Hey! You Can t Do That With My Code!

Similar documents
A Fuzzy Sketch with Trapdoor

Geometrical Constructions for Ordered Orthogonal Arrays and (T, M, S)-Nets

Open Questions in Coding Theory

A Short Overview of Orthogonal Arrays

Arrangements, matroids and codes

Math 512 Syllabus Spring 2017, LIU Post

Codes over Subfields. Chapter Basics

And for polynomials with coefficients in F 2 = Z/2 Euclidean algorithm for gcd s Concept of equality mod M(x) Extended Euclid for inverses mod M(x)

Correcting Codes in Cryptography

T Cryptography: Special Topics. February 24 th, Fuzzy Extractors: Generating Strong Keys From Noisy Data.

Support weight enumerators and coset weight distributions of isodual codes

Error-correcting Pairs for a Public-key Cryptosystem

Solutions of Exam Coding Theory (2MMC30), 23 June (1.a) Consider the 4 4 matrices as words in F 16

Lecture 3: Error Correcting Codes

Secure Sketch for Multi-Sets

Notes 10: Public-key cryptography

Code Based Cryptology at TU/e

Near-Optimal Secret Sharing and Error Correcting Codes in AC 0

Quantum Error Correcting Codes and Quantum Cryptography. Peter Shor M.I.T. Cambridge, MA 02139

Non-Standard Coding Theory

Lecture 12: November 6, 2017

Fuzzy Extractors and Cryptography, or How to Use Your Fingerprints

EE 229B ERROR CONTROL CODING Spring 2005

6.895 PCP and Hardness of Approximation MIT, Fall Lecture 3: Coding Theory

Chapter 3 Linear Block Codes

MATH32031: Coding Theory Part 15: Summary

A Threshold of ln(n) for approximating set cover

Report on PIR with Low Storage Overhead

On the Limitations of Computational Fuzzy Extractors

: Error Correcting Codes. October 2017 Lecture 1

MATH3302 Coding Theory Problem Set The following ISBN was received with a smudge. What is the missing digit? x9139 9

ICT12 8. Linear codes. The Gilbert-Varshamov lower bound and the MacWilliams identities SXD

Lecture B04 : Linear codes and singleton bound

Some results on the existence of t-all-or-nothing transforms over arbitrary alphabets

Secure Sketch for Biometric Templates

Quantum algorithms (CO 781, Winter 2008) Prof. Andrew Childs, University of Waterloo LECTURE 1: Quantum circuits and the abelian QFT

Coset Decomposition Method for Decoding Linear Codes

REED-SOLOMON CODE SYMBOL AVOIDANCE

An Introduction to (Network) Coding Theory

Hamming codes and simplex codes ( )

Noisy Diffie-Hellman protocols

CS Topics in Cryptography January 28, Lecture 5

The decomposability of simple orthogonal arrays on 3 symbols having t + 1 rows and strength t

Chapter 2. Error Correcting Codes. 2.1 Basic Notions

Error-correcting codes and applications

On the Complexity of Approximating the VC Dimension

1 The Low-Degree Testing Assumption

Reed-Solomon codes. Chapter Linear codes over finite fields

Error Correcting Codes Questions Pool

MATH3302. Coding and Cryptography. Coding Theory

Assignment 1 Math 5341 Linear Algebra Review. Give complete answers to each of the following questions. Show all of your work.

The Hamming Codes and Delsarte s Linear Programming Bound

Orthogonal Arrays & Codes

A little context This paper is concerned with finite automata from the experimental point of view. The behavior of these machines is strictly determin

Algebraic Geometry Codes. Shelly Manber. Linear Codes. Algebraic Geometry Codes. Example: Hermitian. Shelly Manber. Codes. Decoding.

