Results 1  10
of
238
Subexponential algorithms for Unique Games and related problems
 IN 51 ST IEEE FOCS
, 2010
"... We give subexponential time approximation algorithms for the unique games and the small set expansion problems. Specifically, for some absolute constant c, we give: 1. An exp(kn ε)time algorithm that, given as input a kalphabet unique game on n variables that has an assignment satisfying 1 − ε c f ..."
Abstract

Cited by 82 (7 self)
 Add to MetaCart
We give subexponential time approximation algorithms for the unique games and the small set expansion problems. Specifically, for some absolute constant c, we give: 1. An exp(kn ε)time algorithm that, given as input a kalphabet unique game on n variables that has an assignment satisfying 1 − ε c fraction of its constraints, outputs an assignment satisfying 1 − ε fraction of the constraints. 2. An exp(n ε /δ)time algorithm that, given as input an nvertex regular graph that has a set S of δn vertices with edge expansion at most ε c, outputs a set S ′ of at most δn vertices with edge expansion at most ε. We also obtain a subexponential algorithm with improved approximation for the MultiCut problem, as well as subexponential algorithms with improved approximations to MaxCut, SparsestCut and Vertex Cover on some interesting subclasses of instances. Khot’s Unique Games Conjecture (UGC) states that it is NPhard to achieve approximation guarantees such as ours for unique games. While our results stop short of refusing the UGC, they do suggest that Unique Games is significantly easier than NPhard problems such as 3SAT,3LIN, Label Cover and more, that are believed not to have a subexponential algorithm achieving a nontrivial approximation ratio. The main component in our algorithms is a new result on graph decomposition that may have other applications. Namely we show that for every δ> 0 and a regular nvertex graph G, by changing at most δ fraction of G’s edges, one can break G into disjoint parts so that the induced graph on each part has at most n ε eigenvalues larger than 1 − η (where ε, η depend polynomially on δ). Our results are based on combining this decomposition with previous algorithms for unique games on graphs with few large eigenvalues (Kolla and Tulsiani 2007, Kolla 2010).
Parallel repetition: Simplifications and the nosignaling case
 In STOC’07
, 2007
"... Consider a game where a referee chooses (x,y) according to a publicly known distribution PXY, sends x to Alice, and y to Bob. Without communicating with each other, Alice responds with a value a and Bob responds with a value b. Alice and Bob jointly win if a publicly known predicate Q(x,y, a, b) hol ..."
Abstract

Cited by 76 (0 self)
 Add to MetaCart
Consider a game where a referee chooses (x,y) according to a publicly known distribution PXY, sends x to Alice, and y to Bob. Without communicating with each other, Alice responds with a value a and Bob responds with a value b. Alice and Bob jointly win if a publicly known predicate Q(x,y, a, b) holds. Let such a game be given and assume that the maximum probability that Alice and Bob can win is v < 1. Raz (SIAM J. Comput. 27, 1998) shows that if the game is repeated n times in parallel, then the probability that Alice and Bob win all games simultaneously is at most ¯v log(s), where s is the maximal number of possible responses from Alice and Bob in the initial game, and ¯v < 1 is a constant depending only on v. In this work, we simplify Raz’s proof in various ways and thus shorten it significantly. Further we study the case where Alice and Bob are not restricted to local computations and can use any strategy which does not imply communication among them. 1
Unconditionally Secure Broadcast With Signatures Diploma Thesis, ETH Zurich.
"... Broadcast, also called Byzantine Agreement, is a multiparty computation primitive where a dealer sends his input value to a group of players. All players must agree on the same output value, even if a part of these players is corrupted by an adversary. Furthermore, when the dealer is not corrupted, ..."
Abstract
 Add to MetaCart
broadcast for any number of corrupted players. However, most of these protocols have the drawback that a single corrupted player who can break the signature scheme is sufficient to make the protocol fail. Holenstein presented a hybrid protocol that tolerates either t0 corrupted players, or up to t1> t0
The IdealCipher Model, Revisited:
"... Abstract. The IdealCipher Model of a blockcipher is a wellknown and widelyused model dating back to Shannon [25] and has seen frequent use in proving the security of various cryptographic objects and protocols. But very little discussion has transpired regarding the meaning of proofs conducted in ..."
Abstract
 Add to MetaCart
], and a recent simplification by Maurer, Renner, and Holenstein [15], to exhibit a blockcipherbased hash function that is provablysecure in the idealcipher model but trivially insecure when instantiated by any blockcipher.
Efficient econometric inference based on estimated likelihoods
, 2008
"... Suppose we wish to carry out likelihood based inference but we solely have an unbiased simulation based estimator of the likelihood. We note that unbiasedness is enough when the estimated likelihood is used inside a MetropolisHastings algorithm. This result has recently been introduced in statistic ..."
Abstract
 Add to MetaCart
in statistics literature by Andrieu, Doucet, and Holenstein (2007) and is perhaps surprising given the celebrated results on maximum simulated likelihood estimation. It can be widely applied in microeconomics, macroeconomics and financial econometrics. One way of generating unbiased estimates of the likelihood
Upper Tail Estimates with Combinatorial Proofs
, 2014
"... We study generalisations of a simple, combinatorial proof of a Chernoff bound similar to the one by Impagliazzo and Kabanets (RANDOM, 2010). In particular, we prove a randomized version of the hitting property of expander random walks and apply it to obtain a concentration bound for expander random ..."
Abstract
 Add to MetaCart
, 1] which are not necessarily independent, but obey a certain condition inspired by Impagliazzo and Kabanets. The resulting bound is used by Holenstein and Sinha (FOCS, 2012) in the proof of a lower bound for the number of calls in a blackbox construction of a pseudorandom generator from a one
More Robust Hashing: Cuckoo Hashing with a Stash
 IN PROCEEDINGS OF THE 16TH ANNUAL EUROPEAN SYMPOSIUM ON ALGORITHMS (ESA
, 2008
"... Cuckoo hashing holds great potential as a highperformance hashing scheme for real applications. Up to this point, the greatest drawback of cuckoo hashing appears to be that there is a polynomially small but practically significant probability that a failure occurs during the insertion of an item, r ..."
Abstract

