-
An Efficient Hybrid Key Exchange Mechanism
Authors:
Benjamin D. Kim,
Vipindev Adat Vasudevan,
Alejandro Cohen,
Rafael G. L. D'Oliveira,
Thomas Stahlbuhk,
Muriel Médard
Abstract:
We present \textsc{CHOKE}, a novel code-based hybrid key-encapsulation mechanism (KEM) designed to securely and efficiently transmit multiple session keys simultaneously. By encoding $n$ independent session keys with an individually secure linear code and encapsulating each resulting coded symbol using a separate KEM, \textsc{CHOKE} achieves computational individual security -- each key remains se…
▽ More
We present \textsc{CHOKE}, a novel code-based hybrid key-encapsulation mechanism (KEM) designed to securely and efficiently transmit multiple session keys simultaneously. By encoding $n$ independent session keys with an individually secure linear code and encapsulating each resulting coded symbol using a separate KEM, \textsc{CHOKE} achieves computational individual security -- each key remains secure as long as at least one underlying KEM remains unbroken. Compared to traditional serial or combiner-based hybrid schemes, \textsc{CHOKE} reduces computational and communication costs by an $n$-fold factor. Furthermore, we show that the communication cost of our construction is optimal under the requirement that each KEM must be used at least once.
△ Less
Submitted 5 May, 2025;
originally announced May 2025.
-
Optimal Computational Secret Sharing
Authors:
Igor L. Aureliano,
Alejandro Cohen,
Rafael G. L. D'Oliveira
Abstract:
In $(t, n)$-threshold secret sharing, a secret $S$ is distributed among $n$ participants such that any subset of size $t$ can recover $S$, while any subset of size $t-1$ or fewer learns nothing about it. For information-theoretic secret sharing, it is known that the share size must be at least as large as the secret, i.e., $|S|$. When computational security is employed using cryptographic encrypti…
▽ More
In $(t, n)$-threshold secret sharing, a secret $S$ is distributed among $n$ participants such that any subset of size $t$ can recover $S$, while any subset of size $t-1$ or fewer learns nothing about it. For information-theoretic secret sharing, it is known that the share size must be at least as large as the secret, i.e., $|S|$. When computational security is employed using cryptographic encryption with a secret key $K$, previous work has shown that the share size can be reduced to $\tfrac{|S|}{t} + |K|$.
In this paper, we present a construction achieving a share size of $\tfrac{|S| + |K|}{t}$. Furthermore, we prove that, under reasonable assumptions on the encryption scheme -- namely, the non-compressibility of pseudorandom encryption and the non-redundancy of the secret key -- this share size is optimal.
△ Less
Submitted 4 February, 2025;
originally announced February 2025.
-
Cryptanalysis via Machine Learning Based Information Theoretic Metrics
Authors:
Benjamin D. Kim,
Vipindev Adat Vasudevan,
Rafael G. L. D'Oliveira,
Alejandro Cohen,
Thomas Stahlbuhk,
Muriel Médard
Abstract:
The fields of machine learning (ML) and cryptanalysis share an interestingly common objective of creating a function, based on a given set of inputs and outputs. However, the approaches and methods in doing so vary vastly between the two fields. In this paper, we explore integrating the knowledge from the ML domain to provide empirical evaluations of cryptosystems. Particularly, we utilize informa…
▽ More
The fields of machine learning (ML) and cryptanalysis share an interestingly common objective of creating a function, based on a given set of inputs and outputs. However, the approaches and methods in doing so vary vastly between the two fields. In this paper, we explore integrating the knowledge from the ML domain to provide empirical evaluations of cryptosystems. Particularly, we utilize information theoretic metrics to perform ML-based distribution estimation. We propose two novel applications of ML algorithms that can be applied in a known plaintext setting to perform cryptanalysis on any cryptosystem. We use mutual information neural estimation to calculate a cryptosystem's mutual information leakage, and a binary cross entropy classification to model an indistinguishability under chosen plaintext attack (CPA). These algorithms can be readily applied in an audit setting to evaluate the robustness of a cryptosystem and the results can provide a useful empirical bound. We evaluate the efficacy of our methodologies by empirically analyzing several encryption schemes. Furthermore, we extend the analysis to novel network coding-based cryptosystems and provide other use cases for our algorithms. We show that our classification model correctly identifies the encryption schemes that are not IND-CPA secure, such as DES, RSA, and AES ECB, with high accuracy. It also identifies the faults in CPA-secure cryptosystems with faulty parameters, such a reduced counter version of AES-CTR. We also conclude that with our algorithms, in most cases a smaller-sized neural network using less computing power can identify vulnerabilities in cryptosystems, providing a quick check of the sanity of the cryptosystem and help to decide whether to spend more resources to deploy larger networks that are able to break the cryptosystem.
△ Less
Submitted 24 January, 2025;
originally announced January 2025.
-
A Monotone Circuit Construction for Individually-Secure Multi-Secret Sharing
Authors:
Cailyn Bass,
Alejandro Cohen,
Rafael G. L. D'Oliveira,
Muriel Médard
Abstract:
In this work, we introduce a new technique for taking a single-secret sharing scheme with a general access structure and transforming it into an individually secure multi-secret sharing scheme where every secret has the same general access structure. To increase the information rate, we consider Individual Security which guarantees zero mutual information with each secret individually, for any una…
▽ More
In this work, we introduce a new technique for taking a single-secret sharing scheme with a general access structure and transforming it into an individually secure multi-secret sharing scheme where every secret has the same general access structure. To increase the information rate, we consider Individual Security which guarantees zero mutual information with each secret individually, for any unauthorized subsets. Our approach involves identifying which shares of the single-secret sharing scheme can be replaced by linear combinations of messages. When $m-1$ shares are replaced, our scheme obtains an information rate of $m/|S|$, where $S$ is the set of shares. This provides an improvement over the information rate of $1/|S|$ in the original single-secret sharing scheme.
△ Less
Submitted 10 May, 2024;
originally announced May 2024.
-
Secure Distributed Matrix Multiplication with Precomputation
Authors:
Ryann Cartor,
Rafael G. L. D'Oliveira,
Salim El Rouayheb,
Daniel Heinlein,
David Karpuk,
Alex Sprintson
Abstract:
We consider the problem of secure distributed matrix multiplication in which a user wishes to compute the product of two matrices with the assistance of honest but curious servers. We show how to construct polynomial schemes for the outer product partitioning which take advantage of the user's ability to precompute, and provide bounds for our technique. We show that precomputation allows for a red…
▽ More
We consider the problem of secure distributed matrix multiplication in which a user wishes to compute the product of two matrices with the assistance of honest but curious servers. We show how to construct polynomial schemes for the outer product partitioning which take advantage of the user's ability to precompute, and provide bounds for our technique. We show that precomputation allows for a reduction in the order of the time complexity for the cases where the number of colluding servers is a fixed percentage of the number of servers. Furthermore, with precomputation, any percentage (less than 100%) of collusions can be tolerated, compared to the upper limit of 50% for the case without precomputation.