Bounding the number of affine roots

Benny Pinkas. Winter School on Secure Computation and Efficiency Bar-Ilan University, Israel 30/1/2011-1/2/2011

Notes on Alekhnovich s cryptosystems

X row 1 X row 2, X row 2 X row 3, Z col 1 Z col 2, Z col 2 Z col 3,

A Unified Approach to Combinatorial Key Predistribution Schemes for Sensor Networks

The Witt designs, Golay codes and Mathieu groups

New polynomials for strong algebraic manipulation detection codes 1

Decoding Reed-Muller codes over product sets

On the Complexity of Approximating the VC dimension

Characterisations of optimal algebraic manipulation detection codes

MATH 291T CODING THEORY

Error control of line codes generated by finite Coxeter groups

Local correctability of expander codes

Construction of digital nets from BCH-codes

Trapdoor Computational Fuzzy Extractors

A list-decodable code with local encoding and decoding

Error Correcting Codes: Combinatorics, Algorithms and Applications Spring Homework Due Monday March 23, 2009 in class

An Introduction to (Network) Coding Theory

List Decoding in Average-Case Complexity and Pseudorandomness

Optimal Ramp Schemes and Related Combinatorial Objects

Coding Theory and Applications. Linear Codes. Enes Pasalic University of Primorska Koper, 2013

MT5821 Advanced Combinatorics

3. Coding theory 3.1. Basic concepts

Provable Security against Side-Channel Attacks

Lecture 7 September 24

List Decoding of Noisy Reed-Muller-like Codes

Fuzzy Extractors. May 7, 2007

Code Based Cryptography

How to Correct More Errors in a Secure Sketch

On the Cryptographic Complexity of the Worst Functions

Network Coding and Schubert Varieties over Finite Fields

Optimal File Sharing in Distributed Networks

Lecture 4: Codes based on Concatenation

Robust Fuzzy Extractors and Authenticated Key Agreement from Close Secrets

Cover Page. The handle holds various files of this Leiden University dissertation

Practical Analysis of Key Recovery Attack against Search-LWE Problem

BOSTON UNIVERSITY GRADUATE SCHOOL OF ARTS AND SCIENCES AN IMPROVED ROBUST FUZZY EXTRACTOR

Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data

S. B. Damelin*, G. Michalski*, G. L. Mullen** and D. Stone* 4 February Abstract

Some error-correcting codes and their applications

Information redundancy

New Traceability Codes against a Generalized Collusion Attack for Digital Fingerprinting

On Perfect and Adaptive Security in Exposure-Resilient Cryptography. Yevgeniy Dodis, New York University Amit Sahai, Princeton Adam Smith, MIT

Introduction to binary block codes

Error Correction Review

Transcription:

Hey! You Can t Do That With My Code! Department of Mathematical Sciences and Department of Computer Science Worcester Polytechnic Institute CIMPA-UNESCO-PHILIPPINES Research Summer School UP Diliman, July 27, 2009

Outline (T, M, S)-Nets

First: The Omissions Perhaps the most exciting developments in algebraic coding theory since 1990 are

First: The Omissions Perhaps the most exciting developments in algebraic coding theory since 1990 are the theory of quantum error-correcting codes

First: The Omissions Perhaps the most exciting developments in algebraic coding theory since 1990 are the theory of quantum error-correcting codes The PCP Theorem in computational complexity theory: e.g. NP = PCP 1 ɛ, 1 [O(log n), 3] (Håstad, 2001) 2

Part I: (T, M, S)-Nets

Using Codes to Estimate Integrals If orthogonal arrays can be used to approximate Hamming space, can they also be used to approximate other spaces?

Key Results 1967: Sobol sequences (I. Sobol ) [also Halton/Faure/ Hammersley sequences]

Key Results 1967: Sobol sequences (I. Sobol ) [also Halton/Faure/ Hammersley sequences] 1987: (T, M, S)-nets (Niederreiter)

Key Results 1967: Sobol sequences (I. Sobol ) [also Halton/Faure/ Hammersley sequences] 1987: (T, M, S)-nets (Niederreiter) 1996: generalized orthogonal arrays (Lawrence)

Key Results 1967: Sobol sequences (I. Sobol ) [also Halton/Faure/ Hammersley sequences] 1987: (T, M, S)-nets (Niederreiter) 1996: generalized orthogonal arrays (Lawrence) 1996: ordered orthogonal arrays (Mullen/Schmid)

Key Results 1967: Sobol sequences (I. Sobol ) [also Halton/Faure/ Hammersley sequences] 1987: (T, M, S)-nets (Niederreiter) 1996: generalized orthogonal arrays (Lawrence) 1996: ordered orthogonal arrays (Mullen/Schmid) 1996: Constructions from algebraic curves (Niederreiter/Xing)

