On ε-biased Generators in NC 0
|
|
- Anthony Tucker
- 5 years ago
- Views:
Transcription
1 O ε-biased Geerators i NC 0 Elchaa Mossel Amir Shpilka Luca Trevisa August 15, 2005 Abstract Crya ad Milterse [8] recetly cosidered the questio of whether there ca be a pseudoradom geerator i NC 0, that is, a pseudoradom geerator that maps -bit strigs to m-bit strigs such that every bit of the output depeds o a costat umber k of bits of the seed. They show that for k = 3, if m 4 + 1, there is a distiguisher; i fact, they show that i this case it is possible to break the geerator with a liear test, that is, there is a subset of bits of the output whose XOR has a oticeable bias. They leave the questio ope for k 4. I fact they ask whether every NC 0 geerator ca be broke by a statistical test that simply XORs some bits of the iput. Equivaletly, is it the case that o NC 0 geerator ca sample a ε-biased space with egligible ε? We give a geerator for k = 5 that maps bits ito c bits, so that every bit of the output depeds o 5 bits of the seed, ad the XOR of every subset of the bits of the output has bias 2 Ω(/c4). For large values of k, we 1 costruct geerators that map bits to Ω( k) bits such that every XOR of outputs has bias 2 2 k. We also preset a polyomial-time distiguisher for k = 4, m 24 havig costat distiguishig probability. For large values of k we show that a liear distiguisher with a costat distiguishig probability exists oce m Ω(2 k k/2 ). Fially, we cosider a variat of the problem where each of the output bits is a degree k polyomial i the iputs. We show there exists a degree k = 2 pseudoradom geerator for which the XOR of every subset of the outputs has bias 2 Ω() ad which maps bits to Ω( 2 ) bits. 1 Itroductio A pseudoradom geerator is a efficiet determiistic procedure that maps a shorter radom iput ito a loger output that is idistiguishable from the uiform distributio by resource-bouded observers. A formalizatio of the above iformal defiitio is to cosider polyomial-time procedures G mappig bits ito m() > bits such that for every property P computable by a family of polyomial-size circuits we have that the quatity Pr [P(z) = 1] Pr z {0,1} m() x {0,1} [P(G(x))] Departmet of Statistics, U.C. Berkeley, CA mossel@stat.berkeley.edu. Supported by a Miller fellowship i Statistics ad Computer Sciece, by a Sloa fellowship i Mathematics ad by NSF grat DMS Departmet of Computer Sciece ad Applied Mathematics, Weizma Istitute of Sciece, Rehovot, Israel. amir.shpilka@weizma.ac.il. Supported by Natioal Security Agecy (NSA) ad Advaced Research ad Developmet Activity (ARDA) uder Research Office (ARO) cotract o. DAAD , ad by the Koshlad fellowship. Computer Sciece Divisio, U.C. Berkeley, CA luca@cs.berkeley.edu. Supported by NSF Grat CCR /CCR , US-Israel BSF grat , a Sloa Research Fellowship ad a Okawa Foudatio Grat. 1
2 goes to zero faster tha ay iverse polyomial i. The existece of such a procedure G is equivalet to the existece of oe-way fuctios [15], pseudoradom fuctios [11] ad pseudoradom permutatios [23]. What are the miimal computatioal requiremets eeded to compute a pseudoradom geerator? Liial et al. [20] prove that pseudoradom fuctios caot be computed i AC 0 (costat-depth circuits with NOT gates ad ubouded fa-i AND ad OR gates). To be precise, the results i [20] oly rule out security agaist adversaries ruig i time O( (log )O(1) ). Their result does ot rule out the possibility that pseudoradom geerators could be computed i AC 0, sice the trasformatio of pseudoradom geerators ito pseudoradom fuctios does ot preserve bouded-depth. Kharitoov [19] shows that a pseudoradom geerator with superliear stretch ca be computed i NC 1, that is, it ca be computed by a circuit of polyomial size, logarithmic depth, ad gates of costat fa-i. (It is kow that NC 1 properly cotais AC 0.) Impagliazzo ad Naor [17] preset a cadidate pseudoradom geerator i AC 0. Goldreich [12] suggests a cadidate oe-way fuctio i NC 0. Recall that NC 0 is the class of fuctios computed by boudeddepth circuits with NOT gates ad bouded fa-i AND ad OR gates. I a NC 0 fuctio, every bit of the output depeds o a costat umber of bits of the iputs. While it is easy to see that there ca be o oe-way fuctio such that every bit of the output depeds o oly two bits of the iput (as fidig a iverse ca be formulated as a 2SAT problem) it still remais ope whether there ca be a oe-way fuctio such that every bit of the output depeds o oly three bits of the iput. Applebaum et al. [1] have very recetly provided evidece that such oe-way fuctios exist. Crya ad Milterse [8] cosider the questio of whether there ca be pseudoradom geerators i NC 0, that is, whether there ca be a pseudoradom geerator such that every bit of the output depeds oly o a costat k umber of bits of the iput. They preset a distiguisher i the case k = 3, m > 4, ad they observe that their distiguisher is a liear distiguisher, that is, it simply XORs a subset of the bits of the output. Crya ad Milterse ask whether there is ay pseudoradom geerator i NC 0 whe m is superliear i. Specifically, they ask whether the followig is the case: that for every costat k, ad for every geerator for which m is super-liear i ad for which every output bit depeds o at most k bits of the iput, a liear distiguisher exists. I order to formulate a equivalet versio of this problem, we itroduce the otio of a ε-biased distributio. Defiitio 1. For ε > 0, we say that a radom variable X = (X 1,...,X m ) ragig over {0, 1} m is ε-biased if for every subset S [m] we have 1/2 ε Pr[ i S X i = 0] 1/2 + ε. It is kow [27, 3] that a ε-biased distributio ca be sampled by usig oly O(log(m/ε)) radom bits, which is tight up to the costat i the big-oh. The problem of [8] ca therefore be formulated by askig whether there exists ay ε-biased geerator i NC 0 that samples a m-bit ε-biased distributio startig from, say, o(m) radom bits ad a egligible ε. Our Results We first exted the result of Crya ad Milterse by givig a (o liear) distiguisher for the case k = 4, m 24. Theorem 2. Let G = (g 1,..., g m ) : {0, 1} {0, 1} m be a map such that each g i depeds o at most 4 coordiates of the iput ad m 24. The there exists a polyomial time algorithm which distiguishes betwee G ad a radom strig with costat distiguishig probability. More precisely, the algorithm will output yes for the output of the geerator G with probability Ω(1), ad for a radom strig with probability e Ω(m). Our distiguisher has a costat distiguishig probability, which we show to be impossible to achieve with liear distiguishers. Our distiguisher uses semidefiite programmig ad uses a idea similar to the correlatio attacks used i practice agaist stream ciphers. 2
3 ( For all k, it is trivial that a distiguisher exists for m 2 2k k) (the umber of fuctios o k bits), ad it is easy to see that a distiguisher exist whe m k ( k) (as there is a liear depedece amog the output bits i this case). We show usig a duality lemma prove i [25] that i fact, a distiguisher with a costat distiguishig probability exists oce m Ω(2 k k/2 ) by provig Theorem 3. For every iteger 0 < k ad ay 0 < ε < 2 2k 1, if G = (g 1,...,g m ) is a ε-biased pseudoradom geerator, where each of the g i s deped o at most k bits, the k 2 ( ) ( ) m 2 2(k t) k2 2k t k 2. t=0 The we preset a ε-biased geerator mappig bits ito c bits such that ε = 1/2 Ω(/c4) ad every bit of the output depeds oly o k = 5 bits of the seed, i.e., we prove Theorem 4. For every c ad sufficietly large, there is a geerator i NC 0 5 mappig bits ito c bits ad samplig a ε-biased distributio, where ε = 2 /O(c4). The mai idea i the costructio is to develop a geerator with k = 3 that hadles well liear tests that XOR a small umber of bits, ad the develop a geerator with k = 2 that hadles well liear tests that XOR a large umber of bits. The fial geerator outputs the bitwise XOR of the outputs of the two geerators, o two idepedet seeds. The geerator uses a kid of uique-eighbor expader graphs that are show to exist usig the probabilistic method, but that are ot kow to be efficietly costructible, so the geerator is i NC 0 but ot i uiform NC 0. Later we preset similar costructios for large values of k. We write f(, k) = O k (g()) if f(, k) h(k)g() for some fuctio h; similarly we will use the otatio o k. Theorem 5. Let k be a positive iteger. There exists a ε-biased geerator i NC 0 k from bits to ( ) k 6 k 2 3 = k( 1 2 o k(1)) bits whose bias, ε, is at most exp ( 1 2 k 4 2 k ). Note the gap for large values of k betwee our costructios that output ( k/2)(1 o k (1)) bits, ad the bouds showig a distiguisher exists for geerators that output (k/2)(1+o k(1)) bits. Fially, we begi a study of the questio of whether there are pseudoradom geerators with superliear stretch such that each bit of the output is a fuctio of the seed expressible as a degree-k polyomial over GF(2), where k is a costat. This is a geeralizatio of the mai questio addressed i this paper, sice a fuctio depedig o oly k iputs ca always be expressed as a degree-k polyomial. Furthermore, low-degree polyomials are a stadard class of low complexity fuctios from a algebraic perspective. I our NC 0 5 costructio of a ε-biased geerator with expoetially small ε ad superliear stretch, every bit of the output is a degree-2 polyomial. We show that Theorem 6. 1 m there exists a ε-biased geerator G = (g 1,..., g t ) : {0, 1} {0, 1} t, t = 2 m, such that g i is a degree 2 polyomial, ad the bias of ay o trivial liear combiatio of the g i s is at most 2 2m 4. 3
