-
Finding Collisions in Interactive Protocols -- Tight Lower Bounds on the Round and Communication Complexities of Statistically Hiding Commitments
Authors:
Iftach Haitner,
Jonathan J. Hoch,
Omer Reingold,
Gil Segev
Abstract:
We study the round and communication complexities of various cryptographic protocols. We give tight lower bounds on the round and communication complexities of any fully black-box reduction of a statistically hiding commitment scheme from one-way permutations, and from trapdoor permutations. As a corollary, we derive similar tight lower bounds for several other cryptographic protocols, such as sin…
▽ More
We study the round and communication complexities of various cryptographic protocols. We give tight lower bounds on the round and communication complexities of any fully black-box reduction of a statistically hiding commitment scheme from one-way permutations, and from trapdoor permutations. As a corollary, we derive similar tight lower bounds for several other cryptographic protocols, such as single-server private information retrieval, interactive hashing, and oblivious transfer that guarantees statistical security for one of the parties. Our techniques extend the collision-finding oracle due to Simon (EUROCRYPT '98) to the setting of interactive protocols and the reconstruction paradigm of Gennaro and Trevisan (FOCS '00).
△ Less
Submitted 4 May, 2021;
originally announced May 2021.
-
An Information-Theoretic Proof of the Streaming Switching Lemma for Symmetric Encryption
Authors:
Ido Shahaf,
Or Ordentlich,
Gil Segev
Abstract:
Motivated by a fundamental paradigm in cryptography, we consider a recent variant of the classic problem of bounding the distinguishing advantage between a random function and a random permutation. Specifically, we consider the problem of deciding whether a sequence of $q$ values was sampled uniformly with or without replacement from $[N]$, where the decision is made by a streaming algorithm restr…
▽ More
Motivated by a fundamental paradigm in cryptography, we consider a recent variant of the classic problem of bounding the distinguishing advantage between a random function and a random permutation. Specifically, we consider the problem of deciding whether a sequence of $q$ values was sampled uniformly with or without replacement from $[N]$, where the decision is made by a streaming algorithm restricted to using at most $s$ bits of internal memory. In this work, the distinguishing advantage of such an algorithm is measured by the KL divergence between the distributions of its output as induced under the two cases. We show that for any $s=Ω(\log N)$ the distinguishing advantage is upper bounded by $O(q \cdot s / N)$, and even by $O(q \cdot s / N \log N)$ when $q \leq N^{1 - ε}$ for any constant $ε> 0$ where it is nearly tight with respect to the KL divergence.
△ Less
Submitted 21 April, 2020;
originally announced April 2020.
-
Crypto-Oriented Neural Architecture Design
Authors:
Avital Shafran,
Gil Segev,
Shmuel Peleg,
Yedid Hoshen
Abstract:
As neural networks revolutionize many applications, significant privacy conflicts between model users and providers emerge. The cryptography community developed a variety of techniques for secure computation to address such privacy issues. As generic techniques for secure computation are typically prohibitively ineffective, many efforts focus on optimizing their underlying cryptographic tools. Dif…
▽ More
As neural networks revolutionize many applications, significant privacy conflicts between model users and providers emerge. The cryptography community developed a variety of techniques for secure computation to address such privacy issues. As generic techniques for secure computation are typically prohibitively ineffective, many efforts focus on optimizing their underlying cryptographic tools. Differently, we propose to optimize the initial design of crypto-oriented neural architectures and provide a novel Partial Activation layer. The proposed layer is much faster for secure computation. Evaluating our method on three state-of-the-art architectures (SqueezeNet, ShuffleNetV2, and MobileNetV2) demonstrates significant improvement to the efficiency of secure inference on common evaluation metrics.
△ Less
Submitted 16 February, 2021; v1 submitted 27 November, 2019;
originally announced November 2019.
-
Multiple State EFN Transistors
Authors:
Gideon Segev,
Iddo Amit,
Andrey Godkin,
Alex Henning,
Yossi Rosenwaks
Abstract:
Electrostatically Formed Nanowire (EFN) based transistors have been suggested in the past as gas sensing devices. These transistors are multiple gate transistors in which the source to drain conduction path is determined by the bias applied to the back gate, and two junction gates. If a specific bias is applied to the side gates, the conduction band electrons between them are confined to a well-de…
▽ More
Electrostatically Formed Nanowire (EFN) based transistors have been suggested in the past as gas sensing devices. These transistors are multiple gate transistors in which the source to drain conduction path is determined by the bias applied to the back gate, and two junction gates. If a specific bias is applied to the side gates, the conduction band electrons between them are confined to a well-defined area forming a narrow channel- the Electrostatically Formed Nanowire. Recent work has shown that by applying non-symmetric bias on the side gates, the lateral position of the EFN can be controlled. We propose a novel Multiple State EFN Transistor (MSET) that utilizes this degree of freedom for the implementation of complete multiplexer functionality in a single transistor like device. The multiplexer functionality allows a very simple implementation of binary and multiple valued logic functions.
△ Less
Submitted 19 March, 2015; v1 submitted 25 February, 2015;
originally announced February 2015.
