Abstract
In this talk we discuss constructions of hash functions, randomness extractors, pseudorandom generators and hitting set generators that are based on the same principle: encode the “input11” using an error-correcting code, select a random (or pseudorandom) subset of the bits of the encoding, and output the encoded codeword restricted to such bits. This general approach is common to constructions of very different combinatorial objects, and somewhat different strategies are used to analyse such different constructions.
An early application of the encode-and-project paradigm is in a paper of Miltersen [Mil98], applied to the construction of a family of hash functions with low collision probability.
Suppose we want to construct a family of hash functions h: {0,1}n → {0,1}m, and suppose that we have an error-correcting code C: {0,1}n → {0,1}-n whose minimum distance is, say, -n/3. Let us introduce the following notation: if y = (y 1,..., y k) ∈ {0, 1}k and S = {s 1,...,s l ⊆ [k], with s 1 < s 2 <... < s l then y|s = (y s1,ys2,..., ysl) ∈ {0,1}l. Then we can define a family of hash functions where each function of our family is indexed by a subset S∼ [−n] of size m, and h S(x) = C(x)|S.
It is immediate to see that the collision probability is at most (2/3)m. The advantage of this construction is that both the encoding and the projection can be evaluated in constant time on a unit-cost RAM (see [Mil98]), so that the hash functions in the family can be evaluated in constant time.
One can see a very similar construction at work in the pseudorandom generator construction in [STV01] and in the randomness extractor construction in [Tre99], with some fundamental difference. One difference is that the “projection” is not chosen uniformly at random, but it is rather generated from a seed of logarithmic length using the “combinatorial design construction” of Nisan and Wigderson [NW94]. Another difference is that, in the case of pseudorandom generators, it is not enough for the error-correcting code to have large minimum distance, but a certain type of sublinear-time list-decoding algorithm must also exist [STV01]; in the case of random extractors, howver, any code with a relative minimum distance close to 1/2 can be used [Tre99]. Constructions of pseudorandom generators and/or randomness extractors in [RRV99,ISW00,TSUZ01] use error-correcting codes and the Nisan-Wigderson combinatorial designs, with improvements in the construction, in the analysis, and in the composition of the basic construction with other tools (and with itself).
The Nisan-Wigderson approach yields a randomness-e.cient but somewhat counter-intuitive way of generating projections. When the input (or hard problem) is encoded as a multivariate polynomial (which is done in [STV01] and is a possible implementation of [Tre99]), a more natural approach to projection is to consider lines. Miltersen and Vinodchandran [MV99] showthat by encoding a hard problem as a multivariate polynomial, and then restricting it to axis-parallel lines, one can get a hitting set generator construction, which in turn can be used to derandomize complexity classes. The approach of [MV99] does not replicate the result of [IW97] ([MV99] can prove P = BPP only under a stronger assumption than the one postulated in [IW97]), however it can prove a result on AM that is stronger than the best known result based on Nisan-Wigderson [KvM99]. The analysis in [MV99] appears to be substantially different from the analysis in [STV01], although the hard function is encoded using the same error-correcting code, and the “only” difference is in the way the encoding is projected (lines versus the approach based on Nisan-Wigderson).
Ta-Shma, Zuckerman and Safra [TSZS01] showed how to construct randomness extractors by encoding the input using multivariate polynomials and then restricting it to a subset of a line (the line is selected using the seed of the extractor). While the construction of [TSZS01] is virtually identical2 to the one in [MV99], the analysis is completely different.
Work supported by a Sloan Research Fellowship and an NSF Career Award.
By “input” we mean the actual input for hash functions, the weakly random input for randomness extractors, and the description of a computationally hard problem for pseudorandom generators and for hitting set generators.
However it should be noted that the analysis of [MV99] works for a large class of codes, of which multivariate polynomials are a special case, while it appears that the analysis of [TSZS01] requires the code to be a multivariate polynomial.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
R. Impagliazzo, R. Shaltiel, and A. Wigderson. Extractors and pseudorandom generators with optimal seed length. In Proceedings of the 32nd ACM Symposium on Theory of Computing, pages 1–10, 2000.
R. Impagliazzo and A. Wigderson. P = BPP unless E has sub-exponential circuits. In Proceedings of the 29th ACM Symposium on Theory of Computing, pages 220–229, 1997.
A. Klivans and D. van Milkebeek. Graph non-isomorphism has subexponen-tial size proofs unless the polynomial hierarchy collapses. In Proceedings of the 31st ACM Symposium on Theory of Computing, pages 659–667, 1999.
P.B. Miltersen. Error-correcting codes, perfect hashing circuits, and deterministic dynamic dictionaries. In Proceedings of the 9th ACM-SIAM Symposium on Discrete Algorithms, 1998.
P.B. Miltersen and N.V. Vinodchandran. Derandomizing Arthur-Merlin games using hitting sets. In Proceedings of the 40th IEEE Symposium on Foundations of Computer Science, pages 71–80, 1999.
N. Nisan and A. Wigderson. Hardness vs randomness. Journal of Computer and System Sciences, 49:149–167, 1994. Preliminary version in Proc. of FOCS’88.
R. Raz, O. Reingold, and S. Vadhan. Extracting all the randomness and reducing the error in Trevisan’s extractors. In Proceedings of the 31st ACM Symposium on Theory of Computing, pages 149–158, 1999.
M. Sudan, L. Trevisan, and S. Vadhan. Pseudorandom generators without the XOR lemma. Journal of Computer and System Sciences, 62(2):236–266, 2001.
L. Trevisan. Construction of extractors using pseudo-random generators. In Proceedings of the 31st ACM Symposium on Theory of Computing, pages 141–148, 1999.
A. Ta-Shma, C. Umans, and D. Zuckerman. Loss-less condensers, unbalanced expanders, and extractors. In Proceedings of the 33rd ACM Symposium on Theory of Computing, 2001.
A. Ta-Shma, D. Zuckerman, and S. Safra. Extractors from Reed-Muller codes. Technical Report TR01-036, Electronic Colloquium on Computational Complexity, 2001.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Trevisan, L. (2001). Error-Correcting Codes and Pseudorandom Projections. In: Goemans, M., Jansen, K., Rolim, J.D.P., Trevisan, L. (eds) Approximation, Randomization, and Combinatorial Optimization: Algorithms and Techniques. RANDOM APPROX 2001 2001. Lecture Notes in Computer Science, vol 2129. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44666-4_4
Download citation
DOI: https://doi.org/10.1007/3-540-44666-4_4
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42470-3
Online ISBN: 978-3-540-44666-8
eBook Packages: Springer Book Archive