On ε-biased Generators in NC 0

Size: px
Start display at page:

Download "On ε-biased Generators in NC 0"

Transcription

1 O ε-biased Geerators i NC 0 Elchaa Mossel Amir Shpilka Luca Trevisa August 15, 2005 Abstract Crya ad Milterse [8] recetly cosidered the questio of whether there ca be a pseudoradom geerator i NC 0, that is, a pseudoradom geerator that maps -bit strigs to m-bit strigs such that every bit of the output depeds o a costat umber k of bits of the seed. They show that for k = 3, if m 4 + 1, there is a distiguisher; i fact, they show that i this case it is possible to break the geerator with a liear test, that is, there is a subset of bits of the output whose XOR has a oticeable bias. They leave the questio ope for k 4. I fact they ask whether every NC 0 geerator ca be broke by a statistical test that simply XORs some bits of the iput. Equivaletly, is it the case that o NC 0 geerator ca sample a ε-biased space with egligible ε? We give a geerator for k = 5 that maps bits ito c bits, so that every bit of the output depeds o 5 bits of the seed, ad the XOR of every subset of the bits of the output has bias 2 Ω(/c4). For large values of k, we 1 costruct geerators that map bits to Ω( k) bits such that every XOR of outputs has bias 2 2 k. We also preset a polyomial-time distiguisher for k = 4, m 24 havig costat distiguishig probability. For large values of k we show that a liear distiguisher with a costat distiguishig probability exists oce m Ω(2 k k/2 ). Fially, we cosider a variat of the problem where each of the output bits is a degree k polyomial i the iputs. We show there exists a degree k = 2 pseudoradom geerator for which the XOR of every subset of the outputs has bias 2 Ω() ad which maps bits to Ω( 2 ) bits. 1 Itroductio A pseudoradom geerator is a efficiet determiistic procedure that maps a shorter radom iput ito a loger output that is idistiguishable from the uiform distributio by resource-bouded observers. A formalizatio of the above iformal defiitio is to cosider polyomial-time procedures G mappig bits ito m() > bits such that for every property P computable by a family of polyomial-size circuits we have that the quatity Pr [P(z) = 1] Pr z {0,1} m() x {0,1} [P(G(x))] Departmet of Statistics, U.C. Berkeley, CA mossel@stat.berkeley.edu. Supported by a Miller fellowship i Statistics ad Computer Sciece, by a Sloa fellowship i Mathematics ad by NSF grat DMS Departmet of Computer Sciece ad Applied Mathematics, Weizma Istitute of Sciece, Rehovot, Israel. amir.shpilka@weizma.ac.il. Supported by Natioal Security Agecy (NSA) ad Advaced Research ad Developmet Activity (ARDA) uder Research Office (ARO) cotract o. DAAD , ad by the Koshlad fellowship. Computer Sciece Divisio, U.C. Berkeley, CA luca@cs.berkeley.edu. Supported by NSF Grat CCR /CCR , US-Israel BSF grat , a Sloa Research Fellowship ad a Okawa Foudatio Grat. 1

2 goes to zero faster tha ay iverse polyomial i. The existece of such a procedure G is equivalet to the existece of oe-way fuctios [15], pseudoradom fuctios [11] ad pseudoradom permutatios [23]. What are the miimal computatioal requiremets eeded to compute a pseudoradom geerator? Liial et al. [20] prove that pseudoradom fuctios caot be computed i AC 0 (costat-depth circuits with NOT gates ad ubouded fa-i AND ad OR gates). To be precise, the results i [20] oly rule out security agaist adversaries ruig i time O( (log )O(1) ). Their result does ot rule out the possibility that pseudoradom geerators could be computed i AC 0, sice the trasformatio of pseudoradom geerators ito pseudoradom fuctios does ot preserve bouded-depth. Kharitoov [19] shows that a pseudoradom geerator with superliear stretch ca be computed i NC 1, that is, it ca be computed by a circuit of polyomial size, logarithmic depth, ad gates of costat fa-i. (It is kow that NC 1 properly cotais AC 0.) Impagliazzo ad Naor [17] preset a cadidate pseudoradom geerator i AC 0. Goldreich [12] suggests a cadidate oe-way fuctio i NC 0. Recall that NC 0 is the class of fuctios computed by boudeddepth circuits with NOT gates ad bouded fa-i AND ad OR gates. I a NC 0 fuctio, every bit of the output depeds o a costat umber of bits of the iputs. While it is easy to see that there ca be o oe-way fuctio such that every bit of the output depeds o oly two bits of the iput (as fidig a iverse ca be formulated as a 2SAT problem) it still remais ope whether there ca be a oe-way fuctio such that every bit of the output depeds o oly three bits of the iput. Applebaum et al. [1] have very recetly provided evidece that such oe-way fuctios exist. Crya ad Milterse [8] cosider the questio of whether there ca be pseudoradom geerators i NC 0, that is, whether there ca be a pseudoradom geerator such that every bit of the output depeds oly o a costat k umber of bits of the iput. They preset a distiguisher i the case k = 3, m > 4, ad they observe that their distiguisher is a liear distiguisher, that is, it simply XORs a subset of the bits of the output. Crya ad Milterse ask whether there is ay pseudoradom geerator i NC 0 whe m is superliear i. Specifically, they ask whether the followig is the case: that for every costat k, ad for every geerator for which m is super-liear i ad for which every output bit depeds o at most k bits of the iput, a liear distiguisher exists. I order to formulate a equivalet versio of this problem, we itroduce the otio of a ε-biased distributio. Defiitio 1. For ε > 0, we say that a radom variable X = (X 1,...,X m ) ragig over {0, 1} m is ε-biased if for every subset S [m] we have 1/2 ε Pr[ i S X i = 0] 1/2 + ε. It is kow [27, 3] that a ε-biased distributio ca be sampled by usig oly O(log(m/ε)) radom bits, which is tight up to the costat i the big-oh. The problem of [8] ca therefore be formulated by askig whether there exists ay ε-biased geerator i NC 0 that samples a m-bit ε-biased distributio startig from, say, o(m) radom bits ad a egligible ε. Our Results We first exted the result of Crya ad Milterse by givig a (o liear) distiguisher for the case k = 4, m 24. Theorem 2. Let G = (g 1,..., g m ) : {0, 1} {0, 1} m be a map such that each g i depeds o at most 4 coordiates of the iput ad m 24. The there exists a polyomial time algorithm which distiguishes betwee G ad a radom strig with costat distiguishig probability. More precisely, the algorithm will output yes for the output of the geerator G with probability Ω(1), ad for a radom strig with probability e Ω(m). Our distiguisher has a costat distiguishig probability, which we show to be impossible to achieve with liear distiguishers. Our distiguisher uses semidefiite programmig ad uses a idea similar to the correlatio attacks used i practice agaist stream ciphers. 2

3 ( For all k, it is trivial that a distiguisher exists for m 2 2k k) (the umber of fuctios o k bits), ad it is easy to see that a distiguisher exist whe m k ( k) (as there is a liear depedece amog the output bits i this case). We show usig a duality lemma prove i [25] that i fact, a distiguisher with a costat distiguishig probability exists oce m Ω(2 k k/2 ) by provig Theorem 3. For every iteger 0 < k ad ay 0 < ε < 2 2k 1, if G = (g 1,...,g m ) is a ε-biased pseudoradom geerator, where each of the g i s deped o at most k bits, the k 2 ( ) ( ) m 2 2(k t) k2 2k t k 2. t=0 The we preset a ε-biased geerator mappig bits ito c bits such that ε = 1/2 Ω(/c4) ad every bit of the output depeds oly o k = 5 bits of the seed, i.e., we prove Theorem 4. For every c ad sufficietly large, there is a geerator i NC 0 5 mappig bits ito c bits ad samplig a ε-biased distributio, where ε = 2 /O(c4). The mai idea i the costructio is to develop a geerator with k = 3 that hadles well liear tests that XOR a small umber of bits, ad the develop a geerator with k = 2 that hadles well liear tests that XOR a large umber of bits. The fial geerator outputs the bitwise XOR of the outputs of the two geerators, o two idepedet seeds. The geerator uses a kid of uique-eighbor expader graphs that are show to exist usig the probabilistic method, but that are ot kow to be efficietly costructible, so the geerator is i NC 0 but ot i uiform NC 0. Later we preset similar costructios for large values of k. We write f(, k) = O k (g()) if f(, k) h(k)g() for some fuctio h; similarly we will use the otatio o k. Theorem 5. Let k be a positive iteger. There exists a ε-biased geerator i NC 0 k from bits to ( ) k 6 k 2 3 = k( 1 2 o k(1)) bits whose bias, ε, is at most exp ( 1 2 k 4 2 k ). Note the gap for large values of k betwee our costructios that output ( k/2)(1 o k (1)) bits, ad the bouds showig a distiguisher exists for geerators that output (k/2)(1+o k(1)) bits. Fially, we begi a study of the questio of whether there are pseudoradom geerators with superliear stretch such that each bit of the output is a fuctio of the seed expressible as a degree-k polyomial over GF(2), where k is a costat. This is a geeralizatio of the mai questio addressed i this paper, sice a fuctio depedig o oly k iputs ca always be expressed as a degree-k polyomial. Furthermore, low-degree polyomials are a stadard class of low complexity fuctios from a algebraic perspective. I our NC 0 5 costructio of a ε-biased geerator with expoetially small ε ad superliear stretch, every bit of the output is a degree-2 polyomial. We show that Theorem 6. 1 m there exists a ε-biased geerator G = (g 1,..., g t ) : {0, 1} {0, 1} t, t = 2 m, such that g i is a degree 2 polyomial, ad the bias of ay o trivial liear combiatio of the g i s is at most 2 2m 4. 3

4 Later Results ad Ope Questios Applebaum et al. [1] have recetly made substatial progress o the mai questios left ope by our work about the cases k = 3, 4. I the case k = 3, Applebaum et al. [1] preset a costructio of a ε-biased geerator with m = (1 + α), where α > 0 is a absolute costat. They also show that uder relatively geeral assumptios, there are oe-way fuctios such that every bit of the output depeds o oly 3 bits of the iput. I the case k = 4, Applebaum et al. [1] preset a costructio of a pseudoradom geerator with m = + α, where α ca be chose to be ay costat smaller tha 1. The geerator is secure uder the assumptio that there exists pseudoradom geerators i L/poly, which is a fairly geeral assumptio. It remais ope whether a cryptographically strog geerator ca be realized i the case k = 3, whether a cryptographically strog geerator with liear stretch ca be realized i the case k = 4, ad whether a cryptographically strog geerator with superliear stretch ca be realized i the case k = 5. Aother importat ope problem which may be more accessible is to uderstad the right asymptotic for ε-biased geerators for large k. It is temptig to cojecture that either the upper boud O(k) or the lower boud Ω( k) is actually tight. Orgaizatio I sectio 2 we review the aalysis for the case k = 3 of [8]. I sectio 3 we give a distiguisher for the case k = 4. I sectio 4 we prove a upper boud o the legth of the output of a ε-biased geerator i NC 0 k. I sectio 5 we costruct a ε-biased geerator for the cases k = 4, 5. The results for larger k are discussed i sectio 6. I sectio 7 we explicitly costruct a ε-biased geerator such that every bit of the output is a polyomial of degree 2. A exteded abstract reportig o the results here appeared i [26]. 2 Review of the Case k = 3 I this sectio we summarize the mai result of [8]. We also geeralize some of the argumets of [8] that are eeded for our results. 2.1 Prelimiaries We say that a fuctio g : {0, 1} {0, 1} is balaced if Pr[g(x) = 1] = 1/2. We say that a fuctio g : {0, 1} x {0, 1} is ubiased towards a fuctio f : {0, 1} {0, 1} if Pr[g(x) = f(x)] = 1/2, ad that it is biased towards x f (or correlated with f) otherwise. A fuctio g : {0, 1} {0, 1} is affie if there are values a 0,...,a {0, 1} such that g(x 1,...,x ) = a 0 a 1 x 1... a x, it is o-affie otherwise. The followig lemma was proved by case aalysis for k = 3 i [8], ad the case k = 4 could also be derived from a case aalysis appearig i [8] (but it is ot explicitly stated). The proof of the geeral case follows usig the Fourier represetatio of boolea fuctios. The Fourier represetatio is easier to work with whe cosiderig fuctios from {±1} {±1}. For a boolea fuctio f : {0, 1} k {0, 1} we write F for the fuctio F : {±1} k {±1} defied as F(( 1) x 1,..., ( 1) x k ) = ( 1) f(x 1,...,x k ). (1) 4