Key Results 1967: Sobol sequences (I. Sobol ) [also Halton/Faure/ Hammersley sequences] 1987: (T, M, S)-nets (Niederreiter) 1996: generalized orthogonal arrays (Lawrence) 1996: ordered orthogonal arrays (Mullen/Schmid) 1996: Constructions from algebraic curves (Niederreiter/Xing) 1999: MacWilliams identities, LP bounds, association scheme (WJM/Stinson)

Key Results 1967: Sobol sequences (I. Sobol ) [also Halton/Faure/ Hammersley sequences] 1987: (T, M, S)-nets (Niederreiter) 1996: generalized orthogonal arrays (Lawrence) 1996: ordered orthogonal arrays (Mullen/Schmid) 1996: Constructions from algebraic curves (Niederreiter/Xing) 1999: MacWilliams identities, LP bounds, association scheme (WJM/Stinson) late 90s+: Many new constructions (Adams/Edel/Bierbrauer/et al.)

Key Results 1967: Sobol sequences (I. Sobol ) [also Halton/Faure/ Hammersley sequences] 1987: (T, M, S)-nets (Niederreiter) 1996: generalized orthogonal arrays (Lawrence) 1996: ordered orthogonal arrays (Mullen/Schmid) 1996: Constructions from algebraic curves (Niederreiter/Xing) 1999: MacWilliams identities, LP bounds, association scheme (WJM/Stinson) late 90s+: Many new constructions (Adams/Edel/Bierbrauer/et al.) 2004+: Improved bounds (Schmid/Schürer/Bierbrauer/Barg/Purkayastha/Trinker/Visentin)

What is a (T, M, S)-Net? A (T, M, S)-net in base q Harald Niederrieter

What is a (T, M, S)-Net? Harald Niederrieter A (T, M, S)-net in base q is a set N of q M points in the half-open S-dimensional Euclidean cube [0, 1) S

What is a (T, M, S)-Net? Harald Niederrieter A (T, M, S)-net in base q is a set N of q M points in the half-open S-dimensional Euclidean cube [0, 1) S with the property that every elementary interval [ a1 q d, a 1 + 1 1 q d 1 ) [ a2 q d, a ) [ 2 + 1 as 2 q d 2 q d, a ) S + 1 S q d S of volume q T M

What is a (T, M, S)-Net? Harald Niederrieter A (T, M, S)-net in base q is a set N of q M points in the half-open S-dimensional Euclidean cube [0, 1) S with the property that every elementary interval [ a1 q d, a 1 + 1 1 q d 1 ) [ a2 q d, a ) [ 2 + 1 as 2 q d 2 q d, a ) S + 1 S q d S of volume q T M (i.e., with d 1 + d 2 + + d S = M T )

What is a (T, M, S)-Net? Harald Niederrieter A (T, M, S)-net in base q is a set N of q M points in the half-open S-dimensional Euclidean cube [0, 1) S with the property that every elementary interval [ a1 q d, a 1 + 1 1 q d 1 ) [ a2 q d, a ) [ 2 + 1 as 2 q d 2 q d, a ) S + 1 S q d S of volume q T M (i.e., with d 1 + d 2 + + d S = M T ) contains exactly q T points from N.

Simple Example of a (T, M, S)-Net binary code with minimum distance three four points in [0, 1) 2

Simple Example of a (T, M, S)-Net binary code with minimum distance three C = {000000, 111001, 001110, 110111} four points in [0, 1) 2 N = {(0, 0), (7/8, 1/8), (1/8, 3/4), (3/4, 7/8)}

Simple Example of a (T, M, S)-Net binary code with minimum distance three C = {000000, 111001, 001110, 110111} partition into two groups of three coords, insert decimal points four points in [0, 1) 2 N = {(0, 0), (7/8, 1/8), (1/8, 3/4), (3/4, 7/8)} 1.00 0.75 0.50 0.25 0.00 0.00 0.25 0.50 0.75 1.00

Simple Example of a (T, M, S)-Net binary code with minimum distance three C = {000000, 111001, 001110, 110111} partition into two groups of three coords, insert decimal points 0 0 0 0 0 0 1 1 1 0 0 1 0 0 1 1 1 0 1 1 0 1 1 1 four points in [0, 1) 2 N = {(0, 0), (7/8, 1/8), (1/8, 3/4), (3/4, 7/8)} 1.00 0.75 0.50 0.25 0.00 0.00 0.25 0.50 0.75 1.00

