extracting randomness from few independent sources boaz barak, ias russell impagliazzo, ucsd avi...

Extracting Randomness Extracting Randomness From Few Independent From Few Independent

SourcesSources

Boaz Barak, IASBoaz Barak, IASRussell Impagliazzo, UCSDRussell Impagliazzo, UCSD

Avi Wigderson, IASAvi Wigderson, IAS

Plan:Plan:

3. 3. Introduce main tool – Thm by [BKT,K]Introduce main tool – Thm by [BKT,K]

4.* 4.* Prove our main theorem.Prove our main theorem.

1. 1. Discuss problem and modelDiscuss problem and model

2. 2. State our resultState our result

Randomness ExtractionRandomness ExtractionRandomness is central to CSRandomness is central to CS (c.f., randomized algorithms, (c.f., randomized algorithms, cryptography,cryptography, distributed computing) distributed computing)

How do you execute randomized How do you execute randomized algorithms and protocols?algorithms and protocols?

Solution: Solution: sample some “random” sample some “random” physical data (coin tossing, thermal physical data (coin tossing, thermal noise, hard disk movement,…)noise, hard disk movement,…)

Problem: Problem: data from physical sources is data from physical sources is notnot a sequence of ideal coin tosses. a sequence of ideal coin tosses.

Randomness ExtractorsRandomness Extractors““Definition”: Definition”: E:{0,1}E:{0,1}nn{0,1}{0,1}0.1k0.1k is an is an extractorextractor if if 88 r.v. r.v. X X with entropy with entropy ¸̧kk , , E(X)E(X) is close to is close to UU0.1k0.1k

Idea:Idea:

XX EE

high high entropy entropy datadata

extractorextractor uniform uniform outputoutput

randomized randomized algorithm / algorithm / protocolprotocol

Randomness ExtractorsRandomness Extractors““Definition”: Definition”: E:{0,1}E:{0,1}nn{0,1}{0,1}0.1k0.1k is an is an extractorextractor if if 88 r.v. r.v. X X with entropy with entropy ¸̧kk , , E(X)E(X) is close to is close to UU0.1k0.1k

Problem:Problem: No extractor exists.No extractor exists.

Thm: Thm: 88 E:{0,1}E:{0,1}nn{0,1}{0,1}0.1k 0.1k

there’s a r.v. there’s a r.v. X X w/ entropy w/ entropy ¸̧n-1n-1 s.t. s.t. first bit of first bit of E(X)E(X) is constant. is constant.Proof Sketch: Proof Sketch: Assume wlog Assume wlog |{ x | E|{ x | E11(x)=0 }| (x)=0 }| ¸̧ 22nn/2 /2 let let XX be the uniform dist over this set. be the uniform dist over this set.

Solution 1: Seeded Solution 1: Seeded ExtractorsExtractors

Def: Def: E:{0,1}E:{0,1}nn££{0,1}{0,1}dd{0,1}{0,1}0.1k0.1k is a is a (seeded) (seeded) extractorextractor if if 88 r.v. r.v. X X w/ min-entropy w/ min-entropy ¸̧kk

|| E(X,U E(X,Udd) – U) – U0.1k0.1k ||11 < 1/100 < 1/100 . . Many exciting results, applications and Many exciting results, applications and connections [Z,NZ,Ta,Tr,RSW,STV,TSZ,SU,…]. connections [Z,NZ,Ta,Tr,RSW,STV,TSZ,SU,…].

Thm [LRVW]: Thm [LRVW]: For every For every nn,,kk there’s a seeded there’s a seeded extractor with extractor with d=O(log n)d=O(log n)Corollary: Corollary: Any probabilistic algorithm can be Any probabilistic algorithm can be simulated w/ weak random source + polynomial simulated w/ weak random source + polynomial overhead.overhead.

XX has has min-entropymin-entropy ¸̧k k (denoted(denoted H(X) H(X)¸̧kk) if ) if 88x Pr[ X=x ] x Pr[ X=x ] ·· 2 2-k-k. .

Every such dist is convex comb of “flat” dist – Every such dist is convex comb of “flat” dist – uniform dist on set of size uniform dist on set of size ¸̧22kk. . In this talk: entropy = min-entropyIn this talk: entropy = min-entropy

““Definition”: Definition”: E:{0,1}E:{0,1}nn{0,1}{0,1}0.1k0.1k is an is an extractorextractor if if 88 r.v. r.v. X X with entropy with entropy ¸̧kk , , E(X)E(X) is close to is close to UU0.1k0.1k

Solution 1: Seeded Solution 1: Seeded ExtractorsExtractors

Thm [LRVW]: Thm [LRVW]: For every For every nn,,kk there’s a seeded there’s a seeded extractor with extractor with d=O(log n)d=O(log n)Corollary: Corollary: Any probabilistic algorithm can be Any probabilistic algorithm can be simulated w/ weak random source + polynomial simulated w/ weak random source + polynomial overhead.overhead.Question: Question: What about other uses of What about other uses of randomness? randomness? For example, can we use this for cryptography?For example, can we use this for cryptography?Answer:Answer: No! No! For example, if we concatenate For example, if we concatenate encryptions according to all possible seeds this encryptions according to all possible seeds this won’t be secure! won’t be secure!

Need to use Need to use seedlessseedless extractors! extractors!

Seedless ExtractorsSeedless ExtractorsIdea: Idea: Bypass impossibility result by making Bypass impossibility result by making additional assumption on the high entropy additional assumption on the high entropy input.input.

In this work: In this work: We assume that input comes from We assume that input comes from few independent distributions few independent distributions ([CG])([CG])..

Long history and many results Long history and many results [vN,P,B,SV,CW,TV,KZ,..] [vN,P,B,SV,CW,TV,KZ,..]