5 For the boolea fuctios f, g, h discussed i this sectio, the fuctios F, G, H will be the correspodig mappigs to {±1}. For a set S [k], we let U S : {±1} k {±1} be defied as U S (X) = i S X i, that is U S is the character correspodig to S. It is well kow that {U S } S [k] is a orthoormal basis for the space of fuctios from {±1} k to R with respect to the ier product < F, G >= 1 2 k x {0,1} k F(x) G(x). We write F(X) = S ˆF(S)U S (X) for the represetatio of F i the basis {U S }. Because of orthoormality, the coefficiets ˆF(S) satisfy the relatio ˆF =< F, U S >. Note that if f, g are boolea fuctios ad F, G are defied as i (1), the Pr[f(x) = g(x)] = Pr[F(x) = G(x)] = 1/2 + 1/2 < F, G >. I particular, f ad g are correlated if ad oly if < F, G > 0. Lemma 7. Let g : {0, 1} {0, 1} be a o-affie fuctio that depeds o oly k variables. The There exists a affie fuctio o at most k 2 variables that is correlated with g. Let l be the affie fuctio that is biased towards g ad that depeds o a miimal umber of variables. That is, for some d, l depeds o d variables, Pr[g(x) = l(x)] > 1/2, ad g is ubiased towards affie fuctios that x deped o less tha d variables. The Pr x [g(x) = l(x)] 1/2 + 2 d k. Proof. Let f : {0, 1} k {0, 1} be a o-affie fuctio. We prove that there exists a set S of size at most k 2 such that ˆF(S) 0. This implies that F is correlated with U S ad therefore that f is correlated with i S x i as eeded. Look at the fuctio h(x 1,...,x k ) = f(x 1,...,x k ) k i=1 x i. Sice f is o-affie, h is ot a costat fuctio. Let H be the {±1} represetatio of h. As the {±1} represetatio of k i=1 x i is U [k], we get that H has the Fourier represetatio H = U [k] F = U [k] ˆF(S)U S = ˆF(S)U [k]\s = ˆF([k] \ S)U S. S S [k] S [k] It therefore suffices to prove that U [k] F has a coefficiet ˆF(S) 0 with S 2. We will prove that ay fuctio which depeds o more tha oe bit, has a o-zero coefficiet with S 2. This will prove the first part, sice if h depeds o at most oe bit the f is affie. Ideed, assume the cotradictio F = a 0 + i a i U {i} For a ± vector X, write X i for the vector where the i th coordiate of X is multiplied by 1. Note that for all i ad all X, it holds that 2a i = F(X) F(X i ) {0, ±2}, which implies that a i {0, ±1}. Parseval s iequality implies that a 2 i = 1. We therefore coclude that F(X) depeds o oe bit as eeded. This completes the proof of the first claim. Note that f is correlated with i S x i if ad oly if ˆF(S) 0. Moreover, Pr[f(x) = i S x i ] = 1 + ˆF(S). 2 5

6 The claim will therefore follow oce we prove that if F = S d ˆF(S)U S, ad ˆF(S) 0 for a set S of size d, the ˆF(S) 2 d+1 k. By lookig at U [k] F istead of F, it suffices to prove that if F = S k d ˆF(S)U S, (2) ad S is a set of size k d such that ˆF(S ) 0, the ˆF(S ) 2 d k+1. I order to prove the last claim, defie A(X) = T S ( 1) T F(X T ) = T S ( 1) T S [k] ˆF(S)U S (X T ) = S [k] ˆF(S) T S ( 1) T U S (X T ), where X T is X where the coordiates at T are flipped (multiplied by 1). It is the clear that A obtais a eve iteger value i the iterval [ 2 k d, 2 k d ]. O the other had, if S does ot cotai S ad j S \ S, the for all X T S ( 1) T U S (X T ) = = T S,j / T T S,j / T ( 1) T U S (X T ) + Sice ˆF(S) = 0 for all S strictly cotaiig S, it follows that A(X) = ˆF(S ) T S,j T ( 1) T U S (X T ) U S (X T )(( 1) T + ( 1) T +1 ) = 0. T S ( 1) T u S (X T ) = 2 k d ˆF(S )u S (X). We therefore coclude that ˆF(S ) is of the form 2i, for some iteger i [ 2 k d 1, 2 k d 1 ]. I particular, 2 k d sice ˆF(S ) 0, it follows that ˆF(S ) 2 d+k+1 as eeded. For example, for k = 3, a o-affie fuctio g is either ubalaced, or it is biased towards oe of its iputs; i the latter case it agrees with a iput bit (or with its complemet) with probability at least 3/4. For k = 4, a fuctio g either is affie, or it is ubalaced, or it has agreemet at least 5/8 with a affie fuctio that depeds o oly oe iput bit, or it has agreemet at least 3/4 with a affie fuctio that depeds o oly two iput bits. 2.2 The Case k = 3 Let G : {0, 1} {0, 1} m be a geerator ad let g i : {0, 1} {0, 1} be the i-th bit of the output of the geerator. Suppose each g i depeds o oly three bits of the iput. Suppose that oe of the g i is ot a balaced fuctio. The we immediately have a distiguisher. Suppose that more tha of the g i are affie. The oe of them is liearly depedet o the others, ad we also have a distiguisher. It remais to cosider the case where at least m of the fuctios g i are balaced ad ot affie. Let I be the set of i for which g i is as above. The, by lemma 7, for each such g i there is a affie fuctio l i that depeds o 6

7 oly oe bit, such that g i agrees with l i o a 3/4 fractio of the iputs. By replacig g i with g i 1 whe eeded, we may assume that each such g i has correlatio at least 3/4 with oe of the bits of its iput. The followig lemma ow implies a costat distiguishig probability oce m While the above aalysis uses the same ideas as i [8], it is slightly better because we achieve costat bias istead of iverse polyomial bias. We first prove a very geeral lemma that will be also used i later sectios, ad the we derive the coclusio that we eed for the case of k = 3. Lemma 8. For every δ > 0 there are costats c δ ad ε δ 2 δ 2 δ 3δ2 4 such that the followig holds. Let G : {0, 1} {0, 1} m, ad let G(x) = (g 1 (x),...,g m (x)). Let L be a set of fuctios ad suppose that each fuctio g i (x) agrees with a elemet of L or with its complemet with probability at least 1/2 + δ. I other words, for every g i there exists f L such that Pr x [g i (x) = f(x)] δ or Pr x [g i (x) f(x)] δ. Assume that m 1 + c δ L. The there are i j such that g i g j has bias at least ε δ. Moreover, c 1/4 3 ad c 1/8 9. Proof. By the pigeohole priciple there is a fuctio f L ad a set of idices C [m], such that C m L, ad for every i C, g i or 1 g i is correlated with f. Assume w.l.o.g. that for every i C, g i is correlated with f (otherwise replace g i with 1 g i ). Defie the radom variable Z(x) = # {i C : g i (x) = 0} # {i C : g i (x) = 1}. Cosider the expectatio of Z(x) (where x is uiformly chose from {0, 1} ). We have that E[Z(x)] = E[ # {i C : g i (x) = f(x)} # {i C : g i (x) f(x)} ] (( ) ( )) 1 1 E [# {i C : g i (x) = f(x)}] E[# {i C : g i (x) f(x)}] C 2 + δ 2 δ = 2δ C. Note that the average value of Z over the uiform distributio is O( C ). We coclude that for C = αδ 2, for a sufficietly large α, the differece of expected values of Z uder the geerator ad uder the uiform distributio is Ω( C δ). This implies that the statistical distace betwee the output of the geerator ad the uiform distributio over C bits is Ω(δ). By the Vazirai XOR lemma [31] (see [10] for a excellet expositio of the XOR lemma), it also follows that the XOR of some subset of the bits of C has bias Ω(δ2 C ) = 2 O(δ 2). However we would like to obtai a better depedece betwee δ ad ε. For i, j C defie Z i,j (x) to be 1 if g i (x) = g j (x) ad 1 otherwise. Note that E[Z i,j ] equals twice the bias of g i g j. Clearly Z i,i = 1. We have that Z(x) 2 = i,j Z i,j. I particular we get that E i,j Z i,j (x) = E [ Z(x) 2] E[Z(x)] 2 4δ 2 C 2. Hece for C = 1 δ 2 we get that E i,j Z i,j (x) 4 C. 7

8 As E[ i Z i,i] = C, it follows that E[ i j Z i,j] 3 C, ad so there must be i j C such that I other words, g i g j has a 3δ2 4 E[Z i,j ] 3 C C ( C 1) 3δ2 2. bias. Thus takig m = 1 + L ( 1 δ 2 1) we obtai c δ = 1 δ 2 1. We ow cosider two special cases. Let C = 4, δ = 1 4. By the above argumet we get that E[Z(x)] C = 2. O the other had, for the uiform distributio o 4 bits the average of Z(x) is ( ( ) ( )) = < 2 = 2. Thus, if C = 4 we get by Vazirai s XOR lemma that some subset of the g i s has some costat bias, so we ca set c 1/4 = 3. Similarly, whe C = 10 the average of Z(x) for the uiform distributio is 2 4 ( ) (10 2i) = 2520 i 1024 < , so we ca set c 1/8 = 9. i=0 To coclude the case of k = 3 we ote that if m 1+4, ad the output of the geerator cotais at most affie fuctios the at least output bits that are ot affie ad so we ca apply Lemma 8, where L = {π 1,...,π } is the set of projectio fuctios π i () such that π i (x 1,...,x ) = x i. The cosequece of Lemma 8 is that two of the output bits are correlated. 3 Distiguisher for the Case k = 4 I this sectio we costruct a distiguisher for k = 4. We restate Theorem 2. Theorem. Let G = (g 1,...,g m ) : {0, 1} {0, 1} m be a map such that each g i depeds o at most 4 coordiates of the iput ad m 24. The there exists a polyomial time algorithm which distiguishes betwee G ad a radom strig with costat distiguishig probability. More precisely, the algorithm will output yes for the output of the geerator G with probability Ω(1), ad for a radom strig with probability e Ω(m). The first case we cosider is where there are more tha 0.001m of the g i that are ubalaced. Suppose that g 1,...,g p are ubalaced ad p 0.001m. The there exist fixed bits b 1,...,b p such that Pr[g i = b i ] 9/16. Thus by Markov s iequality: [ { i gi (z) = b i )} Pr z {0,1} 17 ] 1 p O the other had, if r 1,...,r p are chose uiformly at radom, the [ { i ri = b i )} Pr 17 ] e Ω(m) p 32 by Cheroff s iequality. 8