Simple Example of a (T, M, S)-Net binary code with minimum distance three C = {000000, 111001, 001110, 110111} partition into two groups of three coords, insert decimal points.0 0 0.0 0 0.1 1 1.0 0 1.0 0 1.1 1 0.1 1 0.1 1 1 four points in [0, 1) 2 N = {(0, 0), (7/8, 1/8), (1/8, 3/4), (3/4, 7/8)} 1.00 0.75 0.50 0.25 0.00 0.00 0.25 0.50 0.75 1.00

Orthogonal Array Property We consider an m n array A over F q

Orthogonal Array Property We consider an m n array A over F q OA property : for a subset T of the columns, does the projection of A onto these columns contain every T -tuple over F q equally often?

Orthogonal Array Property We consider an m n array A over F q OA property : for a subset T of the columns, does the projection of A onto these columns contain every T -tuple over F q equally often? orthogonal array of strength t: A has the OA property with respect to any set T of t or fewer columns

Orthogonal Array Property We consider an m n array A over F q OA property : for a subset T of the columns, does the projection of A onto these columns contain every T -tuple over F q equally often? orthogonal array of strength t: A has the OA property with respect to any set T of t or fewer columns ordered orthogonal array: Now assume n = sl and columns are labelled {(i, j) : 1 i s, 1 j l}.

Ordered Orthogonal Arrays OA property with respect to column set T : projection of A onto these columns contains every T -tuple over F q equally often

Ordered Orthogonal Arrays OA property with respect to column set T : projection of A onto these columns contains every T -tuple over F q equally often ordered orthogonal array: Now assume n = sl and columns are labelled {(i, j) : 1 i s, 1 j l}

Ordered Orthogonal Arrays OA property with respect to column set T : projection of A onto these columns contains every T -tuple over F q equally often ordered orthogonal array: Now assume n = sl and columns are labelled {(i, j) : 1 i s, 1 j l} a set T of columns is left-justified if it contains (i, j 1) whenever it contains (i, j) with j > 1

Ordered Orthogonal Arrays OA property with respect to column set T : projection of A onto these columns contains every T -tuple over F q equally often ordered orthogonal array: Now assume n = sl and columns are labelled {(i, j) : 1 i s, 1 j l} a set T of columns is left-justified if it contains (i, j 1) whenever it contains (i, j) with j > 1 ordered orthogonal array of strength t: A enjoys the OA property for every left-justified set of t or fewer columns

Ordered Orthogonal Arrays OA property with respect to column set T : projection of A onto these columns contains every T -tuple over F q equally often ordered orthogonal array: Now assume n = sl and columns are labelled {(i, j) : 1 i s, 1 j l} a set T of columns is left-justified if it contains (i, j 1) whenever it contains (i, j) with j > 1 ordered orthogonal array of strength t: A enjoys the OA property for every left-justified set of t or fewer columns Lawrence/Mullen/Schmid: (T, M, S)-net in base q OOA over F q with q m rows, s = S, l = t = M T.

The Theorem of Mullen & Schmid and (indep.) Lawrence Theorem (1996): (T, M, S)-net in base q OOA over F q with q m rows, s = S, l = t = M T

Idea of Proof N = { ( 0 4, 0 4), ( 1 4, 3 4), ( 2 4, 2 4), ( 3 4, 1 4) } T = {(1, 1), (1, 2)}

Idea of Proof N = {(.00,.00), (.01,.11), (.10,.10), (.11,.01)} T = {(2, 1), (2, 2)}

Idea of Proof N = {(.00,.00), (.01,.11), (.10,.10), (.11,.01)} T = {(1, 1), (2, 1)}

Nets from Many Sources two mutually orthogonal latin squares of order five (color/height)

Niederreiter/Xing Construction (Simplified) Let N = {P 1,..., P s } be a subset of F q of size s, let k 0

Niederreiter/Xing Construction (Simplified) Let N = {P 1,..., P s } be a subset of F q of size s, let k 0 Reed-Solomon code has a codeword for each polynomial f (x) of degree k: c f = [f (P 1 ), f (P 2 ),..., f (P s )]

Niederreiter/Xing Construction (Simplified) Let N = {P 1,..., P s } be a subset of F q of size s, let k 0 Reed-Solomon code has a codeword for each polynomial f (x) of degree k: c f = [f (P 1 ), f (P 2 ),..., f (P s )] a non-zero polynomial of degree at most k has at most k roots

Niederreiter/Xing Construction (Simplified) Let N = {P 1,..., P s } be a subset of F q of size s, let k 0 Reed-Solomon code has a codeword for each polynomial f (x) of degree k: c f = [f (P 1 ), f (P 2 ),..., f (P s )] a non-zero polynomial of degree at most k has at most k roots... counting multiplicities!