△ Less
Submitted 9 May, 2024;
originally announced May 2024.
-
Leveraging AES Padding: dBs for Nothing and FEC for Free in IoT Systems
Authors:
Jongchan Woo,
Vipindev Adat Vasudevan,
Benjamin D. Kim,
Rafael G. L. D'Oliveira,
Alejandro Cohen,
Thomas Stahlbuhk,
Ken R. Duffy,
Muriel Médard
Abstract:
The Internet of Things (IoT) represents a significant advancement in digital technology, with its rapidly growing network of interconnected devices. This expansion, however, brings forth critical challenges in data security and reliability, especially under the threat of increasing cyber vulnerabilities. Addressing the security concerns, the Advanced Encryption Standard (AES) is commonly employed…
▽ More
The Internet of Things (IoT) represents a significant advancement in digital technology, with its rapidly growing network of interconnected devices. This expansion, however, brings forth critical challenges in data security and reliability, especially under the threat of increasing cyber vulnerabilities. Addressing the security concerns, the Advanced Encryption Standard (AES) is commonly employed for secure encryption in IoT systems. Our study explores an innovative use of AES, by repurposing AES padding bits for error correction and thus introducing a dual-functional method that seamlessly integrates error-correcting capabilities into the standard encryption process. The integration of the state-of-the-art Guessing Random Additive Noise Decoder (GRAND) in the receiver's architecture facilitates the joint decoding and decryption process. This strategic approach not only preserves the existing structure of the transmitter but also significantly enhances communication reliability in noisy environments, achieving a notable over 3 dB gain in Block Error Rate (BLER). Remarkably, this enhanced performance comes with a minimal power overhead at the receiver - less than 15% compared to the traditional decryption-only process, underscoring the efficiency of our hardware design for IoT applications. This paper discusses a comprehensive analysis of our approach, particularly in energy efficiency and system performance, presenting a novel and practical solution for reliable IoT communications.
△ Less
Submitted 8 May, 2024;
originally announced May 2024.
-
Error Correction Capabilities of Non-Linear Cryptographic Hash Functions
Authors:
Alejandro Cohen,
Rafael G. L. D'Oliveira
Abstract:
Linear hashes are known to possess error-correcting capabilities. However, in most applications, non-linear hashes with pseudorandom outputs are utilized instead. It has also been established that classical non-systematic random codes, both linear and non-linear, are capacity achieving in the asymptotic regime. Thus, it is reasonable to expect that non-linear hashes might also exhibit good error-c…
▽ More
Linear hashes are known to possess error-correcting capabilities. However, in most applications, non-linear hashes with pseudorandom outputs are utilized instead. It has also been established that classical non-systematic random codes, both linear and non-linear, are capacity achieving in the asymptotic regime. Thus, it is reasonable to expect that non-linear hashes might also exhibit good error-correcting capabilities. In this paper, we show this to be the case. Our proof is based on techniques from multiple access channels. As a consequence, we show that Systematic Random Non-Linear Codes (S-RNLC) are capacity achieving in the asymptotic regime. We validate our results by comparing the performance of the Secure Hash Algorithm (SHA) with that of Systematic Random Linear Codes (SRLC) and S-RNLC, demonstrating that SHA performs equally.
△ Less
Submitted 2 May, 2024;
originally announced May 2024.
-
Optimal Binary Differential Privacy via Graphs
Authors:
Sahel Torkamani,
Javad B. Ebrahimi,
Parastoo Sadeghi,
Rafael G. L. D'Oliveira,
Muriel Médard
Abstract:
We present the notion of \emph{reasonable utility} for binary mechanisms, which applies to all utility functions in the literature. This notion induces a partial ordering on the performance of all binary differentially private (DP) mechanisms. DP mechanisms that are maximal elements of this ordering are optimal DP mechanisms for every reasonable utility. By looking at differential privacy as a ran…
▽ More
We present the notion of \emph{reasonable utility} for binary mechanisms, which applies to all utility functions in the literature. This notion induces a partial ordering on the performance of all binary differentially private (DP) mechanisms. DP mechanisms that are maximal elements of this ordering are optimal DP mechanisms for every reasonable utility. By looking at differential privacy as a randomized graph coloring, we characterize these optimal DP in terms of their behavior on a certain subset of the boundary datasets we call a boundary hitting set. In the process of establishing our results, we also introduce a useful notion that generalizes DP conditions for binary-valued queries, which we coin as suitable pairs. Suitable pairs abstract away the algebraic roles of $\varepsilon,δ$ in the DP framework, making the derivations and understanding of our proofs simpler. Additionally, the notion of a suitable pair can potentially capture privacy conditions in frameworks other than DP and may be of independent interest.
△ Less
Submitted 31 October, 2023;
originally announced October 2023.
-
CRYPTO-MINE: Cryptanalysis via Mutual Information Neural Estimation
Authors:
Benjamin D. Kim,
Vipindev Adat Vasudevan,
Jongchan Woo,
Alejandro Cohen,
Rafael G. L. D'Oliveira,
Thomas Stahlbuhk,
Muriel Médard
Abstract:
The use of Mutual Information (MI) as a measure to evaluate the efficiency of cryptosystems has an extensive history. However, estimating MI between unknown random variables in a high-dimensional space is challenging. Recent advances in machine learning have enabled progress in estimating MI using neural networks. This work presents a novel application of MI estimation in the field of cryptography…
▽ More
The use of Mutual Information (MI) as a measure to evaluate the efficiency of cryptosystems has an extensive history. However, estimating MI between unknown random variables in a high-dimensional space is challenging. Recent advances in machine learning have enabled progress in estimating MI using neural networks. This work presents a novel application of MI estimation in the field of cryptography. We propose applying this methodology directly to estimate the MI between plaintext and ciphertext in a chosen plaintext attack. The leaked information, if any, from the encryption could potentially be exploited by adversaries to compromise the computational security of the cryptosystem. We evaluate the efficiency of our approach by empirically analyzing multiple encryption schemes and baseline approaches. Furthermore, we extend the analysis to novel network coding-based cryptosystems that provide individual secrecy and study the relationship between information leakage and input distribution.
△ Less
Submitted 18 September, 2023; v1 submitted 14 September, 2023;
originally announced September 2023.