9 The secod case is where more tha m of the g i are liear. I this case we ca write at least 0.001m idepedet liear combiatios i the output bits of the geerator that hold with probability 1. The probability that these combiatios hold for truly radom bits is m. Thus the statemet of the theorem follows i this case as well. If oe of the g i is biased towards oe of the bits of its iput, the it follows from Lemma 7 that it must agree with that bit or its complemet with probability at least 5/8. Suppose that more tha c 1/8 = m of the fuctios g i have bias towards oe bit. The by the proof of Lemma 8, there exists at least p m disjoit sets S 1,...,S p of the g i s such that S r 10 ad i Sr g i has bias at least 2 10 bias towards a costat bit b r for all 1 r p. Thus, as i the first case, [ { r i Sr g i (z) = b r )} Pr z {0,1} 1 ] p ad from Cheroff s boud it follows that if r i are truly radom the [ { r i Sr r i = b r } Pr p ] e Ω(m). Thus, the proof follows i this case as well. It remais to cosider the case where at least 0.997m 10 of the fuctios are balaced, o-liear, ad ubiased towards sigle bits. Followig [8], we call such fuctios problematic. It follows from Lemma 7 that for each problematic g there is a affie fuctio l of two variables that agrees with g o a 3/4 fractio of the iputs. Agai, by replacig g i by g i 1, whe eeded, we may assume that all the problematic g i s have 3/4 agreemet probability with some liear fuctio. Let P be the set of i such that g i is problematic. For each such i we deote by l i the liear fuctio of two iputs that agrees with g i o a 3/4 fractio of the iputs. I the ext sectio we show how if p = P 0.997m , the oe ca break the geerator usig correlatio attack. Correlatio attacks are ofte used i practice to break pseudoradom geerators. The distiguisher below is a iterestig example where oe ca actually prove that correlatio attack results i a polyomial time distiguisher. 3.1 The Distiguisher Based o Semidefiite Programmig Give a strig (r 1,...,r p ) {0, 1} p, cosider the followig liear system over GF(2) with two variables per equatio. i P l i (x) = r i. (3) We will argue that the fractio of satisfied equatios i the system (3) is distributed differetly if r 1,...,r p is uiform or if it is the output of G. Sice the expected umber of equatios (3) satisfied whe r i = g i is at least 3p/4, it follows by Markov s iequality that Lemma 9. If r 1,...,r p are the output of g 1,...,g p, respectively (where the g i s are problematic), the, for every ε > 0, there is a probability of at least ε that at least 3/4 ε fractio of the equatios i (3) are satisfiable. More formally [ { i gi (z) = l i (z))} Pr z {0,1} 3 ] p 4 ε ε. 9

10 Lemma 10. If r 1,..., r p are chose uiformly at radom from {0, 1} p, ad p > (1/2δ 2 )(l2)( + c), the the probability that there is a assigmet that satisfies more tha a 1/2 + δ fractio of the equatios of (3) is at most 2 c. Proof. Fix a assigmet z; the, by Cheroff s iequality, the probability that a fractio at least 1/2 + δ of the r i agree with l i (z) is at most e 2δ2p 2 c. By a uio boud, there is at most a probability 2 c that such a z exists. Give a system of liear equatios over GF(2) with two variables per equatio, it is NP-hard to determie the largest umber of equatios that ca be satisfied, but the problem ca be approximated to withi a.878 factor usig semidefiite programmig [13]. We ow prove theorem 2. Proof of Theorem 2: Let δ =.158, ε = Thus,.878(3/4 ε) > 1/2+δ. The statemet of the theorem follows from the previous argumets uless there are p problematic fuctios where p > 0.997m 10. Give a strig (r 1,..., r p ), which is either radom i {0, 1} p or from the distributio G(z) restricted to problematic fuctios (where z is radom), we cosider the system (3). Usig semidefiite programmig [13] we get a polyomial time algorithm that is successful if a 3/4 ε fractio of the equatios hold, ad fails if o more tha 0.878(3/4 ε) > 1/2 + δ of the equatios hold. Let c = By lemma 10 if p > > (1/2δ 2 )(l2)( + c), the the probability that more tha 1/2 + δ of the equatios are satisfied, whe r 1,..., r p are chose radomly, is at most 2 c = exp( Ω()). O the other had, whe (r 1,..., r p ) is take from the geerator the the probability that at least 3/4 ε fractio of the equatios are satisfied is at least ε. The theorem follows. 3.2 Correlatio Attacks I this sectio we discuss how our distiguisher for the case k = 4 ca be see as a correlatio attack. Correlatio attacks are a class of attacks that are ofte attempted i practice agaist cadidate pseudoradom geerators. Pseudoradom geerators are called stream ciphers i the applied cryptography literature, see e.g. the itroductio of [18] for a overview. The basic idea is as follows. Give a cadidate geerator G : {0, 1} {0, 1} m, where G(x) = g 1 (x),...,g m (x), we first try ad fid liear relatios betwee iput bits ad output bits that are satisfied with o-trivial probability. For example, suppose we fid coefficiets a i,j, b i,j ad c j such that each of the equatios is satisfied with probability bouded away from 1/2. i=1 a i,1x i + m i=1 b i,1g i (x) = c 1 (mod 2) i=1 a i,2x i + m i=1 b i,2g i (x) = c 2 (mod 2)... i=1 a i,tx i + m i=1 b i,tg i (x) = c t (mod 2) Now we wat to use this system of equatios i order to build a distiguisher. The distiguisher is give a sample z = (z 1,...,z m ) ad has to decide whether z is uiform or is the output of G. The distiguisher substitutes z i i place of g i (x) i (4) ad the tries to fid a x that maximizes the umber of satisfied equatios. The hope is that, if z = G(x), the we will fid x as a solutio of the optimizatio problem. Ufortuately, maximizig the umber of satisfied equatios i a liear system over GF(2) is a NP-hard problem, ad, i fact, it is NP-hard to achieve a approximatio factor better tha 1/2 [14]. I practice, oe uses beliefpropagatio algorithms that ofte work, although the method is typically ot ameable to a formal aalysis. (4) 10

11 I Sectio 3.1, we were able to derive a formal aalysis of a related method because we eded up with a system of equatios havig oly two variables per equatio, a class of istaces for which good approximatio algorithms are kow. Furthermore, we did ot try to argue that, whe the method is applied to the output of the geerator, we are likely to recover the seed; istead, we argued that just beig able to approximate the largest fractio of satisfiable equatios gives a way to distiguish samples of the geerators from radom strigs. 4 O( k/2 ) upper boud I this sectio we prove the followig theorem which gives a upper boud o the maximal stretch of a ε-biased geerator i NC 0 k. We restate Theorem 3. Theorem. For every iteger 0 < k ad ay 0 ε < 2 2k 1, if G = (g 1,...,g m ) is a ε-biased pseudoradom geerator, where each of the g i s deped o at most k bits, the k 2 ( ) ( ) m 2 2(k t) k2 2k t k 2. (5) t=0 The proof uses the followig lemma from [25]. Lemma 11 ([25]). Let f : {0, 1} k {0, 1} the for all r Either f is a polyomial of degree at most r over GF(2), or f is biased towards a affie fuctio of at most k r variables. Proof of Theorem 3: For 0 t, write B(t) = t i=0 ( i). Set s = k/2, r = k s. By Lemma 11 every gi is either a degree r polyomial, or is biased towards a affie fuctio of at most s variables. Let p be the umber of degree r polyomials amog the g i s, ad b t be the umber of g i s biased towards a affie fuctio of exactly t variables (but ot towards a affie fuctio with less tha t variables). Clearly, m p+ s t=0 b t. Note that the B(r) moomials of degree r o the variables x 1,...,x form a basis for the vector space of all degree r polyomials i x 1,...,x. Therefore if p > B(r), there is a liear depedecy betwee the g i s. We therefore coclude that p B(r). (6) O the other had, ote that by Lemma 7, if g is biased towards a affie fuctio of t s variables (but ot towards a affie fuctio with less tha t variables) the there exists a affie fuctio l of t variables such that Pr[g = l] 1/2 + 2 t k. Moreover, there are exactly ( t) liear fuctios o t variables. For t s let Lt be the set of liear fuctios o t variables. Lemma 8 implies that if b t 1 + L t c 2 t k = 1 + ( ) ( ) 2 2(k t) 1 t the there is a of two of the g i s that has at least a t 2k > 2 2k 1 bias. It therefore follows that ( ) b t (2 2(k t) 1). (7) t Combiig (7) ad (6) we obtai that k 2 m B(r) + t=0 ( ) k 2 (2 2(k t) 1) t 11 t=0 ( ) ( ) 2 2(k t) k2 2k t k 2

12 as eeded. 5 Costructios for k = 5 ad k = Overview I this sectio we prove Theorem 4. We will also give a costructio of a k = 4 geerator with iverse-polyomial bias. I both cases, we will costruct a geerator mappig 2 bits ito c bits. It is helpful to thik of c as a large costat, although the results for k = 5 hold also if c is a fuctio of. We will costruct two geerators: oe will be good agaist liear tests that ivolve a small umber of output bits (we call them small tests), ad aother is good agaist liear tests that ivolve a large umber of output bits (we call them large tests). The fial geerator will be obtaied by computig the two geerators o idepedet seeds, ad the XOR-ig their output bit by bit. I this way, we fool every possible test. The geerator that is good agaist large tests is such that every bit of the output is just the product of two bits of the seed. We argue that the sum (modulo 2) of t output bits of the geerator has bias expoetially small i t/c 2, where c, as above, is the stretch of the geerator. The we describe a geerator that completely fools liear tests of size up to about /c 2, ad such that every bit of the output is the sum of three bits of the seed. Combied with the geerator for large tests, we get a geerator i NC 0 5 such that every liear test has bias 2 O(/c4). 5.2 The Geerator for Large Tests Let us call the bits of the seed y 1,..., y. Let K be a udirected graph formed by /(2c + 1) disjoit cliques each with 2c + 1 vertices (we assume for simplicity that /(2c + 1) is a iteger). K has vertices that we idetify with the elemets of []. K has c = m edges. Fix some orderig of the edges of K, ad let (a j, b j ) be the j-th edge of K. Defie the fuctios q 1,..., q m as q j (y 1,..., y ) = y aj y bj. Lemma 12. For every subset S [m], the fuctio q S (y) = j S q j(y) is such that Pr y [q S (y) = 0] 1 2 ( ) 1 1+ S /(2c 2 +c). 2 The proof relies o the followig two stadard lemmas. The first oe from [8] is a special case of the Schwartz- Zippel lemma [29, 32]. Lemma 13 ([8]). Let p be a o-costat degree-2 multiliear polyomial over GF(2). The 1/4 Pr[p(x) = 0] 3/4. It is well kow ad easy to prove by iductio that Lemma 14. Let X 1,..., X t be idepedet 0/1 radom variables, ad suppose that for every i we have δ Pr[X i = 0] 1 δ. The [ ] (1 2δ)t Pr X i = (1 2δ)t. i 12

13 We ca ow prove lemma 12. Proof of Lemma 12.: We ca thik of S as a subset of the edges of K. Each coected compoet of K has 2c 2 + c edges, so S cotais edges comig from at least S /(2c 2 + c) differet coected compoets. Let t be the umber of coected compoets. If we decompose the summatio j S q j(y 1,...,y ) ito terms depedig o each of the coected compoets, the each term is a o-trivial degree-2 polyomial, ad the t terms are idepedet radom variables whe y 1,..., y are picked at radom. We ca the apply lemma 14, where the X i are the values take by each of the t terms i the summatio, δ = 1/4, ad t S /(2c 2 + c). I particular it follows that if we defie G 1 (y 1,..., y ) = (q 1,..., q m ) the ay liear combiatio of at least Ω() coordiates of the output of G has a expoetially small bias. 5.3 The Geerator for Small Tests Let A {0, 1} m be a matrix such that every row is a vector i {0, 1} with exactly three o-zero etries, ad also assume that every set of σ 1 rows of A is liearly idepedet. Let A 1,..., A m be the rows of A. We defie the liear fuctios l 1,..., l m as l i (x) = A i x. Note that each of these liear fuctios depeds o oly three bits of the iput. Propositio 15. For every subset S [m], S < σ, the fuctio l S (x) = j S l j(x) is balaced. Proof. We have l S (x) = ( j S A j) x, ad sice j S A j is a o-zero elemet of {0, 1} (as {A i } i S are liearly idepedet), it follows that l S () is a o-trivial liear fuctio, ad therefore it is balaced. Lemma 16. For every c = c() = o( /(log ) 3/4 ) ad for sufficietly large there is a 0/1 matrix A with c rows ad colums such that every row has exactly three o-zero etries ad such that every set of σ 1 = /(4e 2 c 2 ()) 1 rows are liearly idepedet. Proof. We shall costruct the matrix A as the adjacecy matrix of a bi-partite expader graph. We begi by showig a relatio betwee a expasio of bi-partite graphs ad liear idepedece of related liear fuctios. Let G = (L, R, E) be a bi-partite graph such that R =. G has the b - right uique eighbor property, if for ay set V L, V b there exists a vertex u R such that N(u) V = 1. Assig the iput variables to the differet vertices i R. For every vertex v L the correspodig output is the liear fuctio l v (X) = i N(v) Lemma 17. If G has the b-right uique eighbor property the for ay set B such that B < b, the liear combiatio l = v B l v is ozero. x i Proof. We have that l = l v = x i. v B i: N(i) B =odd The right uique eighbor property guaratees that there is a iput variable that belogs to exactly oe output. Therefore l is ot zero. Note that we actually eed the odd-eighbor property (i.e. that for ay set of size less tha b there is a eighbor with odd umber of eighbors i the set), but our calculatios show that the graphs that we use have the stroger uique-eighbor property. The problem of costructig explicit expaders with the uique eighbor property was 13

14 extesively studied i recet years ad may ew costructios were foud [2, 7, 9, 22]. However, oe of these give the parameters we eed here. Thus we oly prove the existece of such a graph istead of givig a explicit costructio. Our proof actually show that if we pick a radom graph (with the correct parameters) the w.h.p. it will have the uique-eighbor property. The existece of graphs with the uique eighbor property will follow from the existece of certai expaders. We say that a bipartite graph (L, R, E) is (σ, α)-expadig if for every subset S L of vertices o the left, if S σ the N(S) > α S, where (as before) N(S), defied as is the eighborhood of S. N(S) = {v R : u S such that (u, v) E}, Lemma 18. Suppose that the degrees of all vertices i L are bouded by. If N(S) > S /2 for all sets S L of size at most σ, the G has the σ-right uique eighbor property. Proof. If there is o uique eighbor, the by coutig edges N(S) S /2. The followig lemma shows the existece of a bi-partite expader graph with the required properties. Lemma 19. For every c() = o( /(log ) 3/4 ) ad sufficietly large there is a (σ, 3/2)-expadig graph ([c() ], [], E) with σ = /(4e 4 c 2 ()) such that every vertex o the left has degree 3. Proof. We costruct the graph at radom by coectig each vertex o the left to three distict radomly chose vertices o the right. (For differet left vertices the radom choices are idepedet.) Fix a size s, 2 s /(2e 2 c), ad cosider the probability that there is a subset S [c] of s vertices o the right (i.e. S R) whose eighborhood is cotaied i a set T [] of 3s/2 vertices o the left. Clearly, this probability is less tha ( 3s 2 )3s. The umber of possible choices for S is ( ) c s ad the umber of possible choices for T is ( 3s/2). By a uio boud, the probability that the costructio fails to satisfy the required property is at most Usig the iequality ( ) ( k e ) k k we ca see that(8) is at most σ ( ec ) ( ) s 2e 3s/2 ( ) 3s 3s s 3s 2 s=2 ( ( ) c 2 ( ) c 3 = O + + σ ( ) ( )( ) c 3s 3s. (8) s 3s/2 2 s=2 σ s=2 ( 2e 3 c s ) s (9) ( c ) 4 (log ) 3 ) = o(1), (10) where the last lie ca be verified by breakig the secod sum i expressio (9) up ito the the term s = 2 which is O((c/ ) 2 ; s = 3, which is O((c/ ) 3 ); the terms s = 4,...,2log, each of which is at most O(c log / ) 4 ; ad the remaiig terms, each of which is at most 1/ 2. We ow fiish the proof of lemma 16. Cosider the graph G costructed i Lemma 19 ad let A be the L R matrix such that A v,u = 1 if ad oly if (v, u) is a edge of G. Note that every row of A has exactly 3 o-zero etries. By Lemma 18, G has the σ-right uique eighbor property. Therefore by Lemma 17 the liear fuctios correspodig to ay subset of σ rows are liearly idepedet. I particular we get that if we defie G 2 (x) = (A 1 x,..., A m x) the ay liear combiatio of at most 2 /4e 2 c 2 1 coordiates of the output of G 2 is ubiased. The proof follows. 14

15 5.4 Puttig Everythig Together: Proof of theorem 4 I order to obtai the geerator, recall that m = c ad take G 1 : {0, 1} {0, 1} m, ad G 2 : {0, 1} {0, 1} m be the geerators defied above (with the parameter c). The we take G : {0, 1} 2 {0, 1} m defied by G(x, y) = G 1 (x) G 2 (y). We get that by lemma 12 ay combiatio of more tha σ outputs of G has bias at most 2 σ/(c2 +c), ad that by lemma 16, ay combiatio of at most σ = /(4e 2 c 2 ) of the outputs of G is ubiased. This completes the proof of the theorem. 5.5 Geerator for k = 4 Whe k = 4 we wat to replace the geerator for small sets by a geerator which depeds oly o two bits. The costructio is essetially the oe i [8]. Let H be a udirected graph with vertices, that we idetify with [], havig c edges ad girth γ. Fix some orderig of the edges of H, ad let (a j, b j ) be the j-th edge of H. We defie the liear fuctios l 1,...,l m as l j (x 1,..., x ) = x aj + x bj. Propositio 20. For every subset S [m], S < γ, the fuctio l S (x) = j S l j(x) is balaced. Proof. Sice S < γ, the subgraph of H iduced by the edges of S is a forest. Therefore l S (x) is a o-zero liear fuctio, ad hece balaced. The explicit costructio of expaders by Lubotzky-Phillips-Sarak [21] has high girth: Lemma 21 ([21]). For every c ad for sufficietly large there are explicitly costructible graphs H with vertices, c edges, ad girth Ω((log )/(log c)). We thus obtai. Theorem 22. For every c ad sufficietly large, there is a geerator i uiform NC 0 4 mappig bits ito c bits ad samplig a ε-biased distributio, where ε = 1/O(c2 log c). 6 ε-biased geerator for large k I this sectio we costruct a ε-biased geerator i NC 0 k, for large k, that outputs Ω( k) bits. More precisely we prove Theorem 5: Theorem. Let k be a positive iteger. There exists a ε-biased geerator i NC 0 k from bits to ( ) k 6 k 2 3 = k( 1 2 o k(1)) bits whose bias ε is at most exp ( 1 2 k 4 2 k ). 6.1 The Geerator for Large Tests I this sectio we prove the followig Lemma. 15

16 Lemma 23. Let = p 2 ad let d be a iteger. The there exists a geerator G 1 : (g 1,...,g m ) : {0, 1} {0, 1} m, where m = ( ) p d such that for all J [m] the bias of g = j J g j is at most ( ) exp J 1 d 2 d. (11) Proof. Cosider the followig bi-partite graph G = (L, R, E) where L = p (left vertices), R = ( p d) (right vertices). Idetify the vertices of L with the umbers 1,..., p ad the vertices of R with ( [p]) d, the set of all subsets of [p] = {1,...,p} of size d. The edges of G are all pairs (i, S) such that i [p], S ( [p]) d ad i S. For a set of vertices, V, we deote with N(V ) the set of eighbors of V : For a vertex i let deg(i) = N({i}). N(V ) = {u L R : v V such that (u, v) E}. Propositio 24. For ay set of right vertices V R we have that N(V ) d V 1 d e. Proof. Note that for ay set of t left vertices, L, there are (exactly) ( t d) right vertices, R, such that N(R ) = L. The result follows from the iequality ( ) ( ) N(V ) e N(V ) d V. d d Our costructio will assig a moomial of degree d, i the iput variables, to each edge. We thik about the vertices of L as represetig disjoit subsets of the iput variables (each of size p) ad each edge leavig such iput set as correspodig to a moomial i its variables. The right vertices, R, correspod to the output bits. Each output is the sum of the moomials that label the edges that fa ito it. We ow give the formal costructio. Let X = p i=1 X i be a partitio of X = {x 1,..., x } ito p disjoit sets each of size p. We assig the set X i to the i-th vertex of L. Let M i be the set of all multiliear moomials of degree d i the variables of X i. We have that M i = ( ) p d > ( ) p 1 d 1 = deg(i) Therefore we ca assig to each edge leavig i a differet moomial from M i. Deote by M e the moomial correspodig to the edge e. Each right vertex correspods to a output bit. For a right vertex j the j th output, which we deote by g j, is the sum of all moomials that were assiged to the edges adjacet to j: g j = M e. e:j e Thus each output is the sum of d moomials each of degree d. Hece each output depeds o d 2 iput variables. We ow show that ay large liear combiatio of the output bits has a small bias by provig (11). Let g = j J g j. The proof is essetially the same as the proof of lemma 12 ad follows from the followig easy propositios. Propositio 25. Let g = j J g j, the g ca be writte as the sum of at least N(J) polyomials of degree d, each i a differet set of variables. Proof. The set of outputs J, has N(J) left eighbors. The edges coectig the set J to a eighbor i N(J) are labeled with polyomials of degree d i X i. 16