Niederreiter/Xing Construction (Simplified) Let N = {P 1,..., P s } be a subset of F q of size s, let k 0 Reed-Solomon code has a codeword for each polynomial f (x) of degree k: c f = [f (P 1 ), f (P 2 ),..., f (P s )] a non-zero polynomial of degree at most k has at most k roots... counting multiplicities! So take SM-tuple (M = k + 1) [ ] f (P 1 ), f (P 1 ),..., f (k) (P 1 )...... f (P s ), f (P s ),..., f (k) (P s ) to get a powerful (T, M, S)-net

Niederreiter/Xing Construction (Simplified) Let N = {P 1,..., P s } be a subset of F q of size s, let k 0 Reed-Solomon code has a codeword for each polynomial f (x) of degree k: c f = [f (P 1 ), f (P 2 ),..., f (P s )] a non-zero polynomial of degree at most k has at most k roots... counting multiplicities! So take SM-tuple (M = k + 1) [ ] f (P 1 ), f (P 1 ),..., f (k) (P 1 )...... f (P s ), f (P s ),..., f (k) (P s ) to get a powerful (T, M, S)-net They show that the same works over algebraic curves (global function fields)

Codes for the Rosenbloom-Tsfasman Metric the dual of a linear OA is an error-correcting code

Codes for the Rosenbloom-Tsfasman Metric the dual of a linear OA is an error-correcting code the dual of a linear OOA is a code for the Rosenbloom-Tsfasman metric

Codes for the Rosenbloom-Tsfasman Metric the dual of a linear OA is an error-correcting code the dual of a linear OOA is a code for the Rosenbloom-Tsfasman metric Research Problem: Are there any non-trivial perfect codes in the Rosenbloom-Tsfasman metric?

Part II:

How can a code be used to bolster randomness?

We have a secret string x. An opponent learns t bits of x, but we don t know which ones. After applying function f, we guarantee that our opponents knows nothing.

Key Results 1985: The bit extraction problem (Chor/Goldreich/Håstad/Friedman/Rudich/Smolensky)

Key Results 1985: The bit extraction problem (Chor/Goldreich/Håstad/Friedman/Rudich/Smolensky) 1988: Privacy amplification by public discussion (Bennett/Brassard/Robert)

Key Results 1985: The bit extraction problem (Chor/Goldreich/Håstad/Friedman/Rudich/Smolensky) 1988: Privacy amplification by public discussion (Bennett/Brassard/Robert) 1993: Equivalent to large set of OA (Stinson)

Key Results 1985: The bit extraction problem (Chor/Goldreich/Håstad/Friedman/Rudich/Smolensky) 1988: Privacy amplification by public discussion (Bennett/Brassard/Robert) 1993: Equivalent to large set of OA (Stinson) 1995: First non-linear examples (Stinson/Massey)

Key Results 1985: The bit extraction problem (Chor/Goldreich/Håstad/Friedman/Rudich/Smolensky) 1988: Privacy amplification by public discussion (Bennett/Brassard/Robert) 1993: Equivalent to large set of OA (Stinson) 1995: First non-linear examples (Stinson/Massey) 1997: All-or-nothing transforms (Rivest)

Key Results 1985: The bit extraction problem (Chor/Goldreich/Håstad/Friedman/Rudich/Smolensky) 1988: Privacy amplification by public discussion (Bennett/Brassard/Robert) 1993: Equivalent to large set of OA (Stinson) 1995: First non-linear examples (Stinson/Massey) 1997: All-or-nothing transforms (Rivest) 1999+: Applications to fault-tolerant distributed computing, key distribution, quantum cryptography, etc.