4 Later Results ad Ope Questios Applebaum et al. [1] have recetly made substatial progress o the mai questios left ope by our work about the cases k = 3, 4. I the case k = 3, Applebaum et al. [1] preset a costructio of a ε-biased geerator with m = (1 + α), where α > 0 is a absolute costat. They also show that uder relatively geeral assumptios, there are oe-way fuctios such that every bit of the output depeds o oly 3 bits of the iput. I the case k = 4, Applebaum et al. [1] preset a costructio of a pseudoradom geerator with m = + α, where α ca be chose to be ay costat smaller tha 1. The geerator is secure uder the assumptio that there exists pseudoradom geerators i L/poly, which is a fairly geeral assumptio. It remais ope whether a cryptographically strog geerator ca be realized i the case k = 3, whether a cryptographically strog geerator with liear stretch ca be realized i the case k = 4, ad whether a cryptographically strog geerator with superliear stretch ca be realized i the case k = 5. Aother importat ope problem which may be more accessible is to uderstad the right asymptotic for ε-biased geerators for large k. It is temptig to cojecture that either the upper boud O(k) or the lower boud Ω( k) is actually tight. Orgaizatio I sectio 2 we review the aalysis for the case k = 3 of [8]. I sectio 3 we give a distiguisher for the case k = 4. I sectio 4 we prove a upper boud o the legth of the output of a ε-biased geerator i NC 0 k. I sectio 5 we costruct a ε-biased geerator for the cases k = 4, 5. The results for larger k are discussed i sectio 6. I sectio 7 we explicitly costruct a ε-biased geerator such that every bit of the output is a polyomial of degree 2. A exteded abstract reportig o the results here appeared i [26]. 2 Review of the Case k = 3 I this sectio we summarize the mai result of [8]. We also geeralize some of the argumets of [8] that are eeded for our results. 2.1 Prelimiaries We say that a fuctio g : {0, 1} {0, 1} is balaced if Pr[g(x) = 1] = 1/2. We say that a fuctio g : {0, 1} x {0, 1} is ubiased towards a fuctio f : {0, 1} {0, 1} if Pr[g(x) = f(x)] = 1/2, ad that it is biased towards x f (or correlated with f) otherwise. A fuctio g : {0, 1} {0, 1} is affie if there are values a 0,...,a {0, 1} such that g(x 1,...,x ) = a 0 a 1 x 1... a x, it is o-affie otherwise. The followig lemma was proved by case aalysis for k = 3 i [8], ad the case k = 4 could also be derived from a case aalysis appearig i [8] (but it is ot explicitly stated). The proof of the geeral case follows usig the Fourier represetatio of boolea fuctios. The Fourier represetatio is easier to work with whe cosiderig fuctios from {±1} {±1}. For a boolea fuctio f : {0, 1} k {0, 1} we write F for the fuctio F : {±1} k {±1} defied as F(( 1) x 1,..., ( 1) x k ) = ( 1) f(x 1,...,x k ). (1) 4
5 For the boolea fuctios f, g, h discussed i this sectio, the fuctios F, G, H will be the correspodig mappigs to {±1}. For a set S [k], we let U S : {±1} k {±1} be defied as U S (X) = i S X i, that is U S is the character correspodig to S. It is well kow that {U S } S [k] is a orthoormal basis for the space of fuctios from {±1} k to R with respect to the ier product < F, G >= 1 2 k x {0,1} k F(x) G(x). We write F(X) = S ˆF(S)U S (X) for the represetatio of F i the basis {U S }. Because of orthoormality, the coefficiets ˆF(S) satisfy the relatio ˆF =< F, U S >. Note that if f, g are boolea fuctios ad F, G are defied as i (1), the Pr[f(x) = g(x)] = Pr[F(x) = G(x)] = 1/2 + 1/2 < F, G >. I particular, f ad g are correlated if ad oly if < F, G > 0. Lemma 7. Let g : {0, 1} {0, 1} be a o-affie fuctio that depeds o oly k variables. The There exists a affie fuctio o at most k 2 variables that is correlated with g. Let l be the affie fuctio that is biased towards g ad that depeds o a miimal umber of variables. That is, for some d, l depeds o d variables, Pr[g(x) = l(x)] > 1/2, ad g is ubiased towards affie fuctios that x deped o less tha d variables. The Pr x [g(x) = l(x)] 1/2 + 2 d k. Proof. Let f : {0, 1} k {0, 1} be a o-affie fuctio. We prove that there exists a set S of size at most k 2 such that ˆF(S) 0. This implies that F is correlated with U S ad therefore that f is correlated with i S x i as eeded. Look at the fuctio h(x 1,...,x k ) = f(x 1,...,x k ) k i=1 x i. Sice f is o-affie, h is ot a costat fuctio. Let H be the {±1} represetatio of h. As the {±1} represetatio of k i=1 x i is U [k], we get that H has the Fourier represetatio H = U [k] F = U [k] ˆF(S)U S = ˆF(S)U [k]\s = ˆF([k] \ S)U S. S S [k] S [k] It therefore suffices to prove that U [k] F has a coefficiet ˆF(S) 0 with S 2. We will prove that ay fuctio which depeds o more tha oe bit, has a o-zero coefficiet with S 2. This will prove the first part, sice if h depeds o at most oe bit the f is affie. Ideed, assume the cotradictio F = a 0 + i a i U {i} For a ± vector X, write X i for the vector where the i th coordiate of X is multiplied by 1. Note that for all i ad all X, it holds that 2a i = F(X) F(X i ) {0, ±2}, which implies that a i {0, ±1}. Parseval s iequality implies that a 2 i = 1. We therefore coclude that F(X) depeds o oe bit as eeded. This completes the proof of the first claim. Note that f is correlated with i S x i if ad oly if ˆF(S) 0. Moreover, Pr[f(x) = i S x i ] = 1 + ˆF(S). 2 5
6 The claim will therefore follow oce we prove that if F = S d ˆF(S)U S, ad ˆF(S) 0 for a set S of size d, the ˆF(S) 2 d+1 k. By lookig at U [k] F istead of F, it suffices to prove that if F = S k d ˆF(S)U S, (2) ad S is a set of size k d such that ˆF(S ) 0, the ˆF(S ) 2 d k+1. I order to prove the last claim, defie A(X) = T S ( 1) T F(X T ) = T S ( 1) T S [k] ˆF(S)U S (X T ) = S [k] ˆF(S) T S ( 1) T U S (X T ), where X T is X where the coordiates at T are flipped (multiplied by 1). It is the clear that A obtais a eve iteger value i the iterval [ 2 k d, 2 k d ]. O the other had, if S does ot cotai S ad j S \ S, the for all X T S ( 1) T U S (X T ) = = T S,j / T T S,j / T ( 1) T U S (X T ) + Sice ˆF(S) = 0 for all S strictly cotaiig S, it follows that A(X) = ˆF(S ) T S,j T ( 1) T U S (X T ) U S (X T )(( 1) T + ( 1) T +1 ) = 0. T S ( 1) T u S (X T ) = 2 k d ˆF(S )u S (X). We therefore coclude that ˆF(S ) is of the form 2i, for some iteger i [ 2 k d 1, 2 k d 1 ]. I particular, 2 k d sice ˆF(S ) 0, it follows that ˆF(S ) 2 d+k+1 as eeded. For example, for k = 3, a o-affie fuctio g is either ubalaced, or it is biased towards oe of its iputs; i the latter case it agrees with a iput bit (or with its complemet) with probability at least 3/4. For k = 4, a fuctio g either is affie, or it is ubalaced, or it has agreemet at least 5/8 with a affie fuctio that depeds o oly oe iput bit, or it has agreemet at least 3/4 with a affie fuctio that depeds o oly two iput bits. 2.2 The Case k = 3 Let G : {0, 1} {0, 1} m be a geerator ad let g i : {0, 1} {0, 1} be the i-th bit of the output of the geerator. Suppose each g i depeds o oly three bits of the iput. Suppose that oe of the g i is ot a balaced fuctio. The we immediately have a distiguisher. Suppose that more tha of the g i are affie. The oe of them is liearly depedet o the others, ad we also have a distiguisher. It remais to cosider the case where at least m of the fuctios g i are balaced ad ot affie. Let I be the set of i for which g i is as above. The, by lemma 7, for each such g i there is a affie fuctio l i that depeds o 6
7 oly oe bit, such that g i agrees with l i o a 3/4 fractio of the iputs. By replacig g i with g i 1 whe eeded, we may assume that each such g i has correlatio at least 3/4 with oe of the bits of its iput. The followig lemma ow implies a costat distiguishig probability oce m While the above aalysis uses the same ideas as i [8], it is slightly better because we achieve costat bias istead of iverse polyomial bias. We first prove a very geeral lemma that will be also used i later sectios, ad the we derive the coclusio that we eed for the case of k = 3. Lemma 8. For every δ > 0 there are costats c δ ad ε δ 2 δ 2 δ 3δ2 4 such that the followig holds. Let G : {0, 1} {0, 1} m, ad let G(x) = (g 1 (x),...,g m (x)). Let L be a set of fuctios ad suppose that each fuctio g i (x) agrees with a elemet of L or with its complemet with probability at least 1/2 + δ. I other words, for every g i there exists f L such that Pr x [g i (x) = f(x)] δ or Pr x [g i (x) f(x)] δ. Assume that m 1 + c δ L. The there are i j such that g i g j has bias at least ε δ. Moreover, c 1/4 3 ad c 1/8 9. Proof. By the pigeohole priciple there is a fuctio f L ad a set of idices C [m], such that C m L, ad for every i C, g i or 1 g i is correlated with f. Assume w.l.o.g. that for every i C, g i is correlated with f (otherwise replace g i with 1 g i ). Defie the radom variable Z(x) = # {i C : g i (x) = 0} # {i C : g i (x) = 1}. Cosider the expectatio of Z(x) (where x is uiformly chose from {0, 1} ). We have that E[Z(x)] = E[ # {i C : g i (x) = f(x)} # {i C : g i (x) f(x)} ] (( ) ( )) 1 1 E [# {i C : g i (x) = f(x)}] E[# {i C : g i (x) f(x)}] C 2 + δ 2 δ = 2δ C. Note that the average value of Z over the uiform distributio is O( C ). We coclude that for C = αδ 2, for a sufficietly large α, the differece of expected values of Z uder the geerator ad uder the uiform distributio is Ω( C δ). This implies that the statistical distace betwee the output of the geerator ad the uiform distributio over C bits is Ω(δ). By the Vazirai XOR lemma [31] (see [10] for a excellet expositio of the XOR lemma), it also follows that the XOR of some subset of the bits of C has bias Ω(δ2 C ) = 2 O(δ 2). However we would like to obtai a better depedece betwee δ ad ε. For i, j C defie Z i,j (x) to be 1 if g i (x) = g j (x) ad 1 otherwise. Note that E[Z i,j ] equals twice the bias of g i g j. Clearly Z i,i = 1. We have that Z(x) 2 = i,j Z i,j. I particular we get that E i,j Z i,j (x) = E [ Z(x) 2] E[Z(x)] 2 4δ 2 C 2. Hece for C = 1 δ 2 we get that E i,j Z i,j (x) 4 C. 7
