TY - GEN
T1 - Online linear extractors for independent sources
AU - Dodis, Yevgeniy
AU - Guo, Siyao
AU - Stephens-Davidowitz, Noah
AU - Xie, Zhiye
N1 - Funding Information:
Yevgeniy Dodis: Partially supported by gifts from VMware Labs, Facebook and Google, and NSF grants 1314568, 1619158, 1815546. Siyao Guo: Supported by Shanghai Eastern Young Scholar Program SMEC-0920000169. Parts of this work were done while visiting the Centre for Quantum Technologies, National University of Singapore. Noah Stephens-Davidowitz: Some of this work was done at MIT supported in part by NSF Grants CNS-1350619, CNS-1414119 and CNS1718161, Microsoft Faculty Fellowship and an MIT/IBM grant. Some of this work was done at the Simons Institute in Berkeley.
Funding Information:
Funding Yevgeniy Dodis: Partially supported by gifts from VMware Labs, Facebook and Google, and NSF grants 1314568, 1619158, 1815546. Siyao Guo: Supported by Shanghai Eastern Young Scholar Program SMEC-0920000169. Parts of this work were done while visiting the Centre for Quantum Technologies, National University of Singapore. Noah Stephens-Davidowitz: Some of this work was done at MIT supported in part by NSF Grants CNS-1350619, CNS-1414119 and CNS1718161, Microsoft Faculty Fellowship and an MIT/IBM grant. Some of this work was done at the Simons Institute in Berkeley.
Publisher Copyright:
© 2021 Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing. All rights reserved.
PY - 2021/7/1
Y1 - 2021/7/1
N2 - In this work, we characterize linear online extractors. In other words, given a matrix A ∈ Fn2×n, we study the convergence of the iterated process S ← AS ⊕ X, where X ∼ D is repeatedly sampled independently from some fixed (but unknown) distribution D with (min)-entropy k. Here, we think of S ∈ {0, 1}n as the state of an online extractor, and X ∈ {0, 1}n as its input. As our main result, we show that the state S converges to the uniform distribution for all input distributions D with entropy k > 0 if and only if the matrix A has no non-trivial invariant subspace (i.e., a non-zero subspace V ⊆ Fn2 such that AV ⊆ V ). In other words, a matrix A yields a linear online extractor if and only if A has no non-trivial invariant subspace. For example, the linear transformation corresponding to multiplication by a generator of the field F2n yields a good linear online extractor. Furthermore, for any such matrix convergence takes at most Oe(n2(k + 1)/k2) steps. We also study the more general notion of condensing - that is, we ask when this process converges to a distribution with entropy at least ℓ, when the input distribution has entropy at least k. (Extractors corresponding to the special case when ℓ = n.) We show that a matrix gives a good condenser if there are relatively few vectors w ∈ Fn2 such that w, AT w,..., (AT )n−kw are linearly dependent. As an application, we show that the very simple cyclic rotation transformation A(x1,..., xn) = (xn, x1,..., xn−1) condenses to ℓ = n− 1 bits for any k > 1 if n is a prime satisfying a certain simple number-theoretic condition. Our proofs are Fourier-analytic and rely on a novel lemma, which gives a tight bound on the product of certain Fourier coefficients of any entropic distribution.
AB - In this work, we characterize linear online extractors. In other words, given a matrix A ∈ Fn2×n, we study the convergence of the iterated process S ← AS ⊕ X, where X ∼ D is repeatedly sampled independently from some fixed (but unknown) distribution D with (min)-entropy k. Here, we think of S ∈ {0, 1}n as the state of an online extractor, and X ∈ {0, 1}n as its input. As our main result, we show that the state S converges to the uniform distribution for all input distributions D with entropy k > 0 if and only if the matrix A has no non-trivial invariant subspace (i.e., a non-zero subspace V ⊆ Fn2 such that AV ⊆ V ). In other words, a matrix A yields a linear online extractor if and only if A has no non-trivial invariant subspace. For example, the linear transformation corresponding to multiplication by a generator of the field F2n yields a good linear online extractor. Furthermore, for any such matrix convergence takes at most Oe(n2(k + 1)/k2) steps. We also study the more general notion of condensing - that is, we ask when this process converges to a distribution with entropy at least ℓ, when the input distribution has entropy at least k. (Extractors corresponding to the special case when ℓ = n.) We show that a matrix gives a good condenser if there are relatively few vectors w ∈ Fn2 such that w, AT w,..., (AT )n−kw are linearly dependent. As an application, we show that the very simple cyclic rotation transformation A(x1,..., xn) = (xn, x1,..., xn−1) condenses to ℓ = n− 1 bits for any k > 1 if n is a prime satisfying a certain simple number-theoretic condition. Our proofs are Fourier-analytic and rely on a novel lemma, which gives a tight bound on the product of certain Fourier coefficients of any entropic distribution.
KW - Feasibility of randomness extraction
KW - Fourier analysis
KW - Randomness condensers
UR - http://www.scopus.com/inward/record.url?scp=85115345659&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85115345659&partnerID=8YFLogxK
U2 - 10.4230/LIPIcs.ITC.2021.14
DO - 10.4230/LIPIcs.ITC.2021.14
M3 - Conference contribution
AN - SCOPUS:85115345659
T3 - Leibniz International Proceedings in Informatics, LIPIcs
BT - 2nd Conference on Information-Theoretic Cryptography, ITC 2021
A2 - Tessaro, Stefano
PB - Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing
T2 - 2nd Conference on Information-Theoretic Cryptography, ITC 2021
Y2 - 23 July 2021 through 26 July 2021
ER -