-
How to Approximate A Set Without Knowing Its Size In Advance
Authors:
Rasmus Pagh,
Gil Segev,
Udi Wieder
Abstract:
The dynamic approximate membership problem asks to represent a set S of size n, whose elements are provided in an on-line fashion, supporting membership queries without false negatives and with a false positive rate at most epsilon. That is, the membership algorithm must be correct on each x in S, and may err with probability at most epsilon on each x not in S.
We study a well-motivated, yet ins…
▽ More
The dynamic approximate membership problem asks to represent a set S of size n, whose elements are provided in an on-line fashion, supporting membership queries without false negatives and with a false positive rate at most epsilon. That is, the membership algorithm must be correct on each x in S, and may err with probability at most epsilon on each x not in S.
We study a well-motivated, yet insufficiently explored, variant of this problem where the size n of the set is not known in advance. Existing optimal approximate membership data structures require that the size is known in advance, but in many practical scenarios this is not a realistic assumption. Moreover, even if the eventual size n of the set is known in advance, it is desirable to have the smallest possible space usage also when the current number of inserted elements is smaller than n. Our contribution consists of the following results:
- We show a super-linear gap between the space complexity when the size is known in advance and the space complexity when the size is not known in advance.
- We show that our space lower bound is tight, and can even be matched by a highly efficient data structure.
△ Less
Submitted 11 April, 2013; v1 submitted 3 April, 2013;
originally announced April 2013.
-
Backyard Cuckoo Hashing: Constant Worst-Case Operations with a Succinct Representation
Authors:
Yuriy Arbitman,
Moni Naor,
Gil Segev
Abstract:
The performance of a dynamic dictionary is measured mainly by its update time, lookup time, and space consumption. In terms of update time and lookup time there are known constructions that guarantee constant-time operations in the worst case with high probability, and in terms of space consumption there are known constructions that use essentially optimal space. However, although the first analys…
▽ More
The performance of a dynamic dictionary is measured mainly by its update time, lookup time, and space consumption. In terms of update time and lookup time there are known constructions that guarantee constant-time operations in the worst case with high probability, and in terms of space consumption there are known constructions that use essentially optimal space. However, although the first analysis of a dynamic dictionary dates back more than 45 years ago (when Knuth analyzed linear probing in 1963), the trade-off between these aspects of performance is still not completely understood. In this paper we settle two fundamental open problems: - We construct the first dynamic dictionary that enjoys the best of both worlds: it stores n elements using (1+epsilon)n memory words, and guarantees constant-time operations in the worst case with high probability. Specifically, for any epsilon = Ω((\log\log n / \log n)^{1/2} ) and for any sequence of polynomially many operations, with high probability over the randomness of the initialization phase, all operations are performed in constant time which is independent of epsilon. The construction is a two-level variant of cuckoo hashing, augmented with a "backyard" that handles a large fraction of the elements, together with a de-amortized perfect hashing scheme for eliminating the dependency on epsilon. - We present a variant of the above construction that uses only (1+o(1))B bits, where B is the information-theoretic lower bound for representing a set of size n taken from a universe of size u, and guarantees constant-time operations in the worst case with high probability, as before. This problem was open even in the amortized setting. One of the main ingredients of our construction is a permutation-based variant of cuckoo hashing, which significantly improves the space consumption of cuckoo hashing when dealing with a rather small universe.
△ Less
Submitted 16 August, 2010; v1 submitted 30 December, 2009;
originally announced December 2009.
-
De-amortized Cuckoo Hashing: Provable Worst-Case Performance and Experimental Results
Authors:
Yuriy Arbitman,
Moni Naor,
Gil Segev
Abstract:
Cuckoo hashing is a highly practical dynamic dictionary: it provides amortized constant insertion time, worst case constant deletion time and lookup time, and good memory utilization. However, with a noticeable probability during the insertion of n elements some insertion requires Ω(log n) time. Whereas such an amortized guarantee may be suitable for some applications, in other applications (suc…
▽ More
Cuckoo hashing is a highly practical dynamic dictionary: it provides amortized constant insertion time, worst case constant deletion time and lookup time, and good memory utilization. However, with a noticeable probability during the insertion of n elements some insertion requires Ω(log n) time. Whereas such an amortized guarantee may be suitable for some applications, in other applications (such as high-performance routing) this is highly undesirable.
Recently, Kirsch and Mitzenmacher (Allerton '07) proposed a de-amortization of cuckoo hashing using various queueing techniques that preserve its attractive properties. Kirsch and Mitzenmacher demonstrated a significant improvement to the worst case performance of cuckoo hashing via experimental results, but they left open the problem of constructing a scheme with provable properties.
In this work we follow Kirsch and Mitzenmacher and present a de-amortization of cuckoo hashing that provably guarantees constant worst case operations. Specifically, for any sequence of polynomially many operations, with overwhelming probability over the randomness of the initialization phase, each operation is performed in constant time. Our theoretical analysis and experimental results indicate that the scheme is highly efficient, and provides a practical alternative to the only other known dynamic dictionary with such worst case guarantees, due to Dietzfelbinger and Meyer auf der Heide (ICALP '90).
△ Less
Submitted 2 March, 2009;
originally announced March 2009.
