TY - GEN
T1 - Bounded Indistinguishability for Simple Sources
AU - Bogdanov, Andrej
AU - Dinesh, Krishnamoorthy
AU - Filmus, Yuval
AU - Ishai, Yuval
AU - Kaplan, Avi
AU - Srinivasan, Akshayaram
N1 - Publisher Copyright:
© Andrej Bogdanov, Krishnamoorthy Dinesh, Yuval Filmus, Yuval Ishai, Avi Kaplan, and Akshayaram Srinivasan; licensed under Creative Commons License CC-BY 4.0
PY - 2022/1/1
Y1 - 2022/1/1
N2 - A pair of sources X, Y over {0, 1}n are k-indistinguishable if their projections to any k coordinates are identically distributed. Can some AC0 function distinguish between two such sources when k is big, say k = n0.1? Braverman's theorem (Commun. ACM 2011) implies a negative answer when X is uniform, whereas Bogdanov et al. (Crypto 2016) observe that this is not the case in general. We initiate a systematic study of this question for natural classes of low-complexity sources, including ones that arise in cryptographic applications, obtaining positive results, negative results, and barriers. In particular: - There exist Ω(√n)-indistinguishable X, Y, samplable by degree-O(log n) polynomial maps (over F2) and by poly(n)-size decision trees, that are Ω(1)-distinguishable by OR. - There exists a function f such that all f(d, ϵ)-indistinguishable X, Y that are samplable by degree-d polynomial maps are ϵ-indistinguishable by OR for all sufficiently large n. Moreover, f(1, ϵ) = ⌈log(1/ϵ)⌉ + 1 and f(2, ϵ) = O(log10(1/ϵ)). - Extending (weaker versions of) the above negative results to AC0 distinguishers would require settling a conjecture of Servedio and Viola (ECCC 2012). Concretely, if every pair of n0.9indistinguishable X, Y that are samplable by linear maps is ϵ-indistinguishable by AC0 circuits, then the binary inner product function can have at most an ϵ-correlation with AC0 ◦ ⨁ circuits. Finally, we motivate the question and our results by presenting applications of positive results to low-complexity secret sharing and applications of negative results to leakage-resilient cryptography.
AB - A pair of sources X, Y over {0, 1}n are k-indistinguishable if their projections to any k coordinates are identically distributed. Can some AC0 function distinguish between two such sources when k is big, say k = n0.1? Braverman's theorem (Commun. ACM 2011) implies a negative answer when X is uniform, whereas Bogdanov et al. (Crypto 2016) observe that this is not the case in general. We initiate a systematic study of this question for natural classes of low-complexity sources, including ones that arise in cryptographic applications, obtaining positive results, negative results, and barriers. In particular: - There exist Ω(√n)-indistinguishable X, Y, samplable by degree-O(log n) polynomial maps (over F2) and by poly(n)-size decision trees, that are Ω(1)-distinguishable by OR. - There exists a function f such that all f(d, ϵ)-indistinguishable X, Y that are samplable by degree-d polynomial maps are ϵ-indistinguishable by OR for all sufficiently large n. Moreover, f(1, ϵ) = ⌈log(1/ϵ)⌉ + 1 and f(2, ϵ) = O(log10(1/ϵ)). - Extending (weaker versions of) the above negative results to AC0 distinguishers would require settling a conjecture of Servedio and Viola (ECCC 2012). Concretely, if every pair of n0.9indistinguishable X, Y that are samplable by linear maps is ϵ-indistinguishable by AC0 circuits, then the binary inner product function can have at most an ϵ-correlation with AC0 ◦ ⨁ circuits. Finally, we motivate the question and our results by presenting applications of positive results to low-complexity secret sharing and applications of negative results to leakage-resilient cryptography.
KW - Bounded indistinguishability
KW - Complexity of sampling
KW - Constant-depth circuits
KW - Leakage-resilient cryptography
KW - Pseudorandomness
KW - Secret sharing
UR - http://www.scopus.com/inward/record.url?scp=85123999985&partnerID=8YFLogxK
U2 - 10.4230/LIPIcs.ITCS.2022.26
DO - 10.4230/LIPIcs.ITCS.2022.26
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:85123999985
T3 - Leibniz International Proceedings in Informatics, LIPIcs
BT - 13th Innovations in Theoretical Computer Science Conference, ITCS 2022
A2 - Braverman, Mark
T2 - 13th Innovations in Theoretical Computer Science Conference, ITCS 2022
Y2 - 31 January 2022 through 3 February 2022
ER -