17 From the Schwartz-Zippel lemma [29, 32] we get Propositio 26. For ay polyomial g of degree d we have 1 2 d Pr[g = 0] d. Thus accordig to lemma 14 we get that the bias of g is at most ( ) N(J) 2 2 d 1 ( ) ( ) 2N(J) 2 exp J 1 d 2 d exp 2 d This fiishes the proof of Lemma The Geerator for Small Tests Similar to the k = 4, 5 cases this geerator will output oly liear fuctios. We will have the property that ay small set of these liear fuctios is liearly idepedet. This is a stadard costructio that follows from uique eighbor property of expadig graphs. Lemma 27. Let t be positive iteger t ad = 10t. There exists a mappig from bits to t bits such that every output depeds liearly o iput variables, ad such that ay liear combiatio of at most outputs is o-zero ad therefore ubiased. Proof. As i the proof of lemma 16, we shall costruct a liear mappig from a expader bi-partite graph with the uique eighbor property. We first prove: Lemma 28. Let t be a positive iteger ad = 10t. The there exists a family of bi-partite graphs G = (L, R, E) with L = t, R =, v L deg(v) =, such that G is a (σ =, 5t) expadig graph. Proof. Let R =, L = t. Coect every vertex i L to a radomly chose multi set of size of distict right vertices. We cotiue as i Lemma 19. Fix a size s, 2 s σ =, ad cosider the probability that there is a subset S [ t ] of s vertices o the right whose eighborhood is cotaied i a set T [] of s/2 vertices o the left. This probability is less tha ( s 2 ) s. The umber of possible choices for S is ( ) t s ad the umber of possible choices for T is ( s/2). Therefore applyig the uio boud ad recallig that = 10t the probability that the costructio fails to satisfy the required property is at most σ ( ) e t s s s=2 ( ) 2e s/2 s ( ) s s 2 ( ) σ (e s) s = o(1). s=2 4t We ow fiish the proof of lemma 27. Let G be the graph costructed i Lemma 28. Label each vertex o the right by oe of the variables x i ad each vertex o the left by the liear combiatio of the variables adjacet to it. By Lemma 18, G has the σ-right uique eighbor property. Therefore by Lemma 17 every set cosistig of σ 1 liear fuctios (correspodig to left vertices) is liearly idepedet. The proof follows. 17

18 6.3 Puttig thigs together: Proof of theorem 5 Let κ = ( k 5) 2, ν = 2 2. We have that k > κ + 10 κ, κ > k 12 k, 2 ν > 2 2. Let X = {x 1,..., x ν }, Y = {y 1,..., y ν }. Let f 1 (X),...,f ( p (X) be the outputs of the geerator agaist large tests d) with the parameters p = ν, d = κ. Let h 1 (Y ),...,h ν κ(y ) be the outputs of the geerator for small tests o Y, give the parameter t = κ. Note that ( ) ( ) ν p ν κ > =. κ d Our geerator G will output the fuctios 1 i ( ) p d g i (X, Y ) = f i (X) + h i (Y ). Notice that as we have more h i s tha f i s we do ot use most of the h i s. Clearly, each output of the geerator depeds o κ + 10 κ < k iput variables. From lemmas 23,27 we get that the bias of ay o trivial liear combiatio of the outputs is at most exp Our geerator takes 2ν iputs ad outputs as eeded. ( ) p d ( ν 1 d 2 d ( e 2 ) κ ν 2 κ ) exp ( 1 2 k ( ) k k ) k 2 3 = k( 1. 2 o k(1)) 7 A degree 2 geerator I this sectio we cosider a variat of the problem preseted i the paper. Suppose that we require that every output bit is a degree k polyomial i the iput bits. It is clear that if we wat the output to be ε-biased, the the umber of output bits m is at most the dimesio of the space of degree k polyomials i variables, which is k ( i=0 i) = O( k ) (as otherwise there will be a liear depedece amog the output bits). Clearly this is a relaxatio of the problem described above. I particular ay upper boud here will imply a upper boud for NC 0 k. The problem is also of idepedet iterest, as low degree geerators are simple i a ituitive sese. We ow show how to costruct a geerator of ε-biased set such that every output is a polyomial of degree 2 i the iput variables. We show that ulike the NC 2 0 case we ca output Ω(2 ) bits. I particular we prove Theorem 6: Theorem. 1 m there exists a ε-biased geerator G = (g 1,..., g t ) : {0, 1} {0, 1} t, t = 2 m, such that g i is a degree 2 polyomial, ad the bias of ay o trivial liear combiatio of the g i s is at most 2 2m We begi by studyig the bias of a degree 2 polyomial, over GF(2). I this sectio we will oly cosider degree 2 polyomials P such that P(0) = 0. Below we deote with x T ad A T the traspose of the vector x ad the matrix A, respectively

19 7.1 The Bias of Degree 2 polyomials Let P(x 1,..., x ) be a degree 2 polyomial. P is also called a quadratic form over GF(2). We say that a matrix A represets P with respect to a basis of GF(2), {v i } i=1, if for every vector v = i=1 x i v i we have that P(v) = x T Ax. Notice that we ca always fid a upper triagular matrix that represets P ; let Defie P(a 1,..., a ) = A(P) i,j = 1 i j α i,j a i a j { αi,j i j 0 i > j Clearly P( i=1 e i x i ) = x T A(P)x ad A(P) represets P with respect to the stadard basis. The bias of a quadratic form is bouded by the rak of the matrix represetig it as follows. Theorem 29. The bias of a degree 2 polyomial P is at most for ay matrix A that represets P. ( ) 2 1+ rak(a+at ) 4 Theorem 29 shows that i order to output m polyomials of degree 2, such that ay o trivial liear combiatio of them is almost ubiased, it suffices to fid matrices A 1,..., A m such that for ay o trivial combiatio of them, B = m i=1 α ia i (α i GF(2)), we have that rak(b + B T ) is high Proof of theorem 29 The followig claim is trivial. Propositio 30. P 0 iff there exists a symmetric matrix that represets P w.r.t. some basis iff ay matrix that represets P is symmetric. The proof of theorem 29 will follow from the followig lemmas. Lemma 31. For ay quadratic form P o variables, there exists a basis of GF(2) e i, f i i = 1,..., r ad g j j = 1,..., s such that 2r + s = ad elemets i GF(2), a i, b i i = 1,..., r, c j j = 1,..., s, such that for v = r r s x i e i + x r+i f i + x 2r+j g j i=1 i=1 j=1 we have P(v) = r s (a i x 2 i + x i x r+i + b i x 2 r+i ) + c j x 2 2r+j = i=1 j=1 r s (a i x i + x i x r+i + b i x r+i ) + c j x 2r+j. (12) i=1 j=1 Such a basis is called a caoical basis for P. Proof. See the proof of theorem i [16]. 19

20 Lemma 32. Let P be a quadratic form o variables Let A represet P with respect to the stadard basis (i particular, A is upper triagular) ad D represet P with respect to the caoical basis. The rak(d) rak(a + AT ) 2 Proof. Let B be the matrix whose colums are e 1,..., e r, f 1,..., f r, g 1,..., g s writte w.r.t. the stadard basis. We have that x GF(2) x T Dx = x T B T ABx. I other words Therefore there exists a symmetric matrix S such that or x GF(2) x T (D B T AB)x = 0. D B T AB = S, D = B T (A + (B 1 ) T S(B 1 ))B. As (B 1 ) T S(B 1 ) is a symmetric matrix we get by the ext lemma (lemma 33) that rak(d) = rak(a + (B 1 ) T S(B 1 )) rak(a + AT ). 2 Lemma 33. For a upper triagular matrix A ad ay symmetric matrix S we have that rak(a + S) rak(a + AT ). 2 Proof. Let r = rak(a + S) = rak ( (A + S) T) = rak(a T + S). The rak(a + A T ) = rak(a + S + S + A T ) rak(a + S) + rak(a T + S) = 2r. PROOF OF THEOREM 29. Clearly the bias of P does ot chage if we calculate it w.r.t. to a caoical basis, {v i } i=1. Let v = i=1 x i v i, we have that P(v) = r s (a i x i + x i x r+i + b i x r+i ) + c j x 2r+j. i=1 j=1 Note that if for some 1 j s c j 0 the P is ubiased. Otherwise, we get by propositio 26 that for every i the bias of (a i x 2 i +x i x r+i +b i x 2 r+i ) is at most 1 4. Therefore accordig to Lemma 14 we get that the bias of P is at most ) r+1. As we assumed that j cj = 0 we see that ( 1 2 The theorem ow follows from lemma 32. r rak(d). 2 20

Problem Set 2 Solutions

Problem Set 2 Solutions CS271 Radomess & Computatio, Sprig 2018 Problem Set 2 Solutios Poit totals are i the margi; the maximum total umber of poits was 52. 1. Probabilistic method for domiatig sets 6pts Pick a radom subset S

More information

Lecture 11: Pseudorandom functions

Lecture 11: Pseudorandom functions COM S 6830 Cryptography Oct 1, 2009 Istructor: Rafael Pass 1 Recap Lecture 11: Pseudoradom fuctios Scribe: Stefao Ermo Defiitio 1 (Ge, Ec, Dec) is a sigle message secure ecryptio scheme if for all uppt

More information

Notes for Lecture 11

Notes for Lecture 11 U.C. Berkeley CS78: Computatioal Complexity Hadout N Professor Luca Trevisa 3/4/008 Notes for Lecture Eigevalues, Expasio, ad Radom Walks As usual by ow, let G = (V, E) be a udirected d-regular graph with

More information

Lecture 2. The Lovász Local Lemma

Lecture 2. The Lovász Local Lemma Staford Uiversity Sprig 208 Math 233A: No-costructive methods i combiatorics Istructor: Ja Vodrák Lecture date: Jauary 0, 208 Origial scribe: Apoorva Khare Lecture 2. The Lovász Local Lemma 2. Itroductio

More information

Convergence of random variables. (telegram style notes) P.J.C. Spreij

Convergence of random variables. (telegram style notes) P.J.C. Spreij Covergece of radom variables (telegram style otes).j.c. Spreij this versio: September 6, 2005 Itroductio As we kow, radom variables are by defiitio measurable fuctios o some uderlyig measurable space

More information

Math 61CM - Solutions to homework 3

Math 61CM - Solutions to homework 3 Math 6CM - Solutios to homework 3 Cédric De Groote October 2 th, 208 Problem : Let F be a field, m 0 a fixed oegative iteger ad let V = {a 0 + a x + + a m x m a 0,, a m F} be the vector space cosistig

More information

The multiplicative structure of finite field and a construction of LRC

The multiplicative structure of finite field and a construction of LRC IERG6120 Codig for Distributed Storage Systems Lecture 8-06/10/2016 The multiplicative structure of fiite field ad a costructio of LRC Lecturer: Keeth Shum Scribe: Zhouyi Hu Notatios: We use the otatio

More information

An Introduction to Randomized Algorithms

An Introduction to Randomized Algorithms A Itroductio to Radomized Algorithms The focus of this lecture is to study a radomized algorithm for quick sort, aalyze it usig probabilistic recurrece relatios, ad also provide more geeral tools for aalysis

More information

Basics of Probability Theory (for Theory of Computation courses)

Basics of Probability Theory (for Theory of Computation courses) Basics of Probability Theory (for Theory of Computatio courses) Oded Goldreich Departmet of Computer Sciece Weizma Istitute of Sciece Rehovot, Israel. oded.goldreich@weizma.ac.il November 24, 2008 Preface.