-
Generalized Rainbow Differential Privacy
Authors:
Yuzhou Gu,
Ziqi Zhou,
Onur Günlü,
Rafael G. L. D'Oliveira,
Parastoo Sadeghi,
Muriel Médard,
Rafael F. Schaefer
Abstract:
We study a new framework for designing differentially private (DP) mechanisms via randomized graph colorings, called rainbow differential privacy. In this framework, datasets are nodes in a graph, and two neighboring datasets are connected by an edge. Each dataset in the graph has a preferential ordering for the possible outputs of the mechanism, and these orderings are called rainbows. Different…
▽ More
We study a new framework for designing differentially private (DP) mechanisms via randomized graph colorings, called rainbow differential privacy. In this framework, datasets are nodes in a graph, and two neighboring datasets are connected by an edge. Each dataset in the graph has a preferential ordering for the possible outputs of the mechanism, and these orderings are called rainbows. Different rainbows partition the graph of connected datasets into different regions. We show that if a DP mechanism at the boundary of such regions is fixed and it behaves identically for all same-rainbow boundary datasets, then a unique optimal $(ε,δ)$-DP mechanism exists (as long as the boundary condition is valid) and can be expressed in closed-form. Our proof technique is based on an interesting relationship between dominance ordering and DP, which applies to any finite number of colors and for $(ε,δ)$-DP, improving upon previous results that only apply to at most three colors and for $ε$-DP. We justify the homogeneous boundary condition assumption by giving an example with non-homogeneous boundary condition, for which there exists no optimal DP mechanism.
△ Less
Submitted 5 April, 2024; v1 submitted 11 September, 2023;
originally announced September 2023.
-
CERMET: Coding for Energy Reduction with Multiple Encryption Techniques -- $It's\ easy\ being\ green$
Authors:
Jongchan Woo,
Vipindev Adat Vasudevan,
Benjamin Kim,
Alejandro Cohen,
Rafael G. L. D'Oliveira,
Thomas Stahlbuhk,
Muriel Médard
Abstract:
This paper presents CERMET, an energy-efficient hardware architecture designed for hardware-constrained cryptosystems. CERMET employs a base cryptosystem in conjunction with network coding to provide both information-theoretic and computational security while reducing energy consumption per bit. This paper introduces the hardware architecture for the system and explores various optimizations to en…
▽ More
This paper presents CERMET, an energy-efficient hardware architecture designed for hardware-constrained cryptosystems. CERMET employs a base cryptosystem in conjunction with network coding to provide both information-theoretic and computational security while reducing energy consumption per bit. This paper introduces the hardware architecture for the system and explores various optimizations to enhance its performance. The universality of the approach is demonstrated by designing the architecture to accommodate both asymmetric and symmetric cryptosystems. The analysis reveals that the benefits of this proposed approach are multifold, reducing energy per bit and area without compromising security or throughput. The optimized hardware architectures can achieve below 1 pJ/bit operations for AES-256. Furthermore, for a public key cryptosystem based on Elliptic Curve Cryptography (ECC), a remarkable 14.6X reduction in energy per bit and a 9.3X reduction in area are observed, bringing it to less than 1 nJ/bit.
△ Less
Submitted 9 August, 2023;
originally announced August 2023.
-
Compressed Private Aggregation for Scalable and Robust Federated Learning over Massive Networks
Authors:
Natalie Lang,
Nir Shlezinger,
Rafael G. L. D'Oliveira,
Salim El Rouayheb
Abstract:
Federated learning (FL) is an emerging paradigm that allows a central server to train machine learning models using remote users' data. Despite its growing popularity, FL faces challenges in preserving the privacy of local datasets, its sensitivity to poisoning attacks by malicious users, and its communication overhead. The latter is additionally considerably dominant in large-scale networks. Thes…
▽ More
Federated learning (FL) is an emerging paradigm that allows a central server to train machine learning models using remote users' data. Despite its growing popularity, FL faces challenges in preserving the privacy of local datasets, its sensitivity to poisoning attacks by malicious users, and its communication overhead. The latter is additionally considerably dominant in large-scale networks. These limitations are often individually mitigated by local differential privacy (LDP) mechanisms, robust aggregation, compression, and user selection techniques, which typically come at the cost of accuracy. In this work, we present compressed private aggregation (CPA), that allows massive deployments to simultaneously communicate at extremely low bit rates while achieving privacy, anonymity, and resilience to malicious users. CPA randomizes a codebook for compressing the data into a few bits using nested lattice quantizers, while ensuring anonymity and robustness, with a subsequent perturbation to hold LDP. The proposed CPA is proven to result in FL convergence in the same asymptotic rate as FL without privacy, compression, and robustness considerations, while satisfying both anonymity and LDP requirements. These analytical properties are empirically confirmed in a numerical study, where we demonstrate the performance gains of CPA compared with separate mechanisms for compression and privacy for training different image classification models, as well as its robustness in mitigating the harmful effects of malicious users.
△ Less
Submitted 8 May, 2025; v1 submitted 1 August, 2023;
originally announced August 2023.
-
A Non-Asymptotic Analysis of Mismatched Guesswork
Authors:
Alexander Mariona,
Homa Esfahanizadeh,
Rafael G. L. D'Oliveira,
Muriel Médard
Abstract:
The problem of mismatched guesswork considers the additional cost incurred by using a guessing function which is optimal for a distribution $q$ when the random variable to be guessed is actually distributed according to a different distribution $p$. This problem has been well-studied from an asymptotic perspective, but there has been little work on quantifying the difference in guesswork between o…
▽ More
The problem of mismatched guesswork considers the additional cost incurred by using a guessing function which is optimal for a distribution $q$ when the random variable to be guessed is actually distributed according to a different distribution $p$. This problem has been well-studied from an asymptotic perspective, but there has been little work on quantifying the difference in guesswork between optimal and suboptimal strategies for a finite number of symbols. In this non-asymptotic regime, we consider a definition for mismatched guesswork which we show is equivalent to a variant of the Kendall tau permutation distance applied to optimal guessing functions for the mismatched distributions. We use this formulation to bound the cost of guesswork under mismatch given a bound on the total variation distance between the two distributions.
△ Less
Submitted 5 May, 2023;
originally announced May 2023.
-
PEOPL: Characterizing Privately Encoded Open Datasets with Public Labels
Authors:
Homa Esfahanizadeh,
Adam Yala,
Rafael G. L. D'Oliveira,
Andrea J. D. Jaba,
Victor Quach,
Ken R. Duffy,
Tommi S. Jaakkola,
Vinod Vaikuntanathan,
Manya Ghobadi,
Regina Barzilay,
Muriel Médard
Abstract:
Allowing organizations to share their data for training of machine learning (ML) models without unintended information leakage is an open problem in practice. A promising technique for this still-open problem is to train models on the encoded data. Our approach, called Privately Encoded Open Datasets with Public Labels (PEOPL), uses a certain class of randomly constructed transforms to encode sens…
▽ More
Allowing organizations to share their data for training of machine learning (ML) models without unintended information leakage is an open problem in practice. A promising technique for this still-open problem is to train models on the encoded data. Our approach, called Privately Encoded Open Datasets with Public Labels (PEOPL), uses a certain class of randomly constructed transforms to encode sensitive data. Organizations publish their randomly encoded data and associated raw labels for ML training, where training is done without knowledge of the encoding realization. We investigate several important aspects of this problem: We introduce information-theoretic scores for privacy and utility, which quantify the average performance of an unfaithful user (e.g., adversary) and a faithful user (e.g., model developer) that have access to the published encoded data. We then theoretically characterize primitives in building families of encoding schemes that motivate the use of random deep neural networks. Empirically, we compare the performance of our randomized encoding scheme and a linear scheme to a suite of computational attacks, and we also show that our scheme achieves competitive prediction accuracy to raw-sample baselines. Moreover, we demonstrate that multiple institutions, using independent random encoders, can collaborate to train improved ML models.