8 As E[ i Z i,i] = C, it follows that E[ i j Z i,j] 3 C, ad so there must be i j C such that I other words, g i g j has a 3δ2 4 E[Z i,j ] 3 C C ( C 1) 3δ2 2. bias. Thus takig m = 1 + L ( 1 δ 2 1) we obtai c δ = 1 δ 2 1. We ow cosider two special cases. Let C = 4, δ = 1 4. By the above argumet we get that E[Z(x)] C = 2. O the other had, for the uiform distributio o 4 bits the average of Z(x) is ( ( ) ( )) = < 2 = 2. Thus, if C = 4 we get by Vazirai s XOR lemma that some subset of the g i s has some costat bias, so we ca set c 1/4 = 3. Similarly, whe C = 10 the average of Z(x) for the uiform distributio is 2 4 ( ) (10 2i) = 2520 i 1024 < , so we ca set c 1/8 = 9. i=0 To coclude the case of k = 3 we ote that if m 1+4, ad the output of the geerator cotais at most affie fuctios the at least output bits that are ot affie ad so we ca apply Lemma 8, where L = {π 1,...,π } is the set of projectio fuctios π i () such that π i (x 1,...,x ) = x i. The cosequece of Lemma 8 is that two of the output bits are correlated. 3 Distiguisher for the Case k = 4 I this sectio we costruct a distiguisher for k = 4. We restate Theorem 2. Theorem. Let G = (g 1,...,g m ) : {0, 1} {0, 1} m be a map such that each g i depeds o at most 4 coordiates of the iput ad m 24. The there exists a polyomial time algorithm which distiguishes betwee G ad a radom strig with costat distiguishig probability. More precisely, the algorithm will output yes for the output of the geerator G with probability Ω(1), ad for a radom strig with probability e Ω(m). The first case we cosider is where there are more tha 0.001m of the g i that are ubalaced. Suppose that g 1,...,g p are ubalaced ad p 0.001m. The there exist fixed bits b 1,...,b p such that Pr[g i = b i ] 9/16. Thus by Markov s iequality: [ { i gi (z) = b i )} Pr z {0,1} 17 ] 1 p O the other had, if r 1,...,r p are chose uiformly at radom, the [ { i ri = b i )} Pr 17 ] e Ω(m) p 32 by Cheroff s iequality. 8
9 The secod case is where more tha m of the g i are liear. I this case we ca write at least 0.001m idepedet liear combiatios i the output bits of the geerator that hold with probability 1. The probability that these combiatios hold for truly radom bits is m. Thus the statemet of the theorem follows i this case as well. If oe of the g i is biased towards oe of the bits of its iput, the it follows from Lemma 7 that it must agree with that bit or its complemet with probability at least 5/8. Suppose that more tha c 1/8 = m of the fuctios g i have bias towards oe bit. The by the proof of Lemma 8, there exists at least p m disjoit sets S 1,...,S p of the g i s such that S r 10 ad i Sr g i has bias at least 2 10 bias towards a costat bit b r for all 1 r p. Thus, as i the first case, [ { r i Sr g i (z) = b r )} Pr z {0,1} 1 ] p ad from Cheroff s boud it follows that if r i are truly radom the [ { r i Sr r i = b r } Pr p ] e Ω(m). Thus, the proof follows i this case as well. It remais to cosider the case where at least 0.997m 10 of the fuctios are balaced, o-liear, ad ubiased towards sigle bits. Followig [8], we call such fuctios problematic. It follows from Lemma 7 that for each problematic g there is a affie fuctio l of two variables that agrees with g o a 3/4 fractio of the iputs. Agai, by replacig g i by g i 1, whe eeded, we may assume that all the problematic g i s have 3/4 agreemet probability with some liear fuctio. Let P be the set of i such that g i is problematic. For each such i we deote by l i the liear fuctio of two iputs that agrees with g i o a 3/4 fractio of the iputs. I the ext sectio we show how if p = P 0.997m , the oe ca break the geerator usig correlatio attack. Correlatio attacks are ofte used i practice to break pseudoradom geerators. The distiguisher below is a iterestig example where oe ca actually prove that correlatio attack results i a polyomial time distiguisher. 3.1 The Distiguisher Based o Semidefiite Programmig Give a strig (r 1,...,r p ) {0, 1} p, cosider the followig liear system over GF(2) with two variables per equatio. i P l i (x) = r i. (3) We will argue that the fractio of satisfied equatios i the system (3) is distributed differetly if r 1,...,r p is uiform or if it is the output of G. Sice the expected umber of equatios (3) satisfied whe r i = g i is at least 3p/4, it follows by Markov s iequality that Lemma 9. If r 1,...,r p are the output of g 1,...,g p, respectively (where the g i s are problematic), the, for every ε > 0, there is a probability of at least ε that at least 3/4 ε fractio of the equatios i (3) are satisfiable. More formally [ { i gi (z) = l i (z))} Pr z {0,1} 3 ] p 4 ε ε. 9
10 Lemma 10. If r 1,..., r p are chose uiformly at radom from {0, 1} p, ad p > (1/2δ 2 )(l2)( + c), the the probability that there is a assigmet that satisfies more tha a 1/2 + δ fractio of the equatios of (3) is at most 2 c. Proof. Fix a assigmet z; the, by Cheroff s iequality, the probability that a fractio at least 1/2 + δ of the r i agree with l i (z) is at most e 2δ2p 2 c. By a uio boud, there is at most a probability 2 c that such a z exists. Give a system of liear equatios over GF(2) with two variables per equatio, it is NP-hard to determie the largest umber of equatios that ca be satisfied, but the problem ca be approximated to withi a.878 factor usig semidefiite programmig [13]. We ow prove theorem 2. Proof of Theorem 2: Let δ =.158, ε = Thus,.878(3/4 ε) > 1/2+δ. The statemet of the theorem follows from the previous argumets uless there are p problematic fuctios where p > 0.997m 10. Give a strig (r 1,..., r p ), which is either radom i {0, 1} p or from the distributio G(z) restricted to problematic fuctios (where z is radom), we cosider the system (3). Usig semidefiite programmig [13] we get a polyomial time algorithm that is successful if a 3/4 ε fractio of the equatios hold, ad fails if o more tha 0.878(3/4 ε) > 1/2 + δ of the equatios hold. Let c = By lemma 10 if p > > (1/2δ 2 )(l2)( + c), the the probability that more tha 1/2 + δ of the equatios are satisfied, whe r 1,..., r p are chose radomly, is at most 2 c = exp( Ω()). O the other had, whe (r 1,..., r p ) is take from the geerator the the probability that at least 3/4 ε fractio of the equatios are satisfied is at least ε. The theorem follows. 3.2 Correlatio Attacks I this sectio we discuss how our distiguisher for the case k = 4 ca be see as a correlatio attack. Correlatio attacks are a class of attacks that are ofte attempted i practice agaist cadidate pseudoradom geerators. Pseudoradom geerators are called stream ciphers i the applied cryptography literature, see e.g. the itroductio of [18] for a overview. The basic idea is as follows. Give a cadidate geerator G : {0, 1} {0, 1} m, where G(x) = g 1 (x),...,g m (x), we first try ad fid liear relatios betwee iput bits ad output bits that are satisfied with o-trivial probability. For example, suppose we fid coefficiets a i,j, b i,j ad c j such that each of the equatios is satisfied with probability bouded away from 1/2. i=1 a i,1x i + m i=1 b i,1g i (x) = c 1 (mod 2) i=1 a i,2x i + m i=1 b i,2g i (x) = c 2 (mod 2)... i=1 a i,tx i + m i=1 b i,tg i (x) = c t (mod 2) Now we wat to use this system of equatios i order to build a distiguisher. The distiguisher is give a sample z = (z 1,...,z m ) ad has to decide whether z is uiform or is the output of G. The distiguisher substitutes z i i place of g i (x) i (4) ad the tries to fid a x that maximizes the umber of satisfied equatios. The hope is that, if z = G(x), the we will fid x as a solutio of the optimizatio problem. Ufortuately, maximizig the umber of satisfied equatios i a liear system over GF(2) is a NP-hard problem, ad, i fact, it is NP-hard to achieve a approximatio factor better tha 1/2 [14]. I practice, oe uses beliefpropagatio algorithms that ofte work, although the method is typically ot ameable to a formal aalysis. (4) 10
11 I Sectio 3.1, we were able to derive a formal aalysis of a related method because we eded up with a system of equatios havig oly two variables per equatio, a class of istaces for which good approximatio algorithms are kow. Furthermore, we did ot try to argue that, whe the method is applied to the output of the geerator, we are likely to recover the seed; istead, we argued that just beig able to approximate the largest fractio of satisfiable equatios gives a way to distiguish samples of the geerators from radom strigs. 4 O( k/2 ) upper boud I this sectio we prove the followig theorem which gives a upper boud o the maximal stretch of a ε-biased geerator i NC 0 k. We restate Theorem 3. Theorem. For every iteger 0 < k ad ay 0 ε < 2 2k 1, if G = (g 1,...,g m ) is a ε-biased pseudoradom geerator, where each of the g i s deped o at most k bits, the k 2 ( ) ( ) m 2 2(k t) k2 2k t k 2. (5) t=0 The proof uses the followig lemma from [25]. Lemma 11 ([25]). Let f : {0, 1} k {0, 1} the for all r Either f is a polyomial of degree at most r over GF(2), or f is biased towards a affie fuctio of at most k r variables. Proof of Theorem 3: For 0 t, write B(t) = t i=0 ( i). Set s = k/2, r = k s. By Lemma 11 every gi is either a degree r polyomial, or is biased towards a affie fuctio of at most s variables. Let p be the umber of degree r polyomials amog the g i s, ad b t be the umber of g i s biased towards a affie fuctio of exactly t variables (but ot towards a affie fuctio with less tha t variables). Clearly, m p+ s t=0 b t. Note that the B(r) moomials of degree r o the variables x 1,...,x form a basis for the vector space of all degree r polyomials i x 1,...,x. Therefore if p > B(r), there is a liear depedecy betwee the g i s. We therefore coclude that p B(r). (6) O the other had, ote that by Lemma 7, if g is biased towards a affie fuctio of t s variables (but ot towards a affie fuctio with less tha t variables) the there exists a affie fuctio l of t variables such that Pr[g = l] 1/2 + 2 t k. Moreover, there are exactly ( t) liear fuctios o t variables. For t s let Lt be the set of liear fuctios o t variables. Lemma 8 implies that if b t 1 + L t c 2 t k = 1 + ( ) ( ) 2 2(k t) 1 t the there is a of two of the g i s that has at least a t 2k > 2 2k 1 bias. It therefore follows that ( ) b t (2 2(k t) 1). (7) t Combiig (7) ad (6) we obtai that k 2 m B(r) + t=0 ( ) k 2 (2 2(k t) 1) t 11 t=0 ( ) ( ) 2 2(k t) k2 2k t k 2