More information

Lecture 9: Expanders Part 2, Extractors

Lecture 9: Expanders Part 2, Extractors Lecture 9: Expaders Part, Extractors Topics i Complexity Theory ad Pseudoradomess Sprig 013 Rutgers Uiversity Swastik Kopparty Scribes: Jaso Perry, Joh Kim I this lecture, we will discuss further the pseudoradomess

More information

Product measures, Tonelli s and Fubini s theorems For use in MAT3400/4400, autumn 2014 Nadia S. Larsen. Version of 13 October 2014.

Product measures, Tonelli s and Fubini s theorems For use in MAT3400/4400, autumn 2014 Nadia S. Larsen. Version of 13 October 2014. Product measures, Toelli s ad Fubii s theorems For use i MAT3400/4400, autum 2014 Nadia S. Larse Versio of 13 October 2014. 1. Costructio of the product measure The purpose of these otes is to preset the

More information

Definition 4.2. (a) A sequence {x n } in a Banach space X is a basis for X if. unique scalars a n (x) such that x = n. a n (x) x n. (4.

Definition 4.2. (a) A sequence {x n } in a Banach space X is a basis for X if. unique scalars a n (x) such that x = n. a n (x) x n. (4. 4. BASES I BAACH SPACES 39 4. BASES I BAACH SPACES Sice a Baach space X is a vector space, it must possess a Hamel, or vector space, basis, i.e., a subset {x γ } γ Γ whose fiite liear spa is all of X ad

More information

Large holes in quasi-random graphs

Large holes in quasi-random graphs Large holes i quasi-radom graphs Joaa Polcy Departmet of Discrete Mathematics Adam Mickiewicz Uiversity Pozań, Polad joaska@amuedupl Submitted: Nov 23, 2006; Accepted: Apr 10, 2008; Published: Apr 18,

More information

Lecture Notes for Analysis Class

Lecture Notes for Analysis Class Lecture Notes for Aalysis Class Topological Spaces A topology for a set X is a collectio T of subsets of X such that: (a) X ad the empty set are i T (b) Uios of elemets of T are i T (c) Fiite itersectios

More information

Math 155 (Lecture 3)

Math 155 (Lecture 3) Math 55 (Lecture 3) September 8, I this lecture, we ll cosider the aswer to oe of the most basic coutig problems i combiatorics Questio How may ways are there to choose a -elemet subset of the set {,,,

More information

Polynomial identity testing and global minimum cut

Polynomial identity testing and global minimum cut CHAPTER 6 Polyomial idetity testig ad global miimum cut I this lecture we will cosider two further problems that ca be solved usig probabilistic algorithms. I the first half, we will cosider the problem

More information

On the Linear Complexity of Feedback Registers

On the Linear Complexity of Feedback Registers O the Liear Complexity of Feedback Registers A. H. Cha M. Goresky A. Klapper Northeaster Uiversity Abstract I this paper, we study sequeces geerated by arbitrary feedback registers (ot ecessarily feedback

More information

The picture in figure 1.1 helps us to see that the area represents the distance traveled. Figure 1: Area represents distance travelled

The picture in figure 1.1 helps us to see that the area represents the distance traveled. Figure 1: Area represents distance travelled 1 Lecture : Area Area ad distace traveled Approximatig area by rectagles Summatio The area uder a parabola 1.1 Area ad distace Suppose we have the followig iformatio about the velocity of a particle, how

More information

THE ASYMPTOTIC COMPLEXITY OF MATRIX REDUCTION OVER FINITE FIELDS

THE ASYMPTOTIC COMPLEXITY OF MATRIX REDUCTION OVER FINITE FIELDS THE ASYMPTOTIC COMPLEXITY OF MATRIX REDUCTION OVER FINITE FIELDS DEMETRES CHRISTOFIDES Abstract. Cosider a ivertible matrix over some field. The Gauss-Jorda elimiatio reduces this matrix to the idetity

More information

Application to Random Graphs

Application to Random Graphs A Applicatio to Radom Graphs Brachig processes have a umber of iterestig ad importat applicatios. We shall cosider oe of the most famous of them, the Erdős-Réyi radom graph theory. 1 Defiitio A.1. Let

More information

Math 216A Notes, Week 5

Math 216A Notes, Week 5 Math 6A Notes, Week 5 Scribe: Ayastassia Sebolt Disclaimer: These otes are ot early as polished (ad quite possibly ot early as correct) as a published paper. Please use them at your ow risk.. Thresholds

More information

The Boolean Ring of Intervals

The Boolean Ring of Intervals MATH 532 Lebesgue Measure Dr. Neal, WKU We ow shall apply the results obtaied about outer measure to the legth measure o the real lie. Throughout, our space X will be the set of real umbers R. Whe ecessary,

More information

6.3 Testing Series With Positive Terms

6.3 Testing Series With Positive Terms 6.3. TESTING SERIES WITH POSITIVE TERMS 307 6.3 Testig Series With Positive Terms 6.3. Review of what is kow up to ow I theory, testig a series a i for covergece amouts to fidig the i= sequece of partial

More information

4 The Sperner property.

4 The Sperner property. 4 The Sperer property. I this sectio we cosider a surprisig applicatio of certai adjacecy matrices to some problems i extremal set theory. A importat role will also be played by fiite groups. I geeral,

More information

Advanced Stochastic Processes.

Advanced Stochastic Processes. Advaced Stochastic Processes. David Gamarik LECTURE 2 Radom variables ad measurable fuctios. Strog Law of Large Numbers (SLLN). Scary stuff cotiued... Outlie of Lecture Radom variables ad measurable fuctios.

More information

Section 4.3. Boolean functions

Section 4.3. Boolean functions Sectio 4.3. Boolea fuctios Let us take aother look at the simplest o-trivial Boolea algebra, ({0}), the power-set algebra based o a oe-elemet set, chose here as {0}. This has two elemets, the empty set,

More information

Lecture 9: Pseudo-random generators against space bounded computation,

Lecture 9: Pseudo-random generators against space bounded computation, Lecture 9: Pseudo-radom geerators agaist space bouded computatio, Primality Testig Topics i Pseudoradomess ad Complexity (Sprig 2018) Rutgers Uiversity Swastik Kopparty Scribes: Harsha Tirumala, Jiyu Zhag

More information

Optimally Sparse SVMs

Optimally Sparse SVMs A. Proof of Lemma 3. We here prove a lower boud o the umber of support vectors to achieve geeralizatio bouds of the form which we cosider. Importatly, this result holds ot oly for liear classifiers, but

More information

w (1) ˆx w (1) x (1) /ρ and w (2) ˆx w (2) x (2) /ρ.

w (1) ˆx w (1) x (1) /ρ and w (2) ˆx w (2) x (2) /ρ. 2 5. Weighted umber of late jobs 5.1. Release dates ad due dates: maximimizig the weight of o-time jobs Oce we add release dates, miimizig the umber of late jobs becomes a sigificatly harder problem. For

More information

CALCULATION OF FIBONACCI VECTORS

CALCULATION OF FIBONACCI VECTORS CALCULATION OF FIBONACCI VECTORS Stuart D. Aderso Departmet of Physics, Ithaca College 953 Daby Road, Ithaca NY 14850, USA email: saderso@ithaca.edu ad Dai Novak Departmet of Mathematics, Ithaca College

More information

LECTURE 8: ORTHOGONALITY (CHAPTER 5 IN THE BOOK)

LECTURE 8: ORTHOGONALITY (CHAPTER 5 IN THE BOOK) LECTURE 8: ORTHOGONALITY (CHAPTER 5 IN THE BOOK) Everythig marked by is ot required by the course syllabus I this lecture, all vector spaces is over the real umber R. All vectors i R is viewed as a colum

More information

On Random Line Segments in the Unit Square

On Random Line Segments in the Unit Square O Radom Lie Segmets i the Uit Square Thomas A. Courtade Departmet of Electrical Egieerig Uiversity of Califoria Los Ageles, Califoria 90095 Email: tacourta@ee.ucla.edu I. INTRODUCTION Let Q = [0, 1] [0,

More information

Infinite Sequences and Series

Infinite Sequences and Series Chapter 6 Ifiite Sequeces ad Series 6.1 Ifiite Sequeces 6.1.1 Elemetary Cocepts Simply speakig, a sequece is a ordered list of umbers writte: {a 1, a 2, a 3,...a, a +1,...} where the elemets a i represet

More information

Lecture 2: April 3, 2013

Lecture 2: April 3, 2013 TTIC/CMSC 350 Mathematical Toolkit Sprig 203 Madhur Tulsiai Lecture 2: April 3, 203 Scribe: Shubhedu Trivedi Coi tosses cotiued We retur to the coi tossig example from the last lecture agai: Example. Give,

More information

6 Integers Modulo n. integer k can be written as k = qn + r, with q,r, 0 r b. So any integer.

6 Integers Modulo n. integer k can be written as k = qn + r, with q,r, 0 r b. So any integer. 6 Itegers Modulo I Example 2.3(e), we have defied the cogruece of two itegers a,b with respect to a modulus. Let us recall that a b (mod ) meas a b. We have proved that cogruece is a equivalece relatio

More information

Design and Analysis of Algorithms

Design and Analysis of Algorithms Desig ad Aalysis of Algorithms Probabilistic aalysis ad Radomized algorithms Referece: CLRS Chapter 5 Topics: Hirig problem Idicatio radom variables Radomized algorithms Huo Hogwei 1 The hirig problem

More information

It is always the case that unions, intersections, complements, and set differences are preserved by the inverse image of a function.