△ Less
Submitted 31 March, 2023;
originally announced April 2023.
-
Absolute Security in High-Frequency Wireless Links
Authors:
Alejandro Cohen,
Rafael G. L. D'Oliveira,
Chia-Yi Yeh,
Hichem Guerboukha,
Rabi Shrestha,
Zhaoji Fang,
Edward Knightly,
Muriel Médard,
Daniel M. Mittleman
Abstract:
Security against eavesdropping is one of the key concerns in the design of any communication system. Many common considerations of the security of a wireless communication channel rely on comparing the signal level measured by Bob (the intended receiver) to that accessible to Eve (an eavesdropper). Frameworks such as Wyner's wiretap model ensure the security of a link, in an average sense, when Bo…
▽ More
Security against eavesdropping is one of the key concerns in the design of any communication system. Many common considerations of the security of a wireless communication channel rely on comparing the signal level measured by Bob (the intended receiver) to that accessible to Eve (an eavesdropper). Frameworks such as Wyner's wiretap model ensure the security of a link, in an average sense, when Bob's signal-to-noise ratio exceeds Eve's. Unfortunately, because these guarantees rely on statistical assumptions about noise, Eve can still occasionally succeed in decoding information. The goal of achieving exactly zero probability of intercept over an engineered region of the broadcast sector, which we term absolute security, remains elusive. Here, we describe the first architecture for a wireless link which provides absolute security. Our approach relies on the inherent properties of broadband and high-gain antennas, and is therefore ideally suited for implementation in millimeter-wave and terahertz wireless systems, where such antennas will generally be employed. We exploit spatial minima of the antenna pattern at different frequencies, the union of which defines a wide region where Eve is guaranteed to fail regardless of her computational capabilities, and regardless of the noise in the channels. Unlike conventional zero-forcing beam forming methods, we show that, for realistic assumptions about the antenna configuration and power budget, this absolute security guarantee can be achieved over most possible eavesdropper locations. Since we use relatively simple frequency-multiplexed coding, together with the underlying physics of a diffracting aperture, this idea is broadly applicable in many contexts.
△ Less
Submitted 11 August, 2022;
originally announced August 2022.
-
A Bivariate Invariance Principle
Authors:
Alexander Mariona,
Homa Esfahanizadeh,
Rafael G. L. D'Oliveira,
Muriel Médard
Abstract:
A notable result from analysis of Boolean functions is the Basic Invariance Principle (BIP), a quantitative nonlinear generalization of the Central Limit Theorem for multilinear polynomials. We present a generalization of the BIP for bivariate multilinear polynomials, i.e., polynomials over two n-length sequences of random variables. This bivariate invariance principle arises from an iterative app…
▽ More
A notable result from analysis of Boolean functions is the Basic Invariance Principle (BIP), a quantitative nonlinear generalization of the Central Limit Theorem for multilinear polynomials. We present a generalization of the BIP for bivariate multilinear polynomials, i.e., polynomials over two n-length sequences of random variables. This bivariate invariance principle arises from an iterative application of the BIP to bound the error in replacing each of the two input sequences. In order to prove this invariance principle, we first derive a version of the BIP for random multilinear polynomials, i.e., polynomials whose coefficients are random variables. As a benchmark, we also state a naive bivariate invariance principle which treats the two input sequences as one and directly applies the BIP. Neither principle is universally stronger than the other, but we do show that for a notable class of bivariate functions, which we term separable functions, our subtler principle is exponentially tighter than the naive benchmark.
△ Less
Submitted 17 August, 2022; v1 submitted 9 August, 2022;
originally announced August 2022.
-
Wideband Time Frequency Coding
Authors:
Kathleen Yang,
Salman Salamatian,
Rafael G. L . D'Oliveira,
Muriel Medard
Abstract:
In the wideband regime, the performance of many of the popular modulation schemes such as code division multiple access and orthogonal frequency division multiplexing falls quickly without channel state information. Obtaining the amount of channel information required for these techniques to work is costly and difficult, which suggests the need for schemes which can perform well without channel st…
▽ More
In the wideband regime, the performance of many of the popular modulation schemes such as code division multiple access and orthogonal frequency division multiplexing falls quickly without channel state information. Obtaining the amount of channel information required for these techniques to work is costly and difficult, which suggests the need for schemes which can perform well without channel state information. In this work, we present one such scheme, called wideband time frequency coding, which achieves rates on the order of the additive white Gaussian noise capacity without requiring any channel state information. Wideband time frequency coding combines impulsive frequency shift keying with pulse position modulation, which allows for information to be encoded in both the transmitted frequency and the transmission time period. On the detection side, we propose a non-coherent decoder based on a square-law detector, akin to the optimal decoder for frequency shift keying based signals. The impacts of various parameters on the symbol error probability and capacity of wideband time frequency coding are investigated, and the results show that it is robust to shadowing and highly fading channels. When compared to other modulation schemes such as code division multiple access, orthogonal frequency division multiplexing, pulse position modulation, and impulsive frequency shift keying without channel state information, wideband time frequency coding achieves higher rates in the wideband regime, and performs comparably in smaller bandwidths.
△ Less
Submitted 31 May, 2022;
originally announced May 2022.
-
Heterogeneous Differential Privacy via Graphs
Authors:
Sahel Torkamani,
Javad B. Ebrahimi,
Parastoo Sadeghi,
Rafael G. L. D'Oliveira,
Muriel Medard
Abstract:
We generalize a previous framework for designing utility-optimal differentially private (DP) mechanisms via graphs, where datasets are vertices in the graph and edges represent dataset neighborhood. The boundary set contains datasets where an individual's response changes the binary-valued query compared to its neighbors. Previous work was limited to the homogeneous case where the privacy paramete…
▽ More
We generalize a previous framework for designing utility-optimal differentially private (DP) mechanisms via graphs, where datasets are vertices in the graph and edges represent dataset neighborhood. The boundary set contains datasets where an individual's response changes the binary-valued query compared to its neighbors. Previous work was limited to the homogeneous case where the privacy parameter $\varepsilon$ across all datasets was the same and the mechanism at boundary datasets was identical. In our work, the mechanism can take different distributions at the boundary and the privacy parameter $\varepsilon$ is a function of neighboring datasets, which recovers an earlier definition of personalized DP as special case. The problem is how to extend the mechanism, which is only defined at the boundary set, to other datasets in the graph in a computationally efficient and utility optimal manner. Using the concept of strongest induced DP condition we solve this problem efficiently in polynomial time (in the size of the graph).
