resists NC 1 leakage. In addition, we extend the construction to the multiquery setting by relying on a simple secure hardware component. We build on Barrington’s theorem [JCSS ’89] and on the previous leakageresistant constructions by Ishai et al. [Crypto ’03] and Faust et al. [Eurocrypt ’10]. Our construction exploits properties of Au beyond what is sufficient for Barrington’s theorem.
The communication complexity of addition
, 2011
"... Suppose each of k ≤ no(1) players holds an nbit number xi in its hand. The players wish to determine if ∑ i≤k xi = s. We give a publiccoin protocol with error 1% and communication O(k lg k). The communication bound is independent of n, and for k ≥ 3 improves on the O(k lg n) bound by Nisan (Bolyai ..."
Abstract

Cited by 8 (3 self)
 Add to MetaCart
(Show Context)
Suppose each of k ≤ no(1) players holds an nbit number xi in its hand. The players wish to determine if ∑ i≤k xi = s. We give a publiccoin protocol with error 1% and communication O(k lg k). The communication bound is independent of n, and for k ≥ 3 improves on the O(k lg n) bound by Nisan (Bolyai Soc. Math. Studies; 1993). Our protocol also applies to addition modulo m. In this case we give a matching (publiccoin) Ω(k lg k) lower bound for various m. We also obtain some lower bounds over the integers, including Ω(k lg lg k) for protocols that are oneway, like ours. We give a protocol to determine if ∑ xi> s with error 1 % and communication O(k lg k) lg n. For k ≥ 3 this improves on Nisan’s O(k lg 2 n) bound. A similar improvement holds for computing degree(k − 1) polynomialthreshold functions in the numberonforehead model. We give a (publiccoin, 2player, tight) Ω(lg n) lower bound to determine if x1> x2. This improves on the Ω ( √ lg n) bound by Smirnov (1988).
Candidate Weak Pseudorandom Functions in AC0 ◦MOD2
"... Pseudorandom functions (PRFs) play a fundamental role in symmetrickey cryptography. However, they are inherently complex and cannot be implemented in the class AC0(MOD2). Weak pseudorandom functions (weak PRFs) do not suffer from this complexity limitation, yet they suffice for many cryptographic a ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
(Show Context)
Pseudorandom functions (PRFs) play a fundamental role in symmetrickey cryptography. However, they are inherently complex and cannot be implemented in the class AC0(MOD2). Weak pseudorandom functions (weak PRFs) do not suffer from this complexity limitation, yet they suffice for many cryptographic applications. We study the minimal complexity requirements for constructing weak PRFs. To this end • We conjecture that the function family FA(x) = g(Ax), where A is a random square GF (2) matrix and g is a carefully chosen function of constant depth, is a weak PRF. In support of our conjecture, we show that functions in this family are inapproximable by GF (2) polynomials of low degree and do not correlate with any fixed Boolean function family of subexponential size. • We study the class AC0◦MOD2 that captures the complexity of our construction. We conjecture that all functions in this class have a Fourier coefficient of magnitude exp(−poly log n) and prove this conjecture in the case when the MOD2 function is typical. • We investigate the relation between the hardness of learning noisy parities and the existence of weak PRFs in AC0 ◦MOD2. We argue that such a complexitydriven approach can play a role in bridging the gap between the theory and practice of cryptography.
Quadratic GoldreichLevin theorems
 In Proc. 52th Annu
"... Decomposition theorems in classical Fourier analysis enable us to express a bounded function in terms of few linear phases with large Fourier coefficients plus a part that is pseudorandom with respect to linear phases. The GoldreichLevin algorithm [GL89] can be viewed as an algorithmic analogue of ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
(Show Context)
Decomposition theorems in classical Fourier analysis enable us to express a bounded function in terms of few linear phases with large Fourier coefficients plus a part that is pseudorandom with respect to linear phases. The GoldreichLevin algorithm [GL89] can be viewed as an algorithmic analogue of such a decomposition as it gives a way to efficiently find the linear phases associated with large Fourier coefficients. In the study of “quadratic Fourier analysis”, higherdegree analogues of such decompositions have been developed in which the pseudorandomness property is stronger but the structured part correspondingly weaker. For example, it has previously been shown that it is possible to express a bounded function as a sum of a few quadratic phases plus a part that is small in the U 3 norm, defined by Gowers for the purpose of counting arithmetic progressions of length 4. We give a polynomial time algorithm for computing such a decomposition. A key part of the algorithm is a local selfcorrection procedure for ReedMuller codes of order 2 (over Fn 2) for a function at distance 1/2−ε from a codeword. Given a function f: Fn 2 → {−1, 1} at fractional Hamming distance 1/2 − ε from a quadratic phase (which is a codeword of ReedMuller code of order 2), we give an algorithm that runs in time polynomial in n and finds a codeword at distance at most 1/2 − η for η = η(ε). This is an algorithmic analogue of Samorodnitsky’s result [Sam07], which gave a tester for the above problem. To our knowledge, it represents the first instance of a correction procedure for any class of codes, beyond the listdecoding radius. In the process, we give algorithmic versions of results from additive combinatorics used in Samorodnitsky’s proof and a refined version of the inverse theorem for the Gowers U 3 norm
The NOF Multiparty Communication Complexity of Composed Functions
"... We study the kparty ‘number on the forehead ’ communication complexity of composed functions f ◦ g, where f: {0,1} n → {±1}, g: {0,1} k → {0,1} and for (x1,...,xk) ∈ ({0,1} n) k, f ◦g(x1,...,xk) = f (...,g(x1,i,...,xk,i),...). We show that there is an O(log 3 n) cost simultaneous protocol for SYM ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
(Show Context)
We study the kparty ‘number on the forehead ’ communication complexity of composed functions f ◦ g, where f: {0,1} n → {±1}, g: {0,1} k → {0,1} and for (x1,...,xk) ∈ ({0,1} n) k, f ◦g(x1,...,xk) = f (...,g(x1,i,...,xk,i),...). We show that there is an O(log 3 n) cost simultaneous protocol for SYM ◦ g when k> 1 + logn, SYM is any symmetric function and g is any function. Previously, an efficient protocol was only known for SYM ◦ g when g is symmetric and “compressible”. We also get a nonsimultaneous protocol for SYM ◦ g of cost O(n/2 k · logn + k logn) for any k ≥ 2. In the setting of k ≤ 1 + logn, we study more closely functions of the form MAJORITY ◦g, MODm ◦g, and NOR ◦g, where the latter two are generalizations of the wellknown and studied functions Generalized Inner Product and Disjointness respectively. We characterize the communication complexity of these functions with respect to the choice of g. In doing so, we answer a question posed by Babai et al. (SIAM Journal on Computing, 33:137–166, 2004) and determine the communication complexity of MAJORITY ◦ QCSBk, where QCSBk is the “quadratic character of the sum of the bits” function.
Simplified Lower Bounds on the Multiparty Communication Complexity of Disjointness
, 2014
"... We show that the deterministic numberonforehead communication complexity of set disjointness for k parties on a universe of size n is Ω(n/4k). This gives the first lower bound that is linear in n, nearly matching Grolmusz’s upper bound of O(log2(n) + k2n/2k). We also simplify Sherstov’s proof sh ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
We show that the deterministic numberonforehead communication complexity of set disjointness for k parties on a universe of size n is Ω(n/4k). This gives the first lower bound that is linear in n, nearly matching Grolmusz’s upper bound of O(log2(n) + k2n/2k). We also simplify Sherstov’s proof showing an Ω( n/(k2k)) lower bound for the randomized communication complexity of set disjointness. 1