It is always the case that unions, intersections, complements, and set differences are preserved by the inverse image of a function. MATH 532 Measurable Fuctios Dr. Neal, WKU Throughout, let ( X, F, µ) be a measure space ad let (!, F, P ) deote the special case of a probability space. We shall ow begi to study real-valued fuctios defied

More information

Solution. 1 Solutions of Homework 1. Sangchul Lee. October 27, Problem 1.1

Solution. 1 Solutions of Homework 1. Sangchul Lee. October 27, Problem 1.1 Solutio Sagchul Lee October 7, 017 1 Solutios of Homework 1 Problem 1.1 Let Ω,F,P) be a probability space. Show that if {A : N} F such that A := lim A exists, the PA) = lim PA ). Proof. Usig the cotiuity

More information

Lecture 14: Graph Entropy

Lecture 14: Graph Entropy 15-859: Iformatio Theory ad Applicatios i TCS Sprig 2013 Lecture 14: Graph Etropy March 19, 2013 Lecturer: Mahdi Cheraghchi Scribe: Euiwoog Lee 1 Recap Bergma s boud o the permaet Shearer s Lemma Number

More information

Lecture 12: November 13, 2018

Lecture 12: November 13, 2018 Mathematical Toolkit Autum 2018 Lecturer: Madhur Tulsiai Lecture 12: November 13, 2018 1 Radomized polyomial idetity testig We will use our kowledge of coditioal probability to prove the followig lemma,

More information

Determinants of order 2 and 3 were defined in Chapter 2 by the formulae (5.1)

Determinants of order 2 and 3 were defined in Chapter 2 by the formulae (5.1) 5. Determiats 5.. Itroductio 5.2. Motivatio for the Choice of Axioms for a Determiat Fuctios 5.3. A Set of Axioms for a Determiat Fuctio 5.4. The Determiat of a Diagoal Matrix 5.5. The Determiat of a Upper

More information

Math 475, Problem Set #12: Answers

Math 475, Problem Set #12: Answers Math 475, Problem Set #12: Aswers A. Chapter 8, problem 12, parts (b) ad (d). (b) S # (, 2) = 2 2, sice, from amog the 2 ways of puttig elemets ito 2 distiguishable boxes, exactly 2 of them result i oe

More information

CS284A: Representations and Algorithms in Molecular Biology

CS284A: Representations and Algorithms in Molecular Biology CS284A: Represetatios ad Algorithms i Molecular Biology Scribe Notes o Lectures 3 & 4: Motif Discovery via Eumeratio & Motif Represetatio Usig Positio Weight Matrix Joshua Gervi Based o presetatios by

More information

The Binomial Theorem

The Binomial Theorem The Biomial Theorem Robert Marti Itroductio The Biomial Theorem is used to expad biomials, that is, brackets cosistig of two distict terms The formula for the Biomial Theorem is as follows: (a + b ( k

More information

Discrete Mathematics for CS Spring 2007 Luca Trevisan Lecture 22

Discrete Mathematics for CS Spring 2007 Luca Trevisan Lecture 22 CS 70 Discrete Mathematics for CS Sprig 2007 Luca Trevisa Lecture 22 Aother Importat Distributio The Geometric Distributio Questio: A biased coi with Heads probability p is tossed repeatedly util the first

More information

Injections, Surjections, and the Pigeonhole Principle

Injections, Surjections, and the Pigeonhole Principle Ijectios, Surjectios, ad the Pigeohole Priciple 1 (10 poits Here we will come up with a sloppy boud o the umber of parethesisestigs (a (5 poits Describe a ijectio from the set of possible ways to est pairs

More information

Lecture 3: August 31

Lecture 3: August 31 36-705: Itermediate Statistics Fall 018 Lecturer: Siva Balakrisha Lecture 3: August 31 This lecture will be mostly a summary of other useful expoetial tail bouds We will ot prove ay of these i lecture,

More information

# fixed points of g. Tree to string. Repeatedly select the leaf with the smallest label, write down the label of its neighbour and remove the leaf.

# fixed points of g. Tree to string. Repeatedly select the leaf with the smallest label, write down the label of its neighbour and remove the leaf. Combiatorics Graph Theory Coutig labelled ad ulabelled graphs There are 2 ( 2) labelled graphs of order. The ulabelled graphs of order correspod to orbits of the actio of S o the set of labelled graphs.

More information

Rademacher Complexity

Rademacher Complexity EECS 598: Statistical Learig Theory, Witer 204 Topic 0 Rademacher Complexity Lecturer: Clayto Scott Scribe: Ya Deg, Kevi Moo Disclaimer: These otes have ot bee subjected to the usual scrutiy reserved for

More information

Ma/CS 6b Class 19: Extremal Graph Theory

Ma/CS 6b Class 19: Extremal Graph Theory /9/05 Ma/CS 6b Class 9: Extremal Graph Theory Paul Turá By Adam Sheffer Extremal Graph Theory The subfield of extremal graph theory deals with questios of the form: What is the maximum umber of edges that

More information

TEACHER CERTIFICATION STUDY GUIDE

TEACHER CERTIFICATION STUDY GUIDE COMPETENCY 1. ALGEBRA SKILL 1.1 1.1a. ALGEBRAIC STRUCTURES Kow why the real ad complex umbers are each a field, ad that particular rigs are ot fields (e.g., itegers, polyomial rigs, matrix rigs) Algebra

More information

Balanced coloring of bipartite graphs

Balanced coloring of bipartite graphs Balaced colorig of bipartite graphs Uriel Feige Shimo Koga Departmet of Computer Sciece ad Applied Mathematics Weizma Istitute, Rehovot 76100, Israel uriel.feige@weizma.ac.il Jue 16, 009 Abstract Give

More information

Recursive Algorithms. Recurrences. Recursive Algorithms Analysis

Recursive Algorithms. Recurrences. Recursive Algorithms Analysis Recursive Algorithms Recurreces Computer Sciece & Egieerig 35: Discrete Mathematics Christopher M Bourke cbourke@cseuledu A recursive algorithm is oe i which objects are defied i terms of other objects

More information

CHAPTER I: Vector Spaces

CHAPTER I: Vector Spaces CHAPTER I: Vector Spaces Sectio 1: Itroductio ad Examples This first chapter is largely a review of topics you probably saw i your liear algebra course. So why cover it? (1) Not everyoe remembers everythig

More information

1 Approximating Integrals using Taylor Polynomials

1 Approximating Integrals using Taylor Polynomials Seughee Ye Ma 8: Week 7 Nov Week 7 Summary This week, we will lear how we ca approximate itegrals usig Taylor series ad umerical methods. Topics Page Approximatig Itegrals usig Taylor Polyomials. Defiitios................................................

More information

7.1 Convergence of sequences of random variables

7.1 Convergence of sequences of random variables Chapter 7 Limit Theorems Throughout this sectio we will assume a probability space (, F, P), i which is defied a ifiite sequece of radom variables (X ) ad a radom variable X. The fact that for every ifiite

More information

Chapter 10: Power Series

Chapter 10: Power Series Chapter : Power Series 57 Chapter Overview: Power Series The reaso series are part of a Calculus course is that there are fuctios which caot be itegrated. All power series, though, ca be itegrated because

More information

The Growth of Functions. Theoretical Supplement

The Growth of Functions. Theoretical Supplement The Growth of Fuctios Theoretical Supplemet The Triagle Iequality The triagle iequality is a algebraic tool that is ofte useful i maipulatig absolute values of fuctios. The triagle iequality says that

More information

Lecture Overview. 2 Permutations and Combinations. n(n 1) (n (k 1)) = n(n 1) (n k + 1) =

Lecture Overview. 2 Permutations and Combinations. n(n 1) (n (k 1)) = n(n 1) (n k + 1) = COMPSCI 230: Discrete Mathematics for Computer Sciece April 8, 2019 Lecturer: Debmalya Paigrahi Lecture 22 Scribe: Kevi Su 1 Overview I this lecture, we begi studyig the fudametals of coutig discrete objects.

More information

b i u x i U a i j u x i u x j

b i u x i U a i j u x i u x j M ath 5 2 7 Fall 2 0 0 9 L ecture 1 9 N ov. 1 6, 2 0 0 9 ) S ecod- Order Elliptic Equatios: Weak S olutios 1. Defiitios. I this ad the followig two lectures we will study the boudary value problem Here

More information

Lecture 12: September 27

Lecture 12: September 27 36-705: Itermediate Statistics Fall 207 Lecturer: Siva Balakrisha Lecture 2: September 27 Today we will discuss sufficiecy i more detail ad the begi to discuss some geeral strategies for costructig estimators.

More information

Chapter 3. Strong convergence. 3.1 Definition of almost sure convergence

Chapter 3. Strong convergence. 3.1 Definition of almost sure convergence Chapter 3 Strog covergece As poited out i the Chapter 2, there are multiple ways to defie the otio of covergece of a sequece of radom variables. That chapter defied covergece i probability, covergece i

More information

Math 778S Spectral Graph Theory Handout #3: Eigenvalues of Adjacency Matrix

Math 778S Spectral Graph Theory Handout #3: Eigenvalues of Adjacency Matrix Math 778S Spectral Graph Theory Hadout #3: Eigevalues of Adjacecy Matrix The Cartesia product (deoted by G H) of two simple graphs G ad H has the vertex-set V (G) V (H). For ay u, v V (G) ad x, y V (H),

More information

A Hadamard-type lower bound for symmetric diagonally dominant positive matrices

A Hadamard-type lower bound for symmetric diagonally dominant positive matrices A Hadamard-type lower boud for symmetric diagoally domiat positive matrices Christopher J. Hillar, Adre Wibisoo Uiversity of Califoria, Berkeley Jauary 7, 205 Abstract We prove a ew lower-boud form of

More information

Bertrand s Postulate

Bertrand s Postulate Bertrad s Postulate Lola Thompso Ross Program July 3, 2009 Lola Thompso (Ross Program Bertrad s Postulate July 3, 2009 1 / 33 Bertrad s Postulate I ve said it oce ad I ll say it agai: There s always a

More information

CHAPTER 5. Theory and Solution Using Matrix Techniques

CHAPTER 5. Theory and Solution Using Matrix Techniques A SERIES OF CLASS NOTES FOR 2005-2006 TO INTRODUCE LINEAR AND NONLINEAR PROBLEMS TO ENGINEERS, SCIENTISTS, AND APPLIED MATHEMATICIANS DE CLASS NOTES 3 A COLLECTION OF HANDOUTS ON SYSTEMS OF ORDINARY DIFFERENTIAL

More information

Zeros of Polynomials

Zeros of Polynomials Math 160 www.timetodare.com 4.5 4.6 Zeros of Polyomials I these sectios we will study polyomials algebraically. Most of our work will be cocered with fidig the solutios of polyomial equatios of ay degree

More information

UC Berkeley CS 170: Efficient Algorithms and Intractable Problems Handout 17 Lecturer: David Wagner April 3, Notes 17 for CS 170

UC Berkeley CS 170: Efficient Algorithms and Intractable Problems Handout 17 Lecturer: David Wagner April 3, Notes 17 for CS 170 UC Berkeley CS 170: Efficiet Algorithms ad Itractable Problems Hadout 17 Lecturer: David Wager April 3, 2003 Notes 17 for CS 170 1 The Lempel-Ziv algorithm There is a sese i which the Huffma codig was

More information

Random Walks on Discrete and Continuous Circles. by Jeffrey S. Rosenthal School of Mathematics, University of Minnesota, Minneapolis, MN, U.S.A.

Random Walks on Discrete and Continuous Circles. by Jeffrey S. Rosenthal School of Mathematics, University of Minnesota, Minneapolis, MN, U.S.A. Radom Walks o Discrete ad Cotiuous Circles by Jeffrey S. Rosethal School of Mathematics, Uiversity of Miesota, Mieapolis, MN, U.S.A. 55455 (Appeared i Joural of Applied Probability 30 (1993), 780 789.)

More information

A Note on Matrix Rigidity

A Note on Matrix Rigidity A Note o Matrix Rigidity Joel Friedma Departmet of Computer Sciece Priceto Uiversity Priceto, NJ 08544 Jue 25, 1990 Revised October 25, 1991 Abstract I this paper we give a explicit costructio of matrices

More information

7.1 Convergence of sequences of random variables

7.1 Convergence of sequences of random variables Chapter 7 Limit theorems Throughout this sectio we will assume a probability space (Ω, F, P), i which is defied a ifiite sequece of radom variables (X ) ad a radom variable X. The fact that for every ifiite

More information

Riesz-Fischer Sequences and Lower Frame Bounds

Riesz-Fischer Sequences and Lower Frame Bounds Zeitschrift für Aalysis ud ihre Aweduge Joural for Aalysis ad its Applicatios Volume 1 (00), No., 305 314 Riesz-Fischer Sequeces ad Lower Frame Bouds P. Casazza, O. Christese, S. Li ad A. Lider Abstract.

More information

Randomized Algorithms I, Spring 2018, Department of Computer Science, University of Helsinki Homework 1: Solutions (Discussed January 25, 2018)

Randomized Algorithms I, Spring 2018, Department of Computer Science, University of Helsinki Homework 1: Solutions (Discussed January 25, 2018) Radomized Algorithms I, Sprig 08, Departmet of Computer Sciece, Uiversity of Helsiki Homework : Solutios Discussed Jauary 5, 08). Exercise.: Cosider the followig balls-ad-bi game. We start with oe black

More information

Largest families without an r-fork

Largest families without an r-fork Largest families without a r-for Aalisa De Bois Uiversity of Salero Salero, Italy debois@math.it Gyula O.H. Katoa Réyi Istitute Budapest, Hugary ohatoa@reyi.hu Itroductio Let [] = {,,..., } be a fiite

More information

The Random Walk For Dummies

The Random Walk For Dummies The Radom Walk For Dummies Richard A Mote Abstract We look at the priciples goverig the oe-dimesioal discrete radom walk First we review five basic cocepts of probability theory The we cosider the Beroulli

More information

Resolution Proofs of Generalized Pigeonhole Principles

Resolution Proofs of Generalized Pigeonhole Principles Resolutio Proofs of Geeralized Pigeohole Priciples Samuel R. Buss Departmet of Mathematics Uiversity of Califoria, Berkeley Győrgy Turá Departmet of Mathematics, Statistics, ad Computer Sciece Uiversity

More information

Disjoint Systems. Abstract

Disjoint Systems. Abstract Disjoit Systems Noga Alo ad Bey Sudaov Departmet of Mathematics Raymod ad Beverly Sacler Faculty of Exact Scieces Tel Aviv Uiversity, Tel Aviv, Israel Abstract A disjoit system of type (,,, ) is a collectio

More information

Lecture Notes for CS 313H, Fall 2011

Lecture Notes for CS 313H, Fall 2011 Lecture Notes for CS 313H, Fall 011 August 5. We start by examiig triagular umbers: T () = 1 + + + ( = 0, 1,,...). Triagular umbers ca be also defied recursively: T (0) = 0, T ( + 1) = T () + + 1, or usig

More information

2 Markov Chain Monte Carlo Sampling

2 Markov Chain Monte Carlo Sampling 22 Part I. Markov Chais ad Stochastic Samplig Figure 10: Hard-core colourig of a lattice. 2 Markov Chai Mote Carlo Samplig We ow itroduce Markov chai Mote Carlo (MCMC) samplig, which is a extremely importat

More information

Lecture 4: April 10, 2013

Lecture 4: April 10, 2013 TTIC/CMSC 1150 Mathematical Toolkit Sprig 01 Madhur Tulsiai Lecture 4: April 10, 01 Scribe: Haris Agelidakis 1 Chebyshev s Iequality recap I the previous lecture, we used Chebyshev s iequality to get a

More information

Machine Learning Theory Tübingen University, WS 2016/2017 Lecture 12

Machine Learning Theory Tübingen University, WS 2016/2017 Lecture 12 Machie Learig Theory Tübige Uiversity, WS 06/07 Lecture Tolstikhi Ilya Abstract I this lecture we derive risk bouds for kerel methods. We will start by showig that Soft Margi kerel SVM correspods to miimizig

More information

Week 5-6: The Binomial Coefficients

Week 5-6: The Binomial Coefficients Wee 5-6: The Biomial Coefficiets March 6, 2018 1 Pascal Formula Theorem 11 (Pascal s Formula For itegers ad such that 1, ( ( ( 1 1 + 1 The umbers ( 2 ( 1 2 ( 2 are triagle umbers, that is, The petago umbers

More information

ECE 901 Lecture 12: Complexity Regularization and the Squared Loss

ECE 901 Lecture 12: Complexity Regularization and the Squared Loss ECE 90 Lecture : Complexity Regularizatio ad the Squared Loss R. Nowak 5/7/009 I the previous lectures we made use of the Cheroff/Hoeffdig bouds for our aalysis of classifier errors. Hoeffdig s iequality

More information

CALCULATING FIBONACCI VECTORS

CALCULATING FIBONACCI VECTORS THE GENERALIZED BINET FORMULA FOR CALCULATING FIBONACCI VECTORS Stuart D Aderso Departmet of Physics, Ithaca College 953 Daby Road, Ithaca NY 14850, USA email: saderso@ithacaedu ad Dai Novak Departmet

More information

Stochastic Matrices in a Finite Field

Stochastic Matrices in a Finite Field Stochastic Matrices i a Fiite Field Abstract: I this project we will explore the properties of stochastic matrices i both the real ad the fiite fields. We first explore what properties 2 2 stochastic matrices

More information

Axioms of Measure Theory

Axioms of Measure Theory MATH 532 Axioms of Measure Theory Dr. Neal, WKU I. The Space Throughout the course, we shall let X deote a geeric o-empty set. I geeral, we shall ot assume that ay algebraic structure exists o X so that

More information

EECS564 Estimation, Filtering, and Detection Hwk 2 Solns. Winter p θ (z) = (2θz + 1 θ), 0 z 1

EECS564 Estimation, Filtering, and Detection Hwk 2 Solns. Winter p θ (z) = (2θz + 1 θ), 0 z 1 EECS564 Estimatio, Filterig, ad Detectio Hwk 2 Sols. Witer 25 4. Let Z be a sigle observatio havig desity fuctio where. p (z) = (2z + ), z (a) Assumig that is a oradom parameter, fid ad plot the maximum

More information

Independence number of graphs with a prescribed number of cliques

Independence number of graphs with a prescribed number of cliques Idepedece umber of graphs with a prescribed umber of cliques Tom Bohma Dhruv Mubayi Abstract We cosider the followig problem posed by Erdős i 1962. Suppose that G is a -vertex graph where the umber of

More information

Fall 2013 MTH431/531 Real analysis Section Notes

Fall 2013 MTH431/531 Real analysis Section Notes Fall 013 MTH431/531 Real aalysis Sectio 8.1-8. Notes Yi Su 013.11.1 1. Defiitio of uiform covergece. We look at a sequece of fuctios f (x) ad study the coverget property. Notice we have two parameters

More information

1 Review and Overview

1 Review and Overview CS9T/STATS3: Statistical Learig Theory Lecturer: Tegyu Ma Lecture #6 Scribe: Jay Whag ad Patrick Cho October 0, 08 Review ad Overview Recall i the last lecture that for ay family of scalar fuctios F, we

More information

A Block Cipher Using Linear Congruences

A Block Cipher Using Linear Congruences Joural of Computer Sciece 3 (7): 556-560, 2007 ISSN 1549-3636 2007 Sciece Publicatios A Block Cipher Usig Liear Cogrueces 1 V.U.K. Sastry ad 2 V. Jaaki 1 Academic Affairs, Sreeidhi Istitute of Sciece &

More information

Singular Continuous Measures by Michael Pejic 5/14/10

Singular Continuous Measures by Michael Pejic 5/14/10 Sigular Cotiuous Measures by Michael Peic 5/4/0 Prelimiaries Give a set X, a σ-algebra o X is a collectio of subsets of X that cotais X ad ad is closed uder complemetatio ad coutable uios hece, coutable

More information

LONG SNAKES IN POWERS OF THE COMPLETE GRAPH WITH AN ODD NUMBER OF VERTICES

LONG SNAKES IN POWERS OF THE COMPLETE GRAPH WITH AN ODD NUMBER OF VERTICES J Lodo Math Soc (2 50, (1994, 465 476 LONG SNAKES IN POWERS OF THE COMPLETE GRAPH WITH AN ODD NUMBER OF VERTICES Jerzy Wojciechowski Abstract I [5] Abbott ad Katchalski ask if there exists a costat c >

More information

Lecture 1: Basic problems of coding theory

Lecture 1: Basic problems of coding theory Lecture 1: Basic problems of codig theory Error-Correctig Codes (Sprig 016) Rutgers Uiversity Swastik Kopparty Scribes: Abhishek Bhrushudi & Aditya Potukuchi Admiistrivia was discussed at the begiig of

More information

Apply change-of-basis formula to rewrite x as a linear combination of eigenvectors v j.

Apply change-of-basis formula to rewrite x as a linear combination of eigenvectors v j. Eigevalue-Eigevector Istructor: Nam Su Wag eigemcd Ay vector i real Euclidea space of dimesio ca be uiquely epressed as a liear combiatio of liearly idepedet vectors (ie, basis) g j, j,,, α g α g α g α

More information

Lecture 3 The Lebesgue Integral

Lecture 3 The Lebesgue Integral Lecture 3: The Lebesgue Itegral 1 of 14 Course: Theory of Probability I Term: Fall 2013 Istructor: Gorda Zitkovic Lecture 3 The Lebesgue Itegral The costructio of the itegral Uless expressly specified

More information

Lecture 14: Randomized Computation (cont.)

Lecture 14: Randomized Computation (cont.) CSE 200 Computability ad Complexity Wedesday, May 15, 2013 Lecture 14: Radomized Computatio (cot.) Istructor: Professor Shachar Lovett Scribe: Dogcai She 1 Radmized Algorithm Examples 1.1 The k-th Elemet

More information

Lecture 4: Unique-SAT, Parity-SAT, and Approximate Counting

Lecture 4: Unique-SAT, Parity-SAT, and Approximate Counting Advaced Complexity Theory Sprig 206 Lecture 4: Uique-SAT, Parity-SAT, ad Approximate Coutig Prof. Daa Moshkovitz Scribe: Aoymous Studet Scribe Date: Fall 202 Overview I this lecture we begi talkig about

More information

Math 2784 (or 2794W) University of Connecticut

Math 2784 (or 2794W) University of Connecticut ORDERS OF GROWTH PAT SMITH Math 2784 (or 2794W) Uiversity of Coecticut Date: Mar. 2, 22. ORDERS OF GROWTH. Itroductio Gaiig a ituitive feel for the relative growth of fuctios is importat if you really

More information

Chapter 4. Fourier Series

Chapter 4. Fourier Series Chapter 4. Fourier Series At this poit we are ready to ow cosider the caoical equatios. Cosider, for eample the heat equatio u t = u, < (4.) subject to u(, ) = si, u(, t) = u(, t) =. (4.) Here,

More information