△ Less
Submitted 29 March, 2022;
originally announced March 2022.
-
AES as Error Correction: Cryptosystems for Reliable Communication
Authors:
Alejandro Cohen,
Rafael G. L. D'Oliveira,
Ken R. Duffy,
Jongchan Woo,
Muriel Médard
Abstract:
In this paper, we show that the Advanced Encryption Standard (AES) cryptosystem can be used as an error-correcting code to obtain reliability over noisy communication and data systems. Moreover, we characterize a family of computational cryptosystems that can potentially be used as well performing error correcting codes. In particular, we show that simple padding followed by a cryptosystem with un…
▽ More
In this paper, we show that the Advanced Encryption Standard (AES) cryptosystem can be used as an error-correcting code to obtain reliability over noisy communication and data systems. Moreover, we characterize a family of computational cryptosystems that can potentially be used as well performing error correcting codes. In particular, we show that simple padding followed by a cryptosystem with uniform or pseudo-uniform outputs can approach the error-correcting performance of random codes. We empirically contrast the performance of the proposed approach using AES as error correction with that of Random Linear Codes and CA-Polar codes and show that in practical scenarios, they achieve almost the same performance. Finally, we present a modified counter mode of operation, named input plaintext counter mode, in order to utilize AES for multiple blocks while retaining its error correcting capabilities.
△ Less
Submitted 9 September, 2022; v1 submitted 22 March, 2022;
originally announced March 2022.
-
Rainbow Differential Privacy
Authors:
Ziqi Zhou,
Onur Günlü,
Rafael G. L. D'Oliveira,
Muriel Médard,
Parastoo Sadeghi,
Rafael F. Schaefer
Abstract:
We extend a previous framework for designing differentially private (DP) mechanisms via randomized graph colorings that was restricted to binary functions, corresponding to colorings in a graph, to multi-valued functions. As before, datasets are nodes in the graph and any two neighboring datasets are connected by an edge. In our setting, we assume that each dataset has a preferential ordering for…
▽ More
We extend a previous framework for designing differentially private (DP) mechanisms via randomized graph colorings that was restricted to binary functions, corresponding to colorings in a graph, to multi-valued functions. As before, datasets are nodes in the graph and any two neighboring datasets are connected by an edge. In our setting, we assume that each dataset has a preferential ordering for the possible outputs of the mechanism, each of which we refer to as a rainbow. Different rainbows partition the graph of datasets into different regions. We show that if the DP mechanism is pre-specified at the boundary of such regions and behaves identically for all same-rainbow boundary datasets, at most one optimal such mechanism can exist and the problem can be solved by means of a morphism to a line graph. We then show closed form expressions for the line graph in the case of ternary functions. Treatment of ternary queries in this paper displays enough richness to be extended to higher-dimensional query spaces with preferential query ordering, but the optimality proof does not seem to follow directly from the ternary proof.
△ Less
Submitted 13 May, 2022; v1 submitted 8 February, 2022;
originally announced February 2022.
-
Partial Encryption after Encoding for Security and Reliability in Data Systems
Authors:
Alejandro Cohen,
Rafael G. L. D'Oliveira,
Ken R. Duffy,
Muriel Médard
Abstract:
We consider the problem of secure and reliable communication over a noisy multipath network. Previous work considering a noiseless version of our problem proposed a hybrid universal network coding cryptosystem (HUNCC). By combining an information-theoretically secure encoder together with partial encryption, HUNCC is able to obtain security guarantees, even in the presence of an all-observing eave…
▽ More
We consider the problem of secure and reliable communication over a noisy multipath network. Previous work considering a noiseless version of our problem proposed a hybrid universal network coding cryptosystem (HUNCC). By combining an information-theoretically secure encoder together with partial encryption, HUNCC is able to obtain security guarantees, even in the presence of an all-observing eavesdropper. In this paper, we propose a version of HUNCC for noisy channels (N-HUNCC). This modification requires four main novelties. First, we present a network coding construction which is jointly, individually secure and error-correcting. Second, we introduce a new security definition which is a computational analogue of individual security, which we call individual indistinguishability under chosen ciphertext attack (individual IND-CCA1), and show that NHUNCC satisfies it. Third, we present a noise based decoder for N-HUNCC, which permits the decoding of the encoded-thenencrypted data. Finally, we discuss how to select parameters for N-HUNCC and its error-correcting capabilities.
△ Less
Submitted 7 February, 2022;
originally announced February 2022.
-
Syfer: Neural Obfuscation for Private Data Release
Authors:
Adam Yala,
Victor Quach,
Homa Esfahanizadeh,
Rafael G. L. D'Oliveira,
Ken R. Duffy,
Muriel Médard,
Tommi S. Jaakkola,
Regina Barzilay
Abstract:
Balancing privacy and predictive utility remains a central challenge for machine learning in healthcare. In this paper, we develop Syfer, a neural obfuscation method to protect against re-identification attacks. Syfer composes trained layers with random neural networks to encode the original data (e.g. X-rays) while maintaining the ability to predict diagnoses from the encoded data. The randomness…
▽ More
Balancing privacy and predictive utility remains a central challenge for machine learning in healthcare. In this paper, we develop Syfer, a neural obfuscation method to protect against re-identification attacks. Syfer composes trained layers with random neural networks to encode the original data (e.g. X-rays) while maintaining the ability to predict diagnoses from the encoded data. The randomness in the encoder acts as the private key for the data owner. We quantify privacy as the number of attacker guesses required to re-identify a single image (guesswork). We propose a contrastive learning algorithm to estimate guesswork. We show empirically that differentially private methods, such as DP-Image, obtain privacy at a significant loss of utility. In contrast, Syfer achieves strong privacy while preserving utility. For example, X-ray classifiers built with DP-image, Syfer, and original data achieve average AUCs of 0.53, 0.78, and 0.86, respectively.
△ Less
Submitted 28 January, 2022;
originally announced January 2022.
-
Field Trace Polynomial Codes for Secure Distributed Matrix Multiplication
Authors:
Roberto Assis Machado,
Rafael G. L. D'Oliveira,
Salim El Rouayheb,
Daniel Heinlein
Abstract:
We consider the problem of communication efficient secure distributed matrix multiplication. The previous literature has focused on reducing the number of servers as a proxy for minimizing communication costs. The intuition being, that the more servers used, the higher the communication cost. We show that this is not the case. Our central technique relies on adapting results from the literature on…
▽ More
We consider the problem of communication efficient secure distributed matrix multiplication. The previous literature has focused on reducing the number of servers as a proxy for minimizing communication costs. The intuition being, that the more servers used, the higher the communication cost. We show that this is not the case. Our central technique relies on adapting results from the literature on repairing Reed-Solomon codes where instead of downloading the whole of the computing task, a user downloads field traces of these computations. We present field trace polynomial codes, a family of codes, that explore this technique and characterize regimes for which our codes outperform the existing codes in the literature.
△ Less
Submitted 9 June, 2022; v1 submitted 19 August, 2021;
originally announced August 2021.
-
Post-Quantum Security for Ultra-Reliable Low-Latency Heterogeneous Networks
Authors:
Rafael G. L. D'Oliveira,
Alejandro Cohen,
John Robinson,
Thomas Stahlbuhk,
Muriel Médard
Abstract:
We consider the problem of post-quantum secure and ultra-reliable communication through a heterogeneous network consisting of multiple connections. Three performance metrics are considered: security, throughput, and in-order delivery delay. In this setting, previous work has looked, individually, at the trade-offs between in-order delivery delay and throughput, and between security and throughput.…
▽ More
We consider the problem of post-quantum secure and ultra-reliable communication through a heterogeneous network consisting of multiple connections. Three performance metrics are considered: security, throughput, and in-order delivery delay. In this setting, previous work has looked, individually, at the trade-offs between in-order delivery delay and throughput, and between security and throughput. This is the first work considering the trade-off between all three for heterogeneous communication networks, while taking the computational complexity into account. We present LL-HUNCC, a low latency hybrid universal network coding cryptosystem. LL-HUNCC is an efficient coding scheme which allows for secure communications over a noisy untrusted heterogeneous network by encrypting only a small part of the information being sent. This scheme provides post-quantum security with high throughput and low in-order delivery delay guarantees. We evaluate LL-HUNCC via simulations on a setting inspired by a practical scenario for heterogeneous communications involving a satellite communication link and a 5G communication network. Under this scenario, we compare LL-HUNCC to the state-of-the-art where all communication paths are encrypted via a post-quantum public-key cryptosystem.
△ Less
Submitted 13 August, 2021;
originally announced August 2021.
-
Degree Tables for Secure Distributed Matrix Multiplication
Authors:
Rafael G. L. D'Oliveira,
Salim El Rouayheb,
Daniel Heinlein,
David Karpuk
Abstract:
We consider the problem of secure distributed matrix multiplication (SDMM) in which a user wishes to compute the product of two matrices with the assistance of honest but curious servers. We construct polynomial codes for SDMM by studying a recently introduced combinatorial tool called the degree table. For a fixed partitioning, minimizing the total communication cost of a polynomial code for SDMM…
▽ More
We consider the problem of secure distributed matrix multiplication (SDMM) in which a user wishes to compute the product of two matrices with the assistance of honest but curious servers. We construct polynomial codes for SDMM by studying a recently introduced combinatorial tool called the degree table. For a fixed partitioning, minimizing the total communication cost of a polynomial code for SDMM is equivalent to minimizing $N$, the number of distinct elements in the corresponding degree table.
We propose new constructions of degree tables with a low number of distinct elements. These new constructions lead to a general family of polynomial codes for SDMM, which we call $\mathsf{GASP}_{r}$ (Gap Additive Secure Polynomial codes) parametrized by an integer $r$. $\mathsf{GASP}_{r}$ outperforms all previously known polynomial codes for SDMM under an outer product partitioning. We also present lower bounds on $N$ and prove the optimality or asymptotic optimality of our constructions for certain regimes. Moreover, we formulate the construction of optimal degree tables as an integer linear program and use it to prove the optimality of $\mathsf{GASP}_{r}$ for all the system parameters that we were able to test.
△ Less
Submitted 17 June, 2021;
originally announced June 2021.
-
Private Multi-Group Aggregation
Authors:
Carolina Naim,
Rafael G. L. D'Oliveira,
Salim El Rouayheb
Abstract:
We study the differentially private multi group aggregation (PMGA) problem. This setting involves a single server and $n$ users. Each user belongs to one of $k$ distinct groups and holds a discrete value. The goal is to design schemes that allow the server to find the aggregate (sum) of the values in each group (with high accuracy) under communication and local differential privacy constraints. Th…
▽ More
We study the differentially private multi group aggregation (PMGA) problem. This setting involves a single server and $n$ users. Each user belongs to one of $k$ distinct groups and holds a discrete value. The goal is to design schemes that allow the server to find the aggregate (sum) of the values in each group (with high accuracy) under communication and local differential privacy constraints. The privacy constraint guarantees that the user's group remains private. This is motivated by applications where a user's group can reveal sensitive information, such as his religious and political beliefs, health condition, or race. We propose a novel scheme, dubbed Query and Aggregate (Q\&A) for PMGA. The novelty of Q\&A is that it is an interactive aggregation scheme. In Q\&A, each user is assigned a random query matrix, to which he sends the server an answer based on his group and value. We characterize the Q\&A scheme's performance in terms of accuracy (MSE), privacy, and communication. We compare Q\&A to the Randomized Group (RG) scheme, which is non-interactive and adapts existing randomized response schemes to the PMGA setting. We observe that typically Q\&A outperforms RG, in terms of privacy vs. utility, in the high privacy regime.
△ Less
Submitted 8 June, 2021;
originally announced June 2021.
-
Differential Privacy for Binary Functions via Randomized Graph Colorings
Authors:
Rafael G. L. D'Oliveira,
Muriel Medard,
Parastoo Sadeghi
Abstract:
We present a framework for designing differentially private (DP) mechanisms for binary functions via a graph representation of datasets. Datasets are nodes in the graph and any two neighboring datasets are connected by an edge. The true binary function we want to approximate assigns a value (or true color) to a dataset. Randomized DP mechanisms are then equivalent to randomized colorings of the gr…
▽ More
We present a framework for designing differentially private (DP) mechanisms for binary functions via a graph representation of datasets. Datasets are nodes in the graph and any two neighboring datasets are connected by an edge. The true binary function we want to approximate assigns a value (or true color) to a dataset. Randomized DP mechanisms are then equivalent to randomized colorings of the graph. A key notion we use is that of the boundary of the graph. Any two neighboring datasets assigned a different true color belong to the boundary.
Under this framework, we show that fixing the mechanism behavior at the boundary induces a unique optimal mechanism. Moreover, if the mechanism is to have a homogeneous behavior at the boundary, we present a closed expression for the optimal mechanism, which is obtained by means of a \emph{pullback} operation on the optimal mechanism of a line graph. For balanced mechanisms, not favoring one binary value over another, the optimal $(ε,δ)$-DP mechanism takes a particularly simple form, depending only on the minimum distance to the boundary, on $ε$, and on $δ$.
△ Less
Submitted 9 February, 2021;
originally announced February 2021.
-
Network Coding-Based Post-Quantum Cryptography
Authors:
Alejandro Cohen,
Rafael G. L. D'Oliveira,
Salman Salamatian,
Muriel Medard
Abstract:
We propose a novel hybrid universal network-coding cryptosystem (HUNCC) to obtain secure post-quantum cryptography at high communication rates. The secure network-coding scheme we offer is hybrid in the sense that it combines information-theory security with public-key cryptography. In addition, the scheme is general and can be applied to any communication network, and to any public-key cryptosyst…
▽ More
We propose a novel hybrid universal network-coding cryptosystem (HUNCC) to obtain secure post-quantum cryptography at high communication rates. The secure network-coding scheme we offer is hybrid in the sense that it combines information-theory security with public-key cryptography. In addition, the scheme is general and can be applied to any communication network, and to any public-key cryptosystem. Our hybrid scheme is based on the information theoretic notion of individual secrecy, which traditionally relies on the assumption that an eavesdropper can only observe a subset of the communication links between the trusted parties - an assumption that is often challenging to enforce. For this setting, several code constructions have been developed, where the messages are linearly mixed before transmission over each of the paths in a way that guarantees that an adversary which observes only a subset has sufficient uncertainty about each individual message.
Instead, in this paper, we take a computational viewpoint, and construct a coding scheme in which an arbitrary secure cryptosystem is utilized on a subset of the links, while a pre-processing similar to the one in individual security is utilized. Under this scheme, we demonstrate 1) a computational security guarantee for an adversary which observes the entirety of the links 2) an information theoretic security guarantee for an adversary which observes a subset of the links, and 3) information rates which approach the capacity of the network and greatly improve upon the current solutions.
A perhaps surprising consequence of our scheme is that, to guarantee a computational security level b, it is sufficient to encrypt a single link using a computational post-quantum scheme. In addition, the information rate approaches 1 as the number of communication links increases.
△ Less
Submitted 3 September, 2020;
originally announced September 2020.
-
Low Influence, Utility, and Independence in Differential Privacy: A Curious Case of $3 \choose 2$
Authors:
Rafael G. L. D'Oliveira,
Salman Salamatian,
Muriel Médard,
Parastoo Sadeghi
Abstract:
We study the relationship between randomized low influence functions and differentially private mechanisms. Our main aim is to formally determine whether differentially private mechanisms are low influence and whether low influence randomized functions can be differentially private. We show that differential privacy does not necessarily imply low influence in a formal sense. However, low influence…
▽ More
We study the relationship between randomized low influence functions and differentially private mechanisms. Our main aim is to formally determine whether differentially private mechanisms are low influence and whether low influence randomized functions can be differentially private. We show that differential privacy does not necessarily imply low influence in a formal sense. However, low influence implies approximate differential privacy. These results hold for both independent and non-independent randomized mechanisms, where an important instance of the former is the widely-used additive noise techniques in the differential privacy literature. Our study also reveals the interesting dynamics between utility, low influence, and independence of a differentially private mechanism. As the name of this paper suggests, we show that any two such features are simultaneously possible. However, in order to have a differentially private mechanism that has both utility and low influence, even under a very mild utility condition, one has to employ non-independent mechanisms.
△ Less
Submitted 7 February, 2021; v1 submitted 21 August, 2020;
originally announced August 2020.
-
Notes on Communication and Computation in Secure Distributed Matrix Multiplication
Authors:
Rafael G. L. D'Oliveira,
Salim El Rouayheb,
Daniel Heinlein,
David Karpuk
Abstract:
We consider the problem of secure distributed matrix multiplication in which a user wishes to compute the product of two matrices with the assistance of honest but curious servers. In this paper, we answer the following question: Is it beneficial to offload the computations if security is a concern? We answer this question in the affirmative by showing that by adjusting the parameters in a polynom…
▽ More
We consider the problem of secure distributed matrix multiplication in which a user wishes to compute the product of two matrices with the assistance of honest but curious servers. In this paper, we answer the following question: Is it beneficial to offload the computations if security is a concern? We answer this question in the affirmative by showing that by adjusting the parameters in a polynomial code we can obtain a trade-off between the user's and the servers' computational time. Indeed, we show that if the computational time complexity of an operation in $\mathbb{F}_q$ is at most $\mathcal{Z}_q$ and the computational time complexity of multiplying two $n\times n$ matrices is $\mathcal{O}(n^ω\mathcal{Z}_q)$ then, by optimizing the trade-off, the user together with the servers can compute the multiplication in $\mathcal{O}(n^{4-\frac{6}{ω+1}} \mathcal{Z}_q)$ time. We also show that if the user is only concerned in optimizing the download rate, a common assumption in the literature, then the problem can be converted into a simple private information retrieval problem by means of a scheme we call Private Oracle Querying. However, this comes at large upload and computational costs for both the user and the servers.
△ Less
Submitted 8 May, 2020; v1 submitted 15 January, 2020;
originally announced January 2020.
-
Advances and Open Problems in Federated Learning
Authors:
Peter Kairouz,
H. Brendan McMahan,
Brendan Avent,
Aurélien Bellet,
Mehdi Bennis,
Arjun Nitin Bhagoji,
Kallista Bonawitz,
Zachary Charles,
Graham Cormode,
Rachel Cummings,
Rafael G. L. D'Oliveira,
Hubert Eichner,
Salim El Rouayheb,
David Evans,
Josh Gardner,
Zachary Garrett,
Adrià Gascón,
Badih Ghazi,
Phillip B. Gibbons,
Marco Gruteser,
Zaid Harchaoui,
Chaoyang He,
Lie He,
Zhouyuan Huo,
Ben Hutchinson
, et al. (34 additional authors not shown)
Abstract:
Federated learning (FL) is a machine learning setting where many clients (e.g. mobile devices or whole organizations) collaboratively train a model under the orchestration of a central server (e.g. service provider), while keeping the training data decentralized. FL embodies the principles of focused data collection and minimization, and can mitigate many of the systemic privacy risks and costs re…
▽ More
Federated learning (FL) is a machine learning setting where many clients (e.g. mobile devices or whole organizations) collaboratively train a model under the orchestration of a central server (e.g. service provider), while keeping the training data decentralized. FL embodies the principles of focused data collection and minimization, and can mitigate many of the systemic privacy risks and costs resulting from traditional, centralized machine learning and data science approaches. Motivated by the explosive growth in FL research, this paper discusses recent advances and presents an extensive collection of open problems and challenges.
△ Less
Submitted 8 March, 2021; v1 submitted 10 December, 2019;
originally announced December 2019.
-
GASP Codes for Secure Distributed Matrix Multiplication
Authors:
Rafael G. L. D'Oliveira,
Salim El Rouayheb,
David Karpuk
Abstract:
We consider the problem of secure distributed matrix multiplication (SDMM) in which a user wishes to compute the product of two matrices with the assistance of honest but curious servers. We construct polynomial codes for SDMM by studying a combinatorial problem on a special type of addition table, which we call the degree table. The codes are based on arithmetic progressions, and are thus named G…
▽ More
We consider the problem of secure distributed matrix multiplication (SDMM) in which a user wishes to compute the product of two matrices with the assistance of honest but curious servers. We construct polynomial codes for SDMM by studying a combinatorial problem on a special type of addition table, which we call the degree table. The codes are based on arithmetic progressions, and are thus named GASP (Gap Additive Secure Polynomial) Codes. GASP Codes are shown to outperform all previously known polynomial codes for secure distributed matrix multiplication in terms of download rate.