12 as eeded. 5 Costructios for k = 5 ad k = Overview I this sectio we prove Theorem 4. We will also give a costructio of a k = 4 geerator with iverse-polyomial bias. I both cases, we will costruct a geerator mappig 2 bits ito c bits. It is helpful to thik of c as a large costat, although the results for k = 5 hold also if c is a fuctio of. We will costruct two geerators: oe will be good agaist liear tests that ivolve a small umber of output bits (we call them small tests), ad aother is good agaist liear tests that ivolve a large umber of output bits (we call them large tests). The fial geerator will be obtaied by computig the two geerators o idepedet seeds, ad the XOR-ig their output bit by bit. I this way, we fool every possible test. The geerator that is good agaist large tests is such that every bit of the output is just the product of two bits of the seed. We argue that the sum (modulo 2) of t output bits of the geerator has bias expoetially small i t/c 2, where c, as above, is the stretch of the geerator. The we describe a geerator that completely fools liear tests of size up to about /c 2, ad such that every bit of the output is the sum of three bits of the seed. Combied with the geerator for large tests, we get a geerator i NC 0 5 such that every liear test has bias 2 O(/c4). 5.2 The Geerator for Large Tests Let us call the bits of the seed y 1,..., y. Let K be a udirected graph formed by /(2c + 1) disjoit cliques each with 2c + 1 vertices (we assume for simplicity that /(2c + 1) is a iteger). K has vertices that we idetify with the elemets of []. K has c = m edges. Fix some orderig of the edges of K, ad let (a j, b j ) be the j-th edge of K. Defie the fuctios q 1,..., q m as q j (y 1,..., y ) = y aj y bj. Lemma 12. For every subset S [m], the fuctio q S (y) = j S q j(y) is such that Pr y [q S (y) = 0] 1 2 ( ) 1 1+ S /(2c 2 +c). 2 The proof relies o the followig two stadard lemmas. The first oe from [8] is a special case of the Schwartz- Zippel lemma [29, 32]. Lemma 13 ([8]). Let p be a o-costat degree-2 multiliear polyomial over GF(2). The 1/4 Pr[p(x) = 0] 3/4. It is well kow ad easy to prove by iductio that Lemma 14. Let X 1,..., X t be idepedet 0/1 radom variables, ad suppose that for every i we have δ Pr[X i = 0] 1 δ. The [ ] (1 2δ)t Pr X i = (1 2δ)t. i 12
13 We ca ow prove lemma 12. Proof of Lemma 12.: We ca thik of S as a subset of the edges of K. Each coected compoet of K has 2c 2 + c edges, so S cotais edges comig from at least S /(2c 2 + c) differet coected compoets. Let t be the umber of coected compoets. If we decompose the summatio j S q j(y 1,...,y ) ito terms depedig o each of the coected compoets, the each term is a o-trivial degree-2 polyomial, ad the t terms are idepedet radom variables whe y 1,..., y are picked at radom. We ca the apply lemma 14, where the X i are the values take by each of the t terms i the summatio, δ = 1/4, ad t S /(2c 2 + c). I particular it follows that if we defie G 1 (y 1,..., y ) = (q 1,..., q m ) the ay liear combiatio of at least Ω() coordiates of the output of G has a expoetially small bias. 5.3 The Geerator for Small Tests Let A {0, 1} m be a matrix such that every row is a vector i {0, 1} with exactly three o-zero etries, ad also assume that every set of σ 1 rows of A is liearly idepedet. Let A 1,..., A m be the rows of A. We defie the liear fuctios l 1,..., l m as l i (x) = A i x. Note that each of these liear fuctios depeds o oly three bits of the iput. Propositio 15. For every subset S [m], S < σ, the fuctio l S (x) = j S l j(x) is balaced. Proof. We have l S (x) = ( j S A j) x, ad sice j S A j is a o-zero elemet of {0, 1} (as {A i } i S are liearly idepedet), it follows that l S () is a o-trivial liear fuctio, ad therefore it is balaced. Lemma 16. For every c = c() = o( /(log ) 3/4 ) ad for sufficietly large there is a 0/1 matrix A with c rows ad colums such that every row has exactly three o-zero etries ad such that every set of σ 1 = /(4e 2 c 2 ()) 1 rows are liearly idepedet. Proof. We shall costruct the matrix A as the adjacecy matrix of a bi-partite expader graph. We begi by showig a relatio betwee a expasio of bi-partite graphs ad liear idepedece of related liear fuctios. Let G = (L, R, E) be a bi-partite graph such that R =. G has the b - right uique eighbor property, if for ay set V L, V b there exists a vertex u R such that N(u) V = 1. Assig the iput variables to the differet vertices i R. For every vertex v L the correspodig output is the liear fuctio l v (X) = i N(v) Lemma 17. If G has the b-right uique eighbor property the for ay set B such that B < b, the liear combiatio l = v B l v is ozero. x i Proof. We have that l = l v = x i. v B i: N(i) B =odd The right uique eighbor property guaratees that there is a iput variable that belogs to exactly oe output. Therefore l is ot zero. Note that we actually eed the odd-eighbor property (i.e. that for ay set of size less tha b there is a eighbor with odd umber of eighbors i the set), but our calculatios show that the graphs that we use have the stroger uique-eighbor property. The problem of costructig explicit expaders with the uique eighbor property was 13
14 extesively studied i recet years ad may ew costructios were foud [2, 7, 9, 22]. However, oe of these give the parameters we eed here. Thus we oly prove the existece of such a graph istead of givig a explicit costructio. Our proof actually show that if we pick a radom graph (with the correct parameters) the w.h.p. it will have the uique-eighbor property. The existece of graphs with the uique eighbor property will follow from the existece of certai expaders. We say that a bipartite graph (L, R, E) is (σ, α)-expadig if for every subset S L of vertices o the left, if S σ the N(S) > α S, where (as before) N(S), defied as is the eighborhood of S. N(S) = {v R : u S such that (u, v) E}, Lemma 18. Suppose that the degrees of all vertices i L are bouded by. If N(S) > S /2 for all sets S L of size at most σ, the G has the σ-right uique eighbor property. Proof. If there is o uique eighbor, the by coutig edges N(S) S /2. The followig lemma shows the existece of a bi-partite expader graph with the required properties. Lemma 19. For every c() = o( /(log ) 3/4 ) ad sufficietly large there is a (σ, 3/2)-expadig graph ([c() ], [], E) with σ = /(4e 4 c 2 ()) such that every vertex o the left has degree 3. Proof. We costruct the graph at radom by coectig each vertex o the left to three distict radomly chose vertices o the right. (For differet left vertices the radom choices are idepedet.) Fix a size s, 2 s /(2e 2 c), ad cosider the probability that there is a subset S [c] of s vertices o the right (i.e. S R) whose eighborhood is cotaied i a set T [] of 3s/2 vertices o the left. Clearly, this probability is less tha ( 3s 2 )3s. The umber of possible choices for S is ( ) c s ad the umber of possible choices for T is ( 3s/2). By a uio boud, the probability that the costructio fails to satisfy the required property is at most Usig the iequality ( ) ( k e ) k k we ca see that(8) is at most σ ( ec ) ( ) s 2e 3s/2 ( ) 3s 3s s 3s 2 s=2 ( ( ) c 2 ( ) c 3 = O + + σ ( ) ( )( ) c 3s 3s. (8) s 3s/2 2 s=2 σ s=2 ( 2e 3 c s ) s (9) ( c ) 4 (log ) 3 ) = o(1), (10) where the last lie ca be verified by breakig the secod sum i expressio (9) up ito the the term s = 2 which is O((c/ ) 2 ; s = 3, which is O((c/ ) 3 ); the terms s = 4,...,2log, each of which is at most O(c log / ) 4 ; ad the remaiig terms, each of which is at most 1/ 2. We ow fiish the proof of lemma 16. Cosider the graph G costructed i Lemma 19 ad let A be the L R matrix such that A v,u = 1 if ad oly if (v, u) is a edge of G. Note that every row of A has exactly 3 o-zero etries. By Lemma 18, G has the σ-right uique eighbor property. Therefore by Lemma 17 the liear fuctios correspodig to ay subset of σ rows are liearly idepedet. I particular we get that if we defie G 2 (x) = (A 1 x,..., A m x) the ay liear combiatio of at most 2 /4e 2 c 2 1 coordiates of the output of G 2 is ubiased. The proof follows. 14
15 5.4 Puttig Everythig Together: Proof of theorem 4 I order to obtai the geerator, recall that m = c ad take G 1 : {0, 1} {0, 1} m, ad G 2 : {0, 1} {0, 1} m be the geerators defied above (with the parameter c). The we take G : {0, 1} 2 {0, 1} m defied by G(x, y) = G 1 (x) G 2 (y). We get that by lemma 12 ay combiatio of more tha σ outputs of G has bias at most 2 σ/(c2 +c), ad that by lemma 16, ay combiatio of at most σ = /(4e 2 c 2 ) of the outputs of G is ubiased. This completes the proof of the theorem. 5.5 Geerator for k = 4 Whe k = 4 we wat to replace the geerator for small sets by a geerator which depeds oly o two bits. The costructio is essetially the oe i [8]. Let H be a udirected graph with vertices, that we idetify with [], havig c edges ad girth γ. Fix some orderig of the edges of H, ad let (a j, b j ) be the j-th edge of H. We defie the liear fuctios l 1,...,l m as l j (x 1,..., x ) = x aj + x bj. Propositio 20. For every subset S [m], S < γ, the fuctio l S (x) = j S l j(x) is balaced. Proof. Sice S < γ, the subgraph of H iduced by the edges of S is a forest. Therefore l S (x) is a o-zero liear fuctio, ad hece balaced. The explicit costructio of expaders by Lubotzky-Phillips-Sarak [21] has high girth: Lemma 21 ([21]). For every c ad for sufficietly large there are explicitly costructible graphs H with vertices, c edges, ad girth Ω((log )/(log c)). We thus obtai. Theorem 22. For every c ad sufficietly large, there is a geerator i uiform NC 0 4 mappig bits ito c bits ad samplig a ε-biased distributio, where ε = 1/O(c2 log c). 6 ε-biased geerator for large k I this sectio we costruct a ε-biased geerator i NC 0 k, for large k, that outputs Ω( k) bits. More precisely we prove Theorem 5: Theorem. Let k be a positive iteger. There exists a ε-biased geerator i NC 0 k from bits to ( ) k 6 k 2 3 = k( 1 2 o k(1)) bits whose bias ε is at most exp ( 1 2 k 4 2 k ). 6.1 The Geerator for Large Tests I this sectio we prove the followig Lemma. 15
16 Lemma 23. Let = p 2 ad let d be a iteger. The there exists a geerator G 1 : (g 1,...,g m ) : {0, 1} {0, 1} m, where m = ( ) p d such that for all J [m] the bias of g = j J g j is at most ( ) exp J 1 d 2 d. (11) Proof. Cosider the followig bi-partite graph G = (L, R, E) where L = p (left vertices), R = ( p d) (right vertices). Idetify the vertices of L with the umbers 1,..., p ad the vertices of R with ( [p]) d, the set of all subsets of [p] = {1,...,p} of size d. The edges of G are all pairs (i, S) such that i [p], S ( [p]) d ad i S. For a set of vertices, V, we deote with N(V ) the set of eighbors of V : For a vertex i let deg(i) = N({i}). N(V ) = {u L R : v V such that (u, v) E}. Propositio 24. For ay set of right vertices V R we have that N(V ) d V 1 d e. Proof. Note that for ay set of t left vertices, L, there are (exactly) ( t d) right vertices, R, such that N(R ) = L. The result follows from the iequality ( ) ( ) N(V ) e N(V ) d V. d d Our costructio will assig a moomial of degree d, i the iput variables, to each edge. We thik about the vertices of L as represetig disjoit subsets of the iput variables (each of size p) ad each edge leavig such iput set as correspodig to a moomial i its variables. The right vertices, R, correspod to the output bits. Each output is the sum of the moomials that label the edges that fa ito it. We ow give the formal costructio. Let X = p i=1 X i be a partitio of X = {x 1,..., x } ito p disjoit sets each of size p. We assig the set X i to the i-th vertex of L. Let M i be the set of all multiliear moomials of degree d i the variables of X i. We have that M i = ( ) p d > ( ) p 1 d 1 = deg(i) Therefore we ca assig to each edge leavig i a differet moomial from M i. Deote by M e the moomial correspodig to the edge e. Each right vertex correspods to a output bit. For a right vertex j the j th output, which we deote by g j, is the sum of all moomials that were assiged to the edges adjacet to j: g j = M e. e:j e Thus each output is the sum of d moomials each of degree d. Hece each output depeds o d 2 iput variables. We ow show that ay large liear combiatio of the output bits has a small bias by provig (11). Let g = j J g j. The proof is essetially the same as the proof of lemma 12 ad follows from the followig easy propositios. Propositio 25. Let g = j J g j, the g ca be writte as the sum of at least N(J) polyomials of degree d, each i a differet set of variables. Proof. The set of outputs J, has N(J) left eighbors. The edges coectig the set J to a eighbor i N(J) are labeled with polyomials of degree d i X i. 16
17 From the Schwartz-Zippel lemma [29, 32] we get Propositio 26. For ay polyomial g of degree d we have 1 2 d Pr[g = 0] d. Thus accordig to lemma 14 we get that the bias of g is at most ( ) N(J) 2 2 d 1 ( ) ( ) 2N(J) 2 exp J 1 d 2 d exp 2 d This fiishes the proof of Lemma The Geerator for Small Tests Similar to the k = 4, 5 cases this geerator will output oly liear fuctios. We will have the property that ay small set of these liear fuctios is liearly idepedet. This is a stadard costructio that follows from uique eighbor property of expadig graphs. Lemma 27. Let t be positive iteger t ad = 10t. There exists a mappig from bits to t bits such that every output depeds liearly o iput variables, ad such that ay liear combiatio of at most outputs is o-zero ad therefore ubiased. Proof. As i the proof of lemma 16, we shall costruct a liear mappig from a expader bi-partite graph with the uique eighbor property. We first prove: Lemma 28. Let t be a positive iteger ad = 10t. The there exists a family of bi-partite graphs G = (L, R, E) with L = t, R =, v L deg(v) =, such that G is a (σ =, 5t) expadig graph. Proof. Let R =, L = t. Coect every vertex i L to a radomly chose multi set of size of distict right vertices. We cotiue as i Lemma 19. Fix a size s, 2 s σ =, ad cosider the probability that there is a subset S [ t ] of s vertices o the right whose eighborhood is cotaied i a set T [] of s/2 vertices o the left. This probability is less tha ( s 2 ) s. The umber of possible choices for S is ( ) t s ad the umber of possible choices for T is ( s/2). Therefore applyig the uio boud ad recallig that = 10t the probability that the costructio fails to satisfy the required property is at most σ ( ) e t s s s=2 ( ) 2e s/2 s ( ) s s 2 ( ) σ (e s) s = o(1). s=2 4t We ow fiish the proof of lemma 27. Let G be the graph costructed i Lemma 28. Label each vertex o the right by oe of the variables x i ad each vertex o the left by the liear combiatio of the variables adjacet to it. By Lemma 18, G has the σ-right uique eighbor property. Therefore by Lemma 17 every set cosistig of σ 1 liear fuctios (correspodig to left vertices) is liearly idepedet. The proof follows. 17
18 6.3 Puttig thigs together: Proof of theorem 5 Let κ = ( k 5) 2, ν = 2 2. We have that k > κ + 10 κ, κ > k 12 k, 2 ν > 2 2. Let X = {x 1,..., x ν }, Y = {y 1,..., y ν }. Let f 1 (X),...,f ( p (X) be the outputs of the geerator agaist large tests d) with the parameters p = ν, d = κ. Let h 1 (Y ),...,h ν κ(y ) be the outputs of the geerator for small tests o Y, give the parameter t = κ. Note that ( ) ( ) ν p ν κ > =. κ d Our geerator G will output the fuctios 1 i ( ) p d g i (X, Y ) = f i (X) + h i (Y ). Notice that as we have more h i s tha f i s we do ot use most of the h i s. Clearly, each output of the geerator depeds o κ + 10 κ < k iput variables. From lemmas 23,27 we get that the bias of ay o trivial liear combiatio of the outputs is at most exp Our geerator takes 2ν iputs ad outputs as eeded. ( ) p d ( ν 1 d 2 d ( e 2 ) κ ν 2 κ ) exp ( 1 2 k ( ) k k ) k 2 3 = k( 1. 2 o k(1)) 7 A degree 2 geerator I this sectio we cosider a variat of the problem preseted i the paper. Suppose that we require that every output bit is a degree k polyomial i the iput bits. It is clear that if we wat the output to be ε-biased, the the umber of output bits m is at most the dimesio of the space of degree k polyomials i variables, which is k ( i=0 i) = O( k ) (as otherwise there will be a liear depedece amog the output bits). Clearly this is a relaxatio of the problem described above. I particular ay upper boud here will imply a upper boud for NC 0 k. The problem is also of idepedet iterest, as low degree geerators are simple i a ituitive sese. We ow show how to costruct a geerator of ε-biased set such that every output is a polyomial of degree 2 i the iput variables. We show that ulike the NC 2 0 case we ca output Ω(2 ) bits. I particular we prove Theorem 6: Theorem. 1 m there exists a ε-biased geerator G = (g 1,..., g t ) : {0, 1} {0, 1} t, t = 2 m, such that g i is a degree 2 polyomial, ad the bias of ay o trivial liear combiatio of the g i s is at most 2 2m We begi by studyig the bias of a degree 2 polyomial, over GF(2). I this sectio we will oly cosider degree 2 polyomials P such that P(0) = 0. Below we deote with x T ad A T the traspose of the vector x ad the matrix A, respectively
19 7.1 The Bias of Degree 2 polyomials Let P(x 1,..., x ) be a degree 2 polyomial. P is also called a quadratic form over GF(2). We say that a matrix A represets P with respect to a basis of GF(2), {v i } i=1, if for every vector v = i=1 x i v i we have that P(v) = x T Ax. Notice that we ca always fid a upper triagular matrix that represets P ; let Defie P(a 1,..., a ) = A(P) i,j = 1 i j α i,j a i a j { αi,j i j 0 i > j Clearly P( i=1 e i x i ) = x T A(P)x ad A(P) represets P with respect to the stadard basis. The bias of a quadratic form is bouded by the rak of the matrix represetig it as follows. Theorem 29. The bias of a degree 2 polyomial P is at most for ay matrix A that represets P. ( ) 2 1+ rak(a+at ) 4 Theorem 29 shows that i order to output m polyomials of degree 2, such that ay o trivial liear combiatio of them is almost ubiased, it suffices to fid matrices A 1,..., A m such that for ay o trivial combiatio of them, B = m i=1 α ia i (α i GF(2)), we have that rak(b + B T ) is high Proof of theorem 29 The followig claim is trivial. Propositio 30. P 0 iff there exists a symmetric matrix that represets P w.r.t. some basis iff ay matrix that represets P is symmetric. The proof of theorem 29 will follow from the followig lemmas. Lemma 31. For ay quadratic form P o variables, there exists a basis of GF(2) e i, f i i = 1,..., r ad g j j = 1,..., s such that 2r + s = ad elemets i GF(2), a i, b i i = 1,..., r, c j j = 1,..., s, such that for v = r r s x i e i + x r+i f i + x 2r+j g j i=1 i=1 j=1 we have P(v) = r s (a i x 2 i + x i x r+i + b i x 2 r+i ) + c j x 2 2r+j = i=1 j=1 r s (a i x i + x i x r+i + b i x r+i ) + c j x 2r+j. (12) i=1 j=1 Such a basis is called a caoical basis for P. Proof. See the proof of theorem i [16]. 19
20 Lemma 32. Let P be a quadratic form o variables Let A represet P with respect to the stadard basis (i particular, A is upper triagular) ad D represet P with respect to the caoical basis. The rak(d) rak(a + AT ) 2 Proof. Let B be the matrix whose colums are e 1,..., e r, f 1,..., f r, g 1,..., g s writte w.r.t. the stadard basis. We have that x GF(2) x T Dx = x T B T ABx. I other words Therefore there exists a symmetric matrix S such that or x GF(2) x T (D B T AB)x = 0. D B T AB = S, D = B T (A + (B 1 ) T S(B 1 ))B. As (B 1 ) T S(B 1 ) is a symmetric matrix we get by the ext lemma (lemma 33) that rak(d) = rak(a + (B 1 ) T S(B 1 )) rak(a + AT ). 2 Lemma 33. For a upper triagular matrix A ad ay symmetric matrix S we have that rak(a + S) rak(a + AT ). 2 Proof. Let r = rak(a + S) = rak ( (A + S) T) = rak(a T + S). The rak(a + A T ) = rak(a + S + S + A T ) rak(a + S) + rak(a T + S) = 2r. PROOF OF THEOREM 29. Clearly the bias of P does ot chage if we calculate it w.r.t. to a caoical basis, {v i } i=1. Let v = i=1 x i v i, we have that P(v) = r s (a i x i + x i x r+i + b i x r+i ) + c j x 2r+j. i=1 j=1 Note that if for some 1 j s c j 0 the P is ubiased. Otherwise, we get by propositio 26 that for every i the bias of (a i x 2 i +x i x r+i +b i x 2 r+i ) is at most 1 4. Therefore accordig to Lemma 14 we get that the bias of P is at most ) r+1. As we assumed that j cj = 0 we see that ( 1 2 The theorem ow follows from lemma 32. r rak(d). 2 20
Problem Set 2 Solutions
CS271 Radomess & Computatio, Sprig 2018 Problem Set 2 Solutios Poit totals are i the margi; the maximum total umber of poits was 52. 1. Probabilistic method for domiatig sets 6pts Pick a radom subset S
More informationLecture 11: Pseudorandom functions
COM S 6830 Cryptography Oct 1, 2009 Istructor: Rafael Pass 1 Recap Lecture 11: Pseudoradom fuctios Scribe: Stefao Ermo Defiitio 1 (Ge, Ec, Dec) is a sigle message secure ecryptio scheme if for all uppt
More informationNotes for Lecture 11
U.C. Berkeley CS78: Computatioal Complexity Hadout N Professor Luca Trevisa 3/4/008 Notes for Lecture Eigevalues, Expasio, ad Radom Walks As usual by ow, let G = (V, E) be a udirected d-regular graph with
More informationLecture 2. The Lovász Local Lemma
Staford Uiversity Sprig 208 Math 233A: No-costructive methods i combiatorics Istructor: Ja Vodrák Lecture date: Jauary 0, 208 Origial scribe: Apoorva Khare Lecture 2. The Lovász Local Lemma 2. Itroductio
More informationConvergence of random variables. (telegram style notes) P.J.C. Spreij
Covergece of radom variables (telegram style otes).j.c. Spreij this versio: September 6, 2005 Itroductio As we kow, radom variables are by defiitio measurable fuctios o some uderlyig measurable space
More informationMath 61CM - Solutions to homework 3
Math 6CM - Solutios to homework 3 Cédric De Groote October 2 th, 208 Problem : Let F be a field, m 0 a fixed oegative iteger ad let V = {a 0 + a x + + a m x m a 0,, a m F} be the vector space cosistig
More informationThe multiplicative structure of finite field and a construction of LRC
IERG6120 Codig for Distributed Storage Systems Lecture 8-06/10/2016 The multiplicative structure of fiite field ad a costructio of LRC Lecturer: Keeth Shum Scribe: Zhouyi Hu Notatios: We use the otatio
More informationAn Introduction to Randomized Algorithms
A Itroductio to Radomized Algorithms The focus of this lecture is to study a radomized algorithm for quick sort, aalyze it usig probabilistic recurrece relatios, ad also provide more geeral tools for aalysis
More informationBasics of Probability Theory (for Theory of Computation courses)
Basics of Probability Theory (for Theory of Computatio courses) Oded Goldreich Departmet of Computer Sciece Weizma Istitute of Sciece Rehovot, Israel. oded.goldreich@weizma.ac.il November 24, 2008 Preface.
More informationLecture 9: Expanders Part 2, Extractors
Lecture 9: Expaders Part, Extractors Topics i Complexity Theory ad Pseudoradomess Sprig 013 Rutgers Uiversity Swastik Kopparty Scribes: Jaso Perry, Joh Kim I this lecture, we will discuss further the pseudoradomess
More informationProduct measures, Tonelli s and Fubini s theorems For use in MAT3400/4400, autumn 2014 Nadia S. Larsen. Version of 13 October 2014.
Product measures, Toelli s ad Fubii s theorems For use i MAT3400/4400, autum 2014 Nadia S. Larse Versio of 13 October 2014. 1. Costructio of the product measure The purpose of these otes is to preset the
More informationDefinition 4.2. (a) A sequence {x n } in a Banach space X is a basis for X if. unique scalars a n (x) such that x = n. a n (x) x n. (4.
4. BASES I BAACH SPACES 39 4. BASES I BAACH SPACES Sice a Baach space X is a vector space, it must possess a Hamel, or vector space, basis, i.e., a subset {x γ } γ Γ whose fiite liear spa is all of X ad
More informationLarge holes in quasi-random graphs
Large holes i quasi-radom graphs Joaa Polcy Departmet of Discrete Mathematics Adam Mickiewicz Uiversity Pozań, Polad joaska@amuedupl Submitted: Nov 23, 2006; Accepted: Apr 10, 2008; Published: Apr 18,
More informationLecture Notes for Analysis Class
Lecture Notes for Aalysis Class Topological Spaces A topology for a set X is a collectio T of subsets of X such that: (a) X ad the empty set are i T (b) Uios of elemets of T are i T (c) Fiite itersectios
More informationMath 155 (Lecture 3)
Math 55 (Lecture 3) September 8, I this lecture, we ll cosider the aswer to oe of the most basic coutig problems i combiatorics Questio How may ways are there to choose a -elemet subset of the set {,,,
More informationPolynomial identity testing and global minimum cut
CHAPTER 6 Polyomial idetity testig ad global miimum cut I this lecture we will cosider two further problems that ca be solved usig probabilistic algorithms. I the first half, we will cosider the problem
More informationOn the Linear Complexity of Feedback Registers
O the Liear Complexity of Feedback Registers A. H. Cha M. Goresky A. Klapper Northeaster Uiversity Abstract I this paper, we study sequeces geerated by arbitrary feedback registers (ot ecessarily feedback
More informationThe picture in figure 1.1 helps us to see that the area represents the distance traveled. Figure 1: Area represents distance travelled
1 Lecture : Area Area ad distace traveled Approximatig area by rectagles Summatio The area uder a parabola 1.1 Area ad distace Suppose we have the followig iformatio about the velocity of a particle, how
More informationTHE ASYMPTOTIC COMPLEXITY OF MATRIX REDUCTION OVER FINITE FIELDS
THE ASYMPTOTIC COMPLEXITY OF MATRIX REDUCTION OVER FINITE FIELDS DEMETRES CHRISTOFIDES Abstract. Cosider a ivertible matrix over some field. The Gauss-Jorda elimiatio reduces this matrix to the idetity
More informationApplication to Random Graphs
A Applicatio to Radom Graphs Brachig processes have a umber of iterestig ad importat applicatios. We shall cosider oe of the most famous of them, the Erdős-Réyi radom graph theory. 1 Defiitio A.1. Let
More informationMath 216A Notes, Week 5
Math 6A Notes, Week 5 Scribe: Ayastassia Sebolt Disclaimer: These otes are ot early as polished (ad quite possibly ot early as correct) as a published paper. Please use them at your ow risk.. Thresholds
More informationThe Boolean Ring of Intervals
MATH 532 Lebesgue Measure Dr. Neal, WKU We ow shall apply the results obtaied about outer measure to the legth measure o the real lie. Throughout, our space X will be the set of real umbers R. Whe ecessary,
More information6.3 Testing Series With Positive Terms
6.3. TESTING SERIES WITH POSITIVE TERMS 307 6.3 Testig Series With Positive Terms 6.3. Review of what is kow up to ow I theory, testig a series a i for covergece amouts to fidig the i= sequece of partial
More information4 The Sperner property.
4 The Sperer property. I this sectio we cosider a surprisig applicatio of certai adjacecy matrices to some problems i extremal set theory. A importat role will also be played by fiite groups. I geeral,
More informationAdvanced Stochastic Processes.
Advaced Stochastic Processes. David Gamarik LECTURE 2 Radom variables ad measurable fuctios. Strog Law of Large Numbers (SLLN). Scary stuff cotiued... Outlie of Lecture Radom variables ad measurable fuctios.
More informationSection 4.3. Boolean functions
Sectio 4.3. Boolea fuctios Let us take aother look at the simplest o-trivial Boolea algebra, ({0}), the power-set algebra based o a oe-elemet set, chose here as {0}. This has two elemets, the empty set,
More informationLecture 9: Pseudo-random generators against space bounded computation,
Lecture 9: Pseudo-radom geerators agaist space bouded computatio, Primality Testig Topics i Pseudoradomess ad Complexity (Sprig 2018) Rutgers Uiversity Swastik Kopparty Scribes: Harsha Tirumala, Jiyu Zhag
More informationOptimally Sparse SVMs
A. Proof of Lemma 3. We here prove a lower boud o the umber of support vectors to achieve geeralizatio bouds of the form which we cosider. Importatly, this result holds ot oly for liear classifiers, but
More informationw (1) ˆx w (1) x (1) /ρ and w (2) ˆx w (2) x (2) /ρ.
2 5. Weighted umber of late jobs 5.1. Release dates ad due dates: maximimizig the weight of o-time jobs Oce we add release dates, miimizig the umber of late jobs becomes a sigificatly harder problem. For
More informationCALCULATION OF FIBONACCI VECTORS
CALCULATION OF FIBONACCI VECTORS Stuart D. Aderso Departmet of Physics, Ithaca College 953 Daby Road, Ithaca NY 14850, USA email: saderso@ithaca.edu ad Dai Novak Departmet of Mathematics, Ithaca College
More informationLECTURE 8: ORTHOGONALITY (CHAPTER 5 IN THE BOOK)
LECTURE 8: ORTHOGONALITY (CHAPTER 5 IN THE BOOK) Everythig marked by is ot required by the course syllabus I this lecture, all vector spaces is over the real umber R. All vectors i R is viewed as a colum
More informationOn Random Line Segments in the Unit Square
O Radom Lie Segmets i the Uit Square Thomas A. Courtade Departmet of Electrical Egieerig Uiversity of Califoria Los Ageles, Califoria 90095 Email: tacourta@ee.ucla.edu I. INTRODUCTION Let Q = [0, 1] [0,
More informationInfinite Sequences and Series
Chapter 6 Ifiite Sequeces ad Series 6.1 Ifiite Sequeces 6.1.1 Elemetary Cocepts Simply speakig, a sequece is a ordered list of umbers writte: {a 1, a 2, a 3,...a, a +1,...} where the elemets a i represet
More informationLecture 2: April 3, 2013
TTIC/CMSC 350 Mathematical Toolkit Sprig 203 Madhur Tulsiai Lecture 2: April 3, 203 Scribe: Shubhedu Trivedi Coi tosses cotiued We retur to the coi tossig example from the last lecture agai: Example. Give,
More information6 Integers Modulo n. integer k can be written as k = qn + r, with q,r, 0 r b. So any integer.
6 Itegers Modulo I Example 2.3(e), we have defied the cogruece of two itegers a,b with respect to a modulus. Let us recall that a b (mod ) meas a b. We have proved that cogruece is a equivalece relatio
More informationDesign and Analysis of Algorithms
Desig ad Aalysis of Algorithms Probabilistic aalysis ad Radomized algorithms Referece: CLRS Chapter 5 Topics: Hirig problem Idicatio radom variables Radomized algorithms Huo Hogwei 1 The hirig problem
More informationIt is always the case that unions, intersections, complements, and set differences are preserved by the inverse image of a function.
MATH 532 Measurable Fuctios Dr. Neal, WKU Throughout, let ( X, F, µ) be a measure space ad let (!, F, P ) deote the special case of a probability space. We shall ow begi to study real-valued fuctios defied
More informationSolution. 1 Solutions of Homework 1. Sangchul Lee. October 27, Problem 1.1
Solutio Sagchul Lee October 7, 017 1 Solutios of Homework 1 Problem 1.1 Let Ω,F,P) be a probability space. Show that if {A : N} F such that A := lim A exists, the PA) = lim PA ). Proof. Usig the cotiuity
More informationLecture 14: Graph Entropy
15-859: Iformatio Theory ad Applicatios i TCS Sprig 2013 Lecture 14: Graph Etropy March 19, 2013 Lecturer: Mahdi Cheraghchi Scribe: Euiwoog Lee 1 Recap Bergma s boud o the permaet Shearer s Lemma Number
More informationLecture 12: November 13, 2018
Mathematical Toolkit Autum 2018 Lecturer: Madhur Tulsiai Lecture 12: November 13, 2018 1 Radomized polyomial idetity testig We will use our kowledge of coditioal probability to prove the followig lemma,
More informationDeterminants of order 2 and 3 were defined in Chapter 2 by the formulae (5.1)
5. Determiats 5.. Itroductio 5.2. Motivatio for the Choice of Axioms for a Determiat Fuctios 5.3. A Set of Axioms for a Determiat Fuctio 5.4. The Determiat of a Diagoal Matrix 5.5. The Determiat of a Upper
More informationMath 475, Problem Set #12: Answers
Math 475, Problem Set #12: Aswers A. Chapter 8, problem 12, parts (b) ad (d). (b) S # (, 2) = 2 2, sice, from amog the 2 ways of puttig elemets ito 2 distiguishable boxes, exactly 2 of them result i oe
More informationCS284A: Representations and Algorithms in Molecular Biology
CS284A: Represetatios ad Algorithms i Molecular Biology Scribe Notes o Lectures 3 & 4: Motif Discovery via Eumeratio & Motif Represetatio Usig Positio Weight Matrix Joshua Gervi Based o presetatios by
More informationThe Binomial Theorem
The Biomial Theorem Robert Marti Itroductio The Biomial Theorem is used to expad biomials, that is, brackets cosistig of two distict terms The formula for the Biomial Theorem is as follows: (a + b ( k
More informationDiscrete Mathematics for CS Spring 2007 Luca Trevisan Lecture 22
CS 70 Discrete Mathematics for CS Sprig 2007 Luca Trevisa Lecture 22 Aother Importat Distributio The Geometric Distributio Questio: A biased coi with Heads probability p is tossed repeatedly util the first
More informationInjections, Surjections, and the Pigeonhole Principle
Ijectios, Surjectios, ad the Pigeohole Priciple 1 (10 poits Here we will come up with a sloppy boud o the umber of parethesisestigs (a (5 poits Describe a ijectio from the set of possible ways to est pairs
More informationLecture 3: August 31
36-705: Itermediate Statistics Fall 018 Lecturer: Siva Balakrisha Lecture 3: August 31 This lecture will be mostly a summary of other useful expoetial tail bouds We will ot prove ay of these i lecture,
More information# fixed points of g. Tree to string. Repeatedly select the leaf with the smallest label, write down the label of its neighbour and remove the leaf.
Combiatorics Graph Theory Coutig labelled ad ulabelled graphs There are 2 ( 2) labelled graphs of order. The ulabelled graphs of order correspod to orbits of the actio of S o the set of labelled graphs.
More informationRademacher Complexity
EECS 598: Statistical Learig Theory, Witer 204 Topic 0 Rademacher Complexity Lecturer: Clayto Scott Scribe: Ya Deg, Kevi Moo Disclaimer: These otes have ot bee subjected to the usual scrutiy reserved for
More informationMa/CS 6b Class 19: Extremal Graph Theory
/9/05 Ma/CS 6b Class 9: Extremal Graph Theory Paul Turá By Adam Sheffer Extremal Graph Theory The subfield of extremal graph theory deals with questios of the form: What is the maximum umber of edges that
More informationTEACHER CERTIFICATION STUDY GUIDE
COMPETENCY 1. ALGEBRA SKILL 1.1 1.1a. ALGEBRAIC STRUCTURES Kow why the real ad complex umbers are each a field, ad that particular rigs are ot fields (e.g., itegers, polyomial rigs, matrix rigs) Algebra
More informationBalanced coloring of bipartite graphs
Balaced colorig of bipartite graphs Uriel Feige Shimo Koga Departmet of Computer Sciece ad Applied Mathematics Weizma Istitute, Rehovot 76100, Israel uriel.feige@weizma.ac.il Jue 16, 009 Abstract Give
More informationRecursive Algorithms. Recurrences. Recursive Algorithms Analysis
Recursive Algorithms Recurreces Computer Sciece & Egieerig 35: Discrete Mathematics Christopher M Bourke cbourke@cseuledu A recursive algorithm is oe i which objects are defied i terms of other objects
More informationCHAPTER I: Vector Spaces
CHAPTER I: Vector Spaces Sectio 1: Itroductio ad Examples This first chapter is largely a review of topics you probably saw i your liear algebra course. So why cover it? (1) Not everyoe remembers everythig
More information1 Approximating Integrals using Taylor Polynomials
Seughee Ye Ma 8: Week 7 Nov Week 7 Summary This week, we will lear how we ca approximate itegrals usig Taylor series ad umerical methods. Topics Page Approximatig Itegrals usig Taylor Polyomials. Defiitios................................................
More information7.1 Convergence of sequences of random variables
Chapter 7 Limit Theorems Throughout this sectio we will assume a probability space (, F, P), i which is defied a ifiite sequece of radom variables (X ) ad a radom variable X. The fact that for every ifiite
More informationChapter 10: Power Series
Chapter : Power Series 57 Chapter Overview: Power Series The reaso series are part of a Calculus course is that there are fuctios which caot be itegrated. All power series, though, ca be itegrated because
More informationThe Growth of Functions. Theoretical Supplement
The Growth of Fuctios Theoretical Supplemet The Triagle Iequality The triagle iequality is a algebraic tool that is ofte useful i maipulatig absolute values of fuctios. The triagle iequality says that
More informationLecture Overview. 2 Permutations and Combinations. n(n 1) (n (k 1)) = n(n 1) (n k + 1) =
COMPSCI 230: Discrete Mathematics for Computer Sciece April 8, 2019 Lecturer: Debmalya Paigrahi Lecture 22 Scribe: Kevi Su 1 Overview I this lecture, we begi studyig the fudametals of coutig discrete objects.
More informationb i u x i U a i j u x i u x j
M ath 5 2 7 Fall 2 0 0 9 L ecture 1 9 N ov. 1 6, 2 0 0 9 ) S ecod- Order Elliptic Equatios: Weak S olutios 1. Defiitios. I this ad the followig two lectures we will study the boudary value problem Here
More informationLecture 12: September 27
36-705: Itermediate Statistics Fall 207 Lecturer: Siva Balakrisha Lecture 2: September 27 Today we will discuss sufficiecy i more detail ad the begi to discuss some geeral strategies for costructig estimators.
More informationChapter 3. Strong convergence. 3.1 Definition of almost sure convergence
Chapter 3 Strog covergece As poited out i the Chapter 2, there are multiple ways to defie the otio of covergece of a sequece of radom variables. That chapter defied covergece i probability, covergece i
More informationMath 778S Spectral Graph Theory Handout #3: Eigenvalues of Adjacency Matrix
Math 778S Spectral Graph Theory Hadout #3: Eigevalues of Adjacecy Matrix The Cartesia product (deoted by G H) of two simple graphs G ad H has the vertex-set V (G) V (H). For ay u, v V (G) ad x, y V (H),
More informationA Hadamard-type lower bound for symmetric diagonally dominant positive matrices
A Hadamard-type lower boud for symmetric diagoally domiat positive matrices Christopher J. Hillar, Adre Wibisoo Uiversity of Califoria, Berkeley Jauary 7, 205 Abstract We prove a ew lower-boud form of
More informationBertrand s Postulate
Bertrad s Postulate Lola Thompso Ross Program July 3, 2009 Lola Thompso (Ross Program Bertrad s Postulate July 3, 2009 1 / 33 Bertrad s Postulate I ve said it oce ad I ll say it agai: There s always a
More informationCHAPTER 5. Theory and Solution Using Matrix Techniques
A SERIES OF CLASS NOTES FOR 2005-2006 TO INTRODUCE LINEAR AND NONLINEAR PROBLEMS TO ENGINEERS, SCIENTISTS, AND APPLIED MATHEMATICIANS DE CLASS NOTES 3 A COLLECTION OF HANDOUTS ON SYSTEMS OF ORDINARY DIFFERENTIAL
More informationZeros of Polynomials
Math 160 www.timetodare.com 4.5 4.6 Zeros of Polyomials I these sectios we will study polyomials algebraically. Most of our work will be cocered with fidig the solutios of polyomial equatios of ay degree
More informationUC Berkeley CS 170: Efficient Algorithms and Intractable Problems Handout 17 Lecturer: David Wagner April 3, Notes 17 for CS 170
UC Berkeley CS 170: Efficiet Algorithms ad Itractable Problems Hadout 17 Lecturer: David Wager April 3, 2003 Notes 17 for CS 170 1 The Lempel-Ziv algorithm There is a sese i which the Huffma codig was
More informationRandom Walks on Discrete and Continuous Circles. by Jeffrey S. Rosenthal School of Mathematics, University of Minnesota, Minneapolis, MN, U.S.A.