The Linear Case (Chor, et al.) Let G be a generator matrix for an [n, k, d] q -code

The Linear Case (Chor, et al.) Let G be a generator matrix for an [n, k, d] q -code Define f : F n q F k q via f (x) = Gx

The Linear Case (Chor, et al.) Let G be a generator matrix for an [n, k, d] q -code Define f : F n q F k q via f (x) = Gx If t d 1 entries of x are deterministic and the rest are random and fully independent (denote D T,A )

The Linear Case (Chor, et al.) Let G be a generator matrix for an [n, k, d] q -code Define f : F n q F k q via f (x) = Gx If t d 1 entries of x are deterministic and the rest are random and fully independent (denote D T,A )... then f (x) is uniformly distributed over F k q

The Linear Case (Chor, et al.) Let G be a generator matrix for an [n, k, d] q -code Define f : F n q F k q via f (x) = Gx If t d 1 entries of x are deterministic and the rest are random and fully independent (denote D T,A )... then f (x) is uniformly distributed over F k q Why? Any linear combination of entries of f (x) is a dot product of x with some codeword

The Linear Case (Chor, et al.) Let G be a generator matrix for an [n, k, d] q -code Define f : F n q F k q via f (x) = Gx If t d 1 entries of x are deterministic and the rest are random and fully independent (denote D T,A )... then f (x) is uniformly distributed over F k q Why? Any linear combination of entries of f (x) is a dot product of x with some codeword So any non-trivial linear function of entries involves at least one random input position

True Random Bit Generators (Sunar/Stinson/WJM) Random bits are expensive

True Random Bit Generators (Sunar/Stinson/WJM) Random bits are expensive Device must tap some physical source of known behavior

True Random Bit Generators (Sunar/Stinson/WJM) Random bits are expensive Device must tap some physical source of known behavior Even the best sources of randomness have quiet periods

True Random Bit Generators (Sunar/Stinson/WJM) Random bits are expensive Device must tap some physical source of known behavior Even the best sources of randomness have quiet periods Assuming 80% of input bits are random samples and 20% are from quiet periods

True Random Bit Generators (Sunar/Stinson/WJM) Random bits are expensive Device must tap some physical source of known behavior Even the best sources of randomness have quiet periods Assuming 80% of input bits are random samples and 20% are from quiet periods Resilient function collapses samples to strings one-tenth the size

True Random Bit Generators (Sunar/Stinson/WJM) Random bits are expensive Device must tap some physical source of known behavior Even the best sources of randomness have quiet periods Assuming 80% of input bits are random samples and 20% are from quiet periods Resilient function collapses samples to strings one-tenth the size What if quiet period is longer than expected?

Higher Weights (Generalized Hamming Weights) Start with a binary linear [n, k, d]-code

Higher Weights (Generalized Hamming Weights) Start with a binary linear [n, k, d]-code Define A (l) h as number of linear subcodes C, dim C = l, supp C = h

Higher Weights (Generalized Hamming Weights) Start with a binary linear [n, k, d]-code Define A (l) h as number of linear subcodes C, dim C = l, supp C = h E.g. A (1) h = A h for h > 0, A (l) h = 0 for h < d except A (0) 0 = 1

Higher Weights (Generalized Hamming Weights) Start with a binary linear [n, k, d]-code Define A (l) h as number of linear subcodes C, dim C = l, supp C = h E.g. A (1) h = A h for h > 0, A (l) h = 0 for h < d except A (0) 0 = 1 The number of i-subsets of coordinates that contain the support of exactly 2 r codewords is shown to be B i,r = k l=0 h=0 n ( ( 1) l r 2 (l r 2 ) n h i h ) [ l r ] A (l) h

Higher Weights (Generalized Hamming Weights) Start with a binary linear [n, k, d]-code Define A (l) h as number of linear subcodes C, dim C = l, supp C = h E.g. A (1) h = A h for h > 0, A (l) h = 0 for h < d except A (0) 0 = 1 The number of i-subsets of coordinates that contain the support of exactly 2 r codewords is shown to be B i,r = k l=0 h=0 n ( ( 1) l r 2 (l r 2 ) n h i h ) [ l r ] A (l) h Lemma (Sunar/WJM): Let X be a random variable taking values in {0, 1} n according to a probability distributiond T,A. Then Prob[H out = k r T = i] = B i,r ( n i ) 1.

A Research Problem Higher weight enumerators are known only for very few codes: MDS codes: partial information only (Dougherty, et al.)