△ Less
Submitted 11 February, 2020; v1 submitted 24 December, 2018;
originally announced December 2018.
-
One-Shot PIR: Refinement and Lifting
Authors:
Rafael G. L. D'Oliveira,
Salim El Rouayheb
Abstract:
We study a class of private information retrieval (PIR) methods that we call one-shot schemes. The intuition behind one-shot schemes is the following. The user's query is regarded as a dot product of a query vector and the message vector (database) stored at multiple servers.
Privacy, in an information theoretic sense, is then achieved by encrypting the query vector using a secure linear code, s…
▽ More
We study a class of private information retrieval (PIR) methods that we call one-shot schemes. The intuition behind one-shot schemes is the following. The user's query is regarded as a dot product of a query vector and the message vector (database) stored at multiple servers.
Privacy, in an information theoretic sense, is then achieved by encrypting the query vector using a secure linear code, such as secret sharing.
Several PIR schemes in the literature, in addition to novel ones constructed here, fall into this class. One-shot schemes provide an insightful link between PIR and data security against eavesdropping. However, their download rate is not optimal, i.e., they do not achieve the PIR capacity. Our main contribution is two transformations of one-shot schemes, which we call refining and lifting. We show that refining and lifting one-shot schemes gives capacity-achieving schemes for the cases when the PIR capacity is known. In the other cases, when the PIR capacity is still unknown, refining and lifting one-shot schemes gives the best download rate so far.
△ Less
Submitted 12 October, 2018;
originally announced October 2018.
-
The Computational Wiretap Channel
Authors:
Rafael G. L. D'Oliveira,
Salim El Rouayheb,
Muriel Médard
Abstract:
We present the computational wiretap channel: Alice has some data x and wants to share some computation h(x) with Bob. To do this, she sends f(x), where f is some sufficient statistic for h. An eavesdropper, Eve, is interested in computing another function g(x). We show that, under some conditions on f and g, this channel can be approximated, from Eve's point of view, by the classic Wyner wiretap…
▽ More
We present the computational wiretap channel: Alice has some data x and wants to share some computation h(x) with Bob. To do this, she sends f(x), where f is some sufficient statistic for h. An eavesdropper, Eve, is interested in computing another function g(x). We show that, under some conditions on f and g, this channel can be approximated, from Eve's point of view, by the classic Wyner wiretap channel.
△ Less
Submitted 16 August, 2018;
originally announced August 2018.
-
Lifting Private Information Retrieval from Two to any Number of Messages
Authors:
Rafael G. L. D'Oliveira,
Salim El Rouayheb
Abstract:
We study private information retrieval (PIR) on coded data with possibly colluding servers. Devising PIR schemes with optimal download rate in the case of collusion and coded data is still open in general. We provide a lifting operation that can transform what we call one-shot PIR schemes for two messages into schemes for any number of messages. We apply this lifting operation on existing PIR sche…
▽ More
We study private information retrieval (PIR) on coded data with possibly colluding servers. Devising PIR schemes with optimal download rate in the case of collusion and coded data is still open in general. We provide a lifting operation that can transform what we call one-shot PIR schemes for two messages into schemes for any number of messages. We apply this lifting operation on existing PIR schemes and describe two immediate implications. First, we obtain novel PIR schemes with improved download rate in the case of MDS coded data and server collusion. Second, we provide a simplified description of existing optimal PIR schemes on replicated data as lifted secret sharing based PIR.
△ Less
Submitted 29 May, 2018; v1 submitted 18 February, 2018;
originally announced February 2018.
-
A Distance Between Channels: the average error of mismatched channels
Authors:
Rafael G. L. D'Oliveira,
Marcelo Firer
Abstract:
Two channels are equivalent if their maximum likelihood (ML) decoders coincide for every code. We show that this equivalence relation partitions the space of channels into a generalized hyperplane arrangement. With this, we define a coding distance between channels in terms of their ML-decoders which is meaningful from the decoding point of view, in the sense that the closer two channels are, the…
▽ More
Two channels are equivalent if their maximum likelihood (ML) decoders coincide for every code. We show that this equivalence relation partitions the space of channels into a generalized hyperplane arrangement. With this, we define a coding distance between channels in terms of their ML-decoders which is meaningful from the decoding point of view, in the sense that the closer two channels are, the larger is the probability of them sharing the same ML-decoder. We give explicit formulas for these probabilities.
△ Less
Submitted 6 February, 2018;
originally announced February 2018.
-
Channel Metrization
Authors:
Rafael G. L. D'Oliveira,
Marcelo Firer
Abstract:
We present an algorithm that, given a channel, determines if there is a distance for it such that the maximum likelihood decoder coincides with the minimum distance decoder.
We also show that any metric, up to a decoding equivalence, can be isometrically embedded into the hypercube with the Hamming metric, and thus, in terms of decoding, the Hamming metric is universal.
We present an algorithm that, given a channel, determines if there is a distance for it such that the maximum likelihood decoder coincides with the minimum distance decoder.
We also show that any metric, up to a decoding equivalence, can be isometrically embedded into the hypercube with the Hamming metric, and thus, in terms of decoding, the Hamming metric is universal.
△ Less
Submitted 25 February, 2016; v1 submitted 11 October, 2015;
originally announced October 2015.
-
The Packing Radius of a Code and Partitioning Problems: the Case for Poset Metrics
Authors:
Rafael Gregorio Lucas D'Oliveira,
Marcelo Firer
Abstract:
Until this work, the packing radius of a poset code was only known in the cases where the poset was a chain, a hierarchy, a union of disjoint chains of the same size, and for some families of codes. Our objective is to approach the general case of any poset. To do this, we will divide the problem into two parts.
The first part consists in finding the packing radius of a single vector. We will sh…
▽ More
Until this work, the packing radius of a poset code was only known in the cases where the poset was a chain, a hierarchy, a union of disjoint chains of the same size, and for some families of codes. Our objective is to approach the general case of any poset. To do this, we will divide the problem into two parts.
The first part consists in finding the packing radius of a single vector. We will show that this is equivalent to a generalization of a famous NP-hard problem known as "the partition problem". Then, we will review the main results known about this problem giving special attention to the algorithms to solve it. The main ingredient to these algorithms is what is known as the differentiating method, and therefore, we will extend it to the general case.
The second part consists in finding the vector that determines the packing radius of the code. For this, we will show how it is sometimes possible to compare the packing radius of two vectors without calculating them explicitly.
△ Less
Submitted 24 January, 2013;
originally announced January 2013.