Radom Walks o Discrete ad Cotiuous Circles by Jeffrey S. Rosethal School of Mathematics, Uiversity of Miesota, Mieapolis, MN, U.S.A. 55455 (Appeared i Joural of Applied Probability 30 (1993), 780 789.)
More informationA Note on Matrix Rigidity
A Note o Matrix Rigidity Joel Friedma Departmet of Computer Sciece Priceto Uiversity Priceto, NJ 08544 Jue 25, 1990 Revised October 25, 1991 Abstract I this paper we give a explicit costructio of matrices
More information7.1 Convergence of sequences of random variables
Chapter 7 Limit theorems Throughout this sectio we will assume a probability space (Ω, F, P), i which is defied a ifiite sequece of radom variables (X ) ad a radom variable X. The fact that for every ifiite
More informationRiesz-Fischer Sequences and Lower Frame Bounds
Zeitschrift für Aalysis ud ihre Aweduge Joural for Aalysis ad its Applicatios Volume 1 (00), No., 305 314 Riesz-Fischer Sequeces ad Lower Frame Bouds P. Casazza, O. Christese, S. Li ad A. Lider Abstract.
More informationRandomized Algorithms I, Spring 2018, Department of Computer Science, University of Helsinki Homework 1: Solutions (Discussed January 25, 2018)
Radomized Algorithms I, Sprig 08, Departmet of Computer Sciece, Uiversity of Helsiki Homework : Solutios Discussed Jauary 5, 08). Exercise.: Cosider the followig balls-ad-bi game. We start with oe black
More informationLargest families without an r-fork
Largest families without a r-for Aalisa De Bois Uiversity of Salero Salero, Italy debois@math.it Gyula O.H. Katoa Réyi Istitute Budapest, Hugary ohatoa@reyi.hu Itroductio Let [] = {,,..., } be a fiite
More informationThe Random Walk For Dummies
The Radom Walk For Dummies Richard A Mote Abstract We look at the priciples goverig the oe-dimesioal discrete radom walk First we review five basic cocepts of probability theory The we cosider the Beroulli
More informationResolution Proofs of Generalized Pigeonhole Principles
Resolutio Proofs of Geeralized Pigeohole Priciples Samuel R. Buss Departmet of Mathematics Uiversity of Califoria, Berkeley Győrgy Turá Departmet of Mathematics, Statistics, ad Computer Sciece Uiversity
More informationDisjoint Systems. Abstract
Disjoit Systems Noga Alo ad Bey Sudaov Departmet of Mathematics Raymod ad Beverly Sacler Faculty of Exact Scieces Tel Aviv Uiversity, Tel Aviv, Israel Abstract A disjoit system of type (,,, ) is a collectio
More informationLecture Notes for CS 313H, Fall 2011
Lecture Notes for CS 313H, Fall 011 August 5. We start by examiig triagular umbers: T () = 1 + + + ( = 0, 1,,...). Triagular umbers ca be also defied recursively: T (0) = 0, T ( + 1) = T () + + 1, or usig
More information2 Markov Chain Monte Carlo Sampling
22 Part I. Markov Chais ad Stochastic Samplig Figure 10: Hard-core colourig of a lattice. 2 Markov Chai Mote Carlo Samplig We ow itroduce Markov chai Mote Carlo (MCMC) samplig, which is a extremely importat
More informationLecture 4: April 10, 2013
TTIC/CMSC 1150 Mathematical Toolkit Sprig 01 Madhur Tulsiai Lecture 4: April 10, 01 Scribe: Haris Agelidakis 1 Chebyshev s Iequality recap I the previous lecture, we used Chebyshev s iequality to get a
More informationMachine Learning Theory Tübingen University, WS 2016/2017 Lecture 12
Machie Learig Theory Tübige Uiversity, WS 06/07 Lecture Tolstikhi Ilya Abstract I this lecture we derive risk bouds for kerel methods. We will start by showig that Soft Margi kerel SVM correspods to miimizig
More informationWeek 5-6: The Binomial Coefficients
Wee 5-6: The Biomial Coefficiets March 6, 2018 1 Pascal Formula Theorem 11 (Pascal s Formula For itegers ad such that 1, ( ( ( 1 1 + 1 The umbers ( 2 ( 1 2 ( 2 are triagle umbers, that is, The petago umbers
More informationECE 901 Lecture 12: Complexity Regularization and the Squared Loss
ECE 90 Lecture : Complexity Regularizatio ad the Squared Loss R. Nowak 5/7/009 I the previous lectures we made use of the Cheroff/Hoeffdig bouds for our aalysis of classifier errors. Hoeffdig s iequality
More informationCALCULATING FIBONACCI VECTORS
THE GENERALIZED BINET FORMULA FOR CALCULATING FIBONACCI VECTORS Stuart D Aderso Departmet of Physics, Ithaca College 953 Daby Road, Ithaca NY 14850, USA email: saderso@ithacaedu ad Dai Novak Departmet
More informationStochastic Matrices in a Finite Field
Stochastic Matrices i a Fiite Field Abstract: I this project we will explore the properties of stochastic matrices i both the real ad the fiite fields. We first explore what properties 2 2 stochastic matrices
More informationAxioms of Measure Theory
MATH 532 Axioms of Measure Theory Dr. Neal, WKU I. The Space Throughout the course, we shall let X deote a geeric o-empty set. I geeral, we shall ot assume that ay algebraic structure exists o X so that
More informationEECS564 Estimation, Filtering, and Detection Hwk 2 Solns. Winter p θ (z) = (2θz + 1 θ), 0 z 1
EECS564 Estimatio, Filterig, ad Detectio Hwk 2 Sols. Witer 25 4. Let Z be a sigle observatio havig desity fuctio where. p (z) = (2z + ), z (a) Assumig that is a oradom parameter, fid ad plot the maximum
More informationIndependence number of graphs with a prescribed number of cliques
Idepedece umber of graphs with a prescribed umber of cliques Tom Bohma Dhruv Mubayi Abstract We cosider the followig problem posed by Erdős i 1962. Suppose that G is a -vertex graph where the umber of
More informationFall 2013 MTH431/531 Real analysis Section Notes
Fall 013 MTH431/531 Real aalysis Sectio 8.1-8. Notes Yi Su 013.11.1 1. Defiitio of uiform covergece. We look at a sequece of fuctios f (x) ad study the coverget property. Notice we have two parameters
More information1 Review and Overview
CS9T/STATS3: Statistical Learig Theory Lecturer: Tegyu Ma Lecture #6 Scribe: Jay Whag ad Patrick Cho October 0, 08 Review ad Overview Recall i the last lecture that for ay family of scalar fuctios F, we
More informationA Block Cipher Using Linear Congruences
Joural of Computer Sciece 3 (7): 556-560, 2007 ISSN 1549-3636 2007 Sciece Publicatios A Block Cipher Usig Liear Cogrueces 1 V.U.K. Sastry ad 2 V. Jaaki 1 Academic Affairs, Sreeidhi Istitute of Sciece &
More informationSingular Continuous Measures by Michael Pejic 5/14/10
Sigular Cotiuous Measures by Michael Peic 5/4/0 Prelimiaries Give a set X, a σ-algebra o X is a collectio of subsets of X that cotais X ad ad is closed uder complemetatio ad coutable uios hece, coutable
More informationLONG SNAKES IN POWERS OF THE COMPLETE GRAPH WITH AN ODD NUMBER OF VERTICES
J Lodo Math Soc (2 50, (1994, 465 476 LONG SNAKES IN POWERS OF THE COMPLETE GRAPH WITH AN ODD NUMBER OF VERTICES Jerzy Wojciechowski Abstract I [5] Abbott ad Katchalski ask if there exists a costat c >
More informationLecture 1: Basic problems of coding theory
Lecture 1: Basic problems of codig theory Error-Correctig Codes (Sprig 016) Rutgers Uiversity Swastik Kopparty Scribes: Abhishek Bhrushudi & Aditya Potukuchi Admiistrivia was discussed at the begiig of
More informationApply change-of-basis formula to rewrite x as a linear combination of eigenvectors v j.
Eigevalue-Eigevector Istructor: Nam Su Wag eigemcd Ay vector i real Euclidea space of dimesio ca be uiquely epressed as a liear combiatio of liearly idepedet vectors (ie, basis) g j, j,,, α g α g α g α
More informationLecture 3 The Lebesgue Integral
Lecture 3: The Lebesgue Itegral 1 of 14 Course: Theory of Probability I Term: Fall 2013 Istructor: Gorda Zitkovic Lecture 3 The Lebesgue Itegral The costructio of the itegral Uless expressly specified
More informationLecture 14: Randomized Computation (cont.)
CSE 200 Computability ad Complexity Wedesday, May 15, 2013 Lecture 14: Radomized Computatio (cot.) Istructor: Professor Shachar Lovett Scribe: Dogcai She 1 Radmized Algorithm Examples 1.1 The k-th Elemet
More informationLecture 4: Unique-SAT, Parity-SAT, and Approximate Counting
Advaced Complexity Theory Sprig 206 Lecture 4: Uique-SAT, Parity-SAT, ad Approximate Coutig Prof. Daa Moshkovitz Scribe: Aoymous Studet Scribe Date: Fall 202 Overview I this lecture we begi talkig about
More informationMath 2784 (or 2794W) University of Connecticut
ORDERS OF GROWTH PAT SMITH Math 2784 (or 2794W) Uiversity of Coecticut Date: Mar. 2, 22. ORDERS OF GROWTH. Itroductio Gaiig a ituitive feel for the relative growth of fuctios is importat if you really
More informationChapter 4. Fourier Series
Chapter 4. Fourier Series At this poit we are ready to ow cosider the caoical equatios. Cosider, for eample the heat equatio u t = u, < (4.) subject to u(, ) = si, u(, t) = u(, t) =. (4.) Here,
More information