A Research Problem Higher weight enumerators are known only for very few codes: MDS codes: partial information only (Dougherty, et al.) Golay codes (Sunar/WJM, probably earlier)

A Research Problem Higher weight enumerators are known only for very few codes: MDS codes: partial information only (Dougherty, et al.) Golay codes (Sunar/WJM, probably earlier) Hamming codes Can we work out these statistics for the other standard families of codes?

Part III:

Codes for Biometrics How can we eliminate noise if we are not permitted to choose our codewords?

Selected References 1990s: Ad-hoc mix of protocols (e.g., quantum oblivious transfer, crypto over noisy channels)

Selected References 1990s: Ad-hoc mix of protocols (e.g., quantum oblivious transfer, crypto over noisy channels) 1987,1994: Patents for iris recognition systems

Selected References 1990s: Ad-hoc mix of protocols (e.g., quantum oblivious transfer, crypto over noisy channels) 1987,1994: Patents for iris recognition systems 2008: definition of fuzzy extractor (Dodis/Ostrovsky/Reyzin/Smith)

Selected References 1990s: Ad-hoc mix of protocols (e.g., quantum oblivious transfer, crypto over noisy channels) 1987,1994: Patents for iris recognition systems 2008: definition of fuzzy extractor (Dodis/Ostrovsky/Reyzin/Smith) 2009: CD fingerprinting (Hammouri/Dana/Sunar)

Selected References 1990s: Ad-hoc mix of protocols (e.g., quantum oblivious transfer, crypto over noisy channels) 1987,1994: Patents for iris recognition systems 2008: definition of fuzzy extractor (Dodis/Ostrovsky/Reyzin/Smith) 2009: CD fingerprinting (Hammouri/Dana/Sunar) 2009: physically unclonable functions (WPI team)

Metric space M and function f : M {0, 1} {0, 1} such that f (w, x) = f (w, x) provided x valid for w and d(w, w) < ɛ.

Fuzzy Extractor: Toy Example

Fuzzy Extractor: Toy Example Baseline reading w = 3 is obtained from temporal reading w = 2 and hint x = D. But w is not recoverable from either w or x alone.

Code-Offset Construction (Dodis, et al.) Fuzzy extractor for Hamming metric: Start with a binary [n, k, d]-code with generator matrix G

Code-Offset Construction (Dodis, et al.) Fuzzy extractor for Hamming metric: Start with a binary [n, k, d]-code with generator matrix G For each user, generate a random k-bit string m

Code-Offset Construction (Dodis, et al.) Fuzzy extractor for Hamming metric: Start with a binary [n, k, d]-code with generator matrix G For each user, generate a random k-bit string m For baseline reading w, helper data is x = w + mg

Code-Offset Construction (Dodis, et al.) Fuzzy extractor for Hamming metric: Start with a binary [n, k, d]-code with generator matrix G For each user, generate a random k-bit string m For baseline reading w, helper data is x = w + mg New reading w is assumed to be within distance d/2 of w in large Hamming space

Code-Offset Construction (Dodis, et al.) Fuzzy extractor for Hamming metric: Start with a binary [n, k, d]-code with generator matrix G For each user, generate a random k-bit string m For baseline reading w, helper data is x = w + mg New reading w is assumed to be within distance d/2 of w in large Hamming space To recover m from x and w, decode w + x = mg + (w w )

Code-Offset Construction (Dodis, et al.) Fuzzy extractor for Hamming metric: Start with a binary [n, k, d]-code with generator matrix G For each user, generate a random k-bit string m For baseline reading w, helper data is x = w + mg New reading w is assumed to be within distance d/2 of w in large Hamming space To recover m from x and w, decode w + x = mg + (w w ) Provided k and d are both linear in n, recovery of m from just x or w is hard

A Research Problem Fuzzy extractors are known for several metrics: Hamming

A Research Problem Fuzzy extractors are known for several metrics: Hamming Set difference (fuzzy vault scheme of Juels/Sudan)

A Research Problem Fuzzy extractors are known for several metrics: Hamming Set difference (fuzzy vault scheme of Juels/Sudan) Edit distance

A Research Problem Fuzzy extractors are known for several metrics: Hamming Set difference (fuzzy vault scheme of Juels/Sudan) Edit distance Can we build efficient fuzzy extractors for the Euclidean metric?

(T, M, S)-Nets The End Thank you all!

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback