Results 1  10
of
114
Learning polynomials with queries: The highly noisy case
, 1995
"... Given a function f mapping nvariate inputs from a finite Kearns et. al. [21] (see also [27, 28, 22]). In the setting of agfieldFintoF, we consider the task of reconstructing a list nostic learning, the learner is to make no assumptions regarding of allnvariate degreedpolynomials which agree withf ..."
Abstract

Cited by 97 (18 self)
 Add to MetaCart
(Show Context)
Given a function f mapping nvariate inputs from a finite Kearns et. al. [21] (see also [27, 28, 22]). In the setting of agfieldFintoF, we consider the task of reconstructing a list nostic learning, the learner is to make no assumptions regarding of allnvariate degreedpolynomials which agree withfon a the natural phenomena underlying the input/output relationship tiny but nonnegligible fraction, , of the input space. We give a of the function, and the goal of the learner is to come up with a randomized algorithm for solving this task which accessesfas a simple explanation which best fits the examples. Therefore the black box and runs in time polynomial in1;nand exponential in best explanation may account for only part of the phenomena. d, provided is(pd=jFj). For the special case whend=1, In some situations, when the phenomena appears very irregular, we solve this problem for jFj>0. In this case the providing an explanation which fits only part of it is better than nothing. Interestingly, Kearns et. al. did not consider the use of running time of our algorithm is bounded by a polynomial queries (but rather examples drawn from an arbitrary distribuand exponential ind. Our algorithm generalizes a previously tion) as they were skeptical that queries could be of any help. known algorithm, due to Goldreich and Levin, that solves this We show that queries do seem to help (see below). task for the case whenF=GF(2)(andd=1).
Cube Attacks on Tweakable Black Box Polynomials
 in Proceedings of the 28th Annual International Conference on Advances in Cryptology: The Theory and Applications of Cryptographic Techniques, LNCS 5479
, 2009
"... Abstract. Almost any cryptographic scheme can be described by tweakable polynomials over GF (2), which contain both secret variables (e.g., key bits) and public variables (e.g., plaintext bits or IV bits). The cryptanalyst is allowed to tweak the polynomials by choosing arbitrary values for the publ ..."
Abstract

Cited by 91 (8 self)
 Add to MetaCart
(Show Context)
Abstract. Almost any cryptographic scheme can be described by tweakable polynomials over GF (2), which contain both secret variables (e.g., key bits) and public variables (e.g., plaintext bits or IV bits). The cryptanalyst is allowed to tweak the polynomials by choosing arbitrary values for the public variables, and his goal is to solve the resultant system of polynomial equations in terms of their common secret variables. In this paper we develop a new technique (called a cube attack) for solving such tweakable polynomials, which is a major improvement over several previously published attacks of the same type. For example, on the stream cipher Trivium with a reduced number of initialization rounds, the best previous attack (due to Fischer, Khazaei, and Meier) requires a barely practical complexity of 255 to attack 672 initialization rounds, whereas a cube attack can find the complete key of the same variant in 219 bit operations (which take less than a second on a single PC). Trivium with 735 initialization rounds (which could not be attacked by any previous technique) can now be broken with 230 bit operations. Trivium with 767 initialization rounds can now be broken with 245 bit operations, and the complexity of the attack can almost certainly be further reduced to about 236 bit operations. Whereas previous attacks were heuristic, had to be adapted to each cryptosystem, had no general complexity bounds, and were not expected to succeed on random looking polynomials, cube attacks are provably successful when applied to random polynomials of degree d over n secret variables whenever the number m of public variables exceeds d + logdn. Their complexity is 2 d−1n + n2 bit operations, which is polynomial in n and amazingly low when d is small. Cube attacks can be applied to any block cipher, stream cipher, or MAC which is provided as a black box (even when nothing is known about its internal structure) as long as at least one output bit can be represented by (an unknown) polynomial of relatively low degree in the secret and public variables.
The Importance of Being Biased
, 2002
"... The Minimum Vertex Cover problem is the problem of, given a graph, finding a smallest set of vertices that touches all edges. We show that it is NPhard to approximate this problem 1.36067, improving on the previously known hardness result for a 6 factor. 1 ..."
Abstract

Cited by 90 (8 self)
 Add to MetaCart
The Minimum Vertex Cover problem is the problem of, given a graph, finding a smallest set of vertices that touches all edges. We show that it is NPhard to approximate this problem 1.36067, improving on the previously known hardness result for a 6 factor. 1
On WorstCase to AverageCase Reductions for NP Problems
 IN PROCEEDINGS OF THE 44TH IEEE SYMPOSIUM ON FOUNDATIONS OF COMPUTER SCIENCE
, 2003
"... We show that if an NPcomplete problem has a nonadaptive selfcorrector with respect to a samplable distribution then coNP is contained in AM/poly and the polynomial hierarchy collapses to the third level. Feigenbaum and Fortnow show the same conclusion under the stronger assumption that an NPcompl ..."
Abstract

Cited by 61 (6 self)
 Add to MetaCart
(Show Context)
We show that if an NPcomplete problem has a nonadaptive selfcorrector with respect to a samplable distribution then coNP is contained in AM/poly and the polynomial hierarchy collapses to the third level. Feigenbaum and Fortnow show the same conclusion under the stronger assumption that an NPcomplete problem has a nonadaptive random selfreduction. Our result
Algebraic Property Testing: The Role of Invariance
, 2007
"... We argue that the symmetries of a property being tested play a central role in property testing. We support this assertion in the context of algebraic functions, by examining properties of functions mapping a vector space K n over a field K to a subfield F. We consider Flinear properties that are i ..."
Abstract

Cited by 52 (16 self)
 Add to MetaCart
(Show Context)
We argue that the symmetries of a property being tested play a central role in property testing. We support this assertion in the context of algebraic functions, by examining properties of functions mapping a vector space K n over a field K to a subfield F. We consider Flinear properties that are invariant under linear transformations of the domain and prove that an O(1)local “characterization ” is a necessary and sufficient condition for O(1)local testability when K  = O(1). (A local characterization of a property is a definition of a property in terms of local constraints satisfied by functions exhibiting a property.) For the subclass of properties that are invariant under affine transformations of the domain, we prove that the existence of a single O(1)local constraint implies O(1)local testability. These results generalize and extend the class of algebraic properties, most notably linearity and lowdegreeness, that were previously known to be testable. In particular, the extensions include properties satisfied by functions of degree linear in n that turn out to be O(1)locally testable. Our results are proved by introducing a new notion that we term “formal characterizations”. Roughly this corresponds to characterizations that are given by a single local constraint and its permutations under linear transformations of the domain. Our main testing result shows that local formal characterizations
Property Testing Lower Bounds Via Communication Complexity
, 2011
"... We develop a new technique for proving lower bounds in property testing, by showing a strong connection between testing and communication complexity. We give a simple scheme for reducing communication problems to testing problems, thus allowing us to use known lower bounds in communication complexit ..."
Abstract

Cited by 34 (8 self)
 Add to MetaCart
(Show Context)
We develop a new technique for proving lower bounds in property testing, by showing a strong connection between testing and communication complexity. We give a simple scheme for reducing communication problems to testing problems, thus allowing us to use known lower bounds in communication complexity to prove lower bounds in testing. This scheme is general and implies a number of new testing bounds, as well as simpler proofs of several known bounds. For the problem of testing whether a boolean function is klinear (a parity function on k variables), we achieve a lower bound of Ω(k) queries, even for adaptive algorithms with twosided error, thus confirming a conjecture of Goldreich [25]. The same argument behind this lower bound also implies a new proof of known lower bounds for testing related classes such as kjuntas. For some classes, such as the class of monotone functions and the class of ssparse GF(2) polynomials, we significantly strengthen the best known bounds.
Robust Locally Testable Codes and Products of Codes
 In Proc. RANDOM: International Workshop on Randomization and Approximation Techniques in Computer Science
, 2004
"... We continue the investigation of locally testable codes, i.e., errorcorrecting codes for whom membership of a given word in the code can be tested probabilistically by examining it in very few locations. We give two general results on local testability: First, motivated by the recently proposed ..."
Abstract

Cited by 19 (3 self)
 Add to MetaCart
(Show Context)
We continue the investigation of locally testable codes, i.e., errorcorrecting codes for whom membership of a given word in the code can be tested probabilistically by examining it in very few locations. We give two general results on local testability: First, motivated by the recently proposed notion of robust probabilistically checkable proofs, we introduce the notion of robust local testability of codes. We relate this notion to a product of codes introduced by Tanner, and show a very simple composition lemma for this notion. Next, we show that codes built by tensor products can be tested robustly and somewhat locally, by applying a variant of a test and proof technique introduced by Raz and Safra in the context of testing lowdegree multivariate polynomials (which are a special case of tensor codes).
Optimal testing of ReedMuller codes
, 2009
"... We consider the problem of testing if a given function ..."
Abstract

Cited by 19 (8 self)
 Add to MetaCart
(Show Context)
We consider the problem of testing if a given function
A unified framework for testing linearinvariant properties
 In Proceedings of the 51st Annual IEEE Symposium on Foundations of Computer Science
, 2010
"... In the history of property testing, a particularly important role has been played by linearinvariant properties, i.e., properties of Boolean functions on the hypercube which are closed under linear transformations of the domain. Examples of such properties include linearity, ReedMuller codes, and F ..."
Abstract

Cited by 18 (6 self)
 Add to MetaCart
(Show Context)
In the history of property testing, a particularly important role has been played by linearinvariant properties, i.e., properties of Boolean functions on the hypercube which are closed under linear transformations of the domain. Examples of such properties include linearity, ReedMuller codes, and Fourier sparsity. In this work, we describe a framework that can lead to a unified analysis of the testability of all linearinvariant properties, drawing on techniques from additive combinatorics and from graph theory. Our main contributions here are the following: 1. We introduce a simple combinatorial condition, which we call subspaceheredity, and conjecture that any property of Boolean functions satisfying it can be efficiently tested. Verifying this conjecture will unify many individual results in this area. 2. We show that if our conjecture holds, then one can obtain a simple combinatorial characterization of properties of Boolean functions that can be efficiently tested with onesided error, thus addressing a challenge posed by Sudan recently. 3. We introduce a new technique for proving the testability of Boolean functions. Using it, we verify a special case of the conjecture. Our approach here is motivated by techniques that proved to be very successful previously in studying the testability of graph properties.
Verifying and decoding in constant depth
 In Proceedings of the ThirtyNinth Annual ACM Symposium on Theory of Computing
, 2007
"... We develop a general approach for improving the efficiency of a computationally bounded receiver interacting with a powerful and possibly malicious sender. The key idea we use is that of delegating some of the receiver’s computation to the (potentially malicious) sender. This idea was recently intro ..."
Abstract

Cited by 17 (4 self)
 Add to MetaCart
We develop a general approach for improving the efficiency of a computationally bounded receiver interacting with a powerful and possibly malicious sender. The key idea we use is that of delegating some of the receiver’s computation to the (potentially malicious) sender. This idea was recently introduced by Goldwasser et al. [14] in the area of program checking. A classic example of such a senderreceiver setting is interactive proof systems. By taking the sender to be a (potentially malicious) prover and the receiver to be a verifier, we show that (pprover) interactive proofs with k rounds of interaction are equivalent to (pprover) interactive proofs with k + O(1) rounds, where the verifier is in NC 0. That is, each round of the verifier’s computation can be implemented in constant parallel time. As a corollary, we obtain interactive proof systems, with (optimally) constant soundness, for languages in AM and NEXP, where the verifier runs in constant paralleltime. Another, less immediate senderreceiver setting arises in considering error correcting codes. By taking the sender to be a (potentially corrupted) codeword and the receiver to be a decoder, we obtain explicit families of codes that are locally (list)decodable by constantdepth circuits of size polylogarithmic in the length of the codeword. Using the tight connection between locally listdecodable codes and averagecase complexity, we obtain a new, more efficient, worstcase to averagecase reduction for languages in EXP.