Cited by 39 (14 self)
 Add to MetaCart
Cuckoo hashing holds great potential as a highperformance hashing scheme for real applications. Up to this point, the greatest drawback of cuckoo hashing appears to be that there is a polynomially small but practically significant probability that a failure occurs during the insertion of an item, requiring an expensive rehashing of all items in the table. In this paper, we show that this failure probability can be dramatically reduced by the addition of a very small constantsized stash. We demonstrate both analytically and through simulations that stashes of size equivalent to only three or four items yield tremendous improvements, enhancing cuckoo hashing’s practical viability in both hardware and software. Our analysis naturally extends previous analyses of multiple cuckoo hashing variants, and the approach may prove useful in further related schemes.
On the (Im)Possibility of Key Dependent Encryption
"... We study the possibility of constructing encryption schemes secure under messages that are chosen depending on the key k of the encryption scheme itself. We give the following separation results: • Let H be the family of poly(n)wise independent hashfunctions. There exists no fullyblackbox reduct ..."
Abstract

Cited by 35 (2 self)
 Add to MetaCart
We study the possibility of constructing encryption schemes secure under messages that are chosen depending on the key k of the encryption scheme itself. We give the following separation results: • Let H be the family of poly(n)wise independent hashfunctions. There exists no fullyblackbox reduction from an encryption scheme secure against keydependent inputs to oneway permutations (and also to families of trapdoor permutations) if the adversary can obtain encryptions of h(k) for h ∈ H. • Let G be the family of polynomial sized circuits. There exists no reduction from an encryption scheme secure against keydependent inputs to, seemingly, any cryptographic assumption, if the adversary can obtain an encryption of g(k) for g ∈ G, as long as the reduction’s proof of security treats both the adversary and the function g as black box. Keywords: Keydependent input security, blackbox separation 1
Computational Differential Privacy
"... The definition of differential privacy has recently emerged as a leading standard of privacy guarantees for algorithms on statistical databases. We offer several relaxations of the definition which require privacy guarantees to hold only against efficient—i.e., computationallybounded—adversaries. W ..."
Abstract

Cited by 31 (1 self)
 Add to MetaCart
The definition of differential privacy has recently emerged as a leading standard of privacy guarantees for algorithms on statistical databases. We offer several relaxations of the definition which require privacy guarantees to hold only against efficient—i.e., computationallybounded—adversaries. We establish various relationships among these notions, and in doing so, we observe their close connection with the theory of pseudodense sets by Reingold et al. [1]. We extend the dense model theorem of Reingold et al. to demonstrate equivalence between two definitions (indistinguishability and simulatabilitybased) of computational differential privacy. Our computational analogues of differential privacy seem to allow for more accurate constructions than the standard informationtheoretic analogues. In particular, in the context of private approximation of the distance between two vectors, we present a differentiallyprivate protocol for computing the approximation, and contrast it with a substantially more accurate protocol that is only computationally differentially private.
Results 1  10
of
238