Def: Def: E:{0,1}E:{0,1}ncnc{0,1}{0,1}0.1k0.1k is a is a c-samplec-sample extractorextractor if if 88 ind. r.v. ind. r.v. X X11,…,X,…,Xcc w/ min-entropy w/ min-entropy ¸̧kk

|| E(X E(X11,…,X,…,Xcc) – U) – U0.1k0.1k ||11 < 1/100 < 1/10022--(k)(k)

Motivation:Motivation: mathematically clean and plausible mathematically clean and plausible model.model.

Optimal (non-explicit) construction: Optimal (non-explicit) construction: c=2 c=2 , every , every kk¸̧(log n)(log n)


|| E(X E(X11,…,X,…,Xcc) – U) – U0.1k0.1k ||11 < 2 < 2--(k)(k)

Previous best explicit construction Previous best explicit construction [SV,V,CG,ER,DEOR]:[SV,V,CG,ER,DEOR]: c=2 c=2 , every , every kk¸̧(1+(1+))n/2n/2

Obtained by variants of following 1-bit output Obtained by variants of following 1-bit output extractor:extractor:

E(x,y) = <x,y>E(x,y) = <x,y>Problematic, since natural entropy sources often Problematic, since natural entropy sources often have entropy less than have entropy less than n/2n/2..


|| E(X E(X11,…,X,…,Xcc) – U) – U0.1k0.1k ||11 < 2 < 2--(k)(k)

Our Result:Our Result: For everyFor every >0>0c=poly(1/c=poly(1/) ) , , k=k=nn

Main Thm: Main Thm: 88 >0>0 99 c=poly(1/c=poly(1/)) and poly-time and poly-time E:{0,1}E:{0,1}ncnc{0,1}{0,1}nn s.t. s.t. if if 88 ind. r.v. ind. r.v. X X11,…,X,…,Xcc w/ min-entropy w/ min-entropy ¸̧nn

|| E(X E(X11,…,X,…,Xcc) – U) – Unn ||11 < 2 < 2--(n)(n)

Optimal (non-explicit) construction: Optimal (non-explicit) construction: c=2 c=2 , every , every kk¸̧(log n)(log n)

Previous best explicit construction Previous best explicit construction [SV,V,CG,ER,DEOR]:[SV,V,CG,ER,DEOR]: c=2 c=2 , every , every kk¸̧(1+(1+))n/2n/2


|| E(X E(X11,…,X,…,Xcc) – U) – Unn ||11 < 2 < 2--(n)(n)

Plan:Plan:

3. 3. Introduce main tool – Thm by [BKT,K]Introduce main tool – Thm by [BKT,K]

4. 4. Prove our main theorem.Prove our main theorem.

1. Discuss problem and model1. Discuss problem and model2. State our result2. State our result

Show BKT (almost) immediately implies Show BKT (almost) immediately implies dispersersdispersers..


|| E(X E(X11,…,X,…,Xcc) – U) – Unn ||11 < 2 < 2--(n)(n)

Our main tool is the following Our main tool is the following result:result:Thm 1 [BKT,K]: Thm 1 [BKT,K]: 99 absolute constant absolute constant >0>0 s.t. s.t. for prime field for prime field FF, and set , and set AAµµFF, ,

max{ |A+A| , |A max{ |A+A| , |A ¢¢ A| } A| } ¸̧ min{ |A| min{ |A|1+1+, |, |F| }F| }

1. Finite field analog of a theorem by [ES].1. Finite field analog of a theorem by [ES].

2. Note Thm 1 would be false if 2. Note Thm 1 would be false if FF had non-trivial had non-trivial subfields.subfields.

3. Note if 3. Note if AA is arithmetic (resp. geometric) sequence, is arithmetic (resp. geometric) sequence, then then |A+A||A+A| (resp. (resp. |A|A¢¢ A| A|) is small.) is small.

A+A = { a+b | a,b A+A = { a+b | a,b 22 A }A }A A ¢ ¢ A = { aA = { a¢¢b | a,b b | a,b 22 A }A }

How is this related to extractors?How is this related to extractors?

Thm 1 [BKT,K]: Thm 1 [BKT,K]: 99 absolute constant absolute constant >0>0 s.t. s.t. for prime field for prime field FF, and set , and set AAµµFF, ,

max{ |A+A| , |A max{ |A+A| , |A ¢¢ A| } A| } ¸̧ |A| |A|1+1+

Disperser Lemma [BKT]:Disperser Lemma [BKT]: Let Let >0>0 and and FF a prime a prime field, field, thenthen 99c=poly(1/c=poly(1/)) and poly-time and poly-time E:FE:FccFF s.t. if s.t. if XX11,…,X,…,XccµµFF satisfy satisfy |X|Xii||¸̧ |F| |F|, then , then E(XE(X11,…,X,…,Xcc) = ) = FFCorollary: Corollary: Identify Identify {0,1}{0,1}nn w/ prime field w/ prime field FF of size of size 22nn. Then, we get poly-time . Then, we get poly-time EE s.t. s.t. if r.v.’s if r.v.’s XX11,…,X,…,Xcc have entropy have entropy ¸̧nn, , then then Supp{E(XSupp{E(X11,…,X,…,Xcc)}={0,1})}={0,1}nn

This is called a This is called a disperserdisperser..

How is this related to extractors?How is this related to extractors?

Thm 1 [BKT,K]: Thm 1 [BKT,K]: 99 absolute constant absolute constant >0>0 s.t. s.t. for prime field for prime field FF, and set , and set AAµµFF, ,

max{ |A+A| , |A max{ |A+A| , |A ¢¢ A| } A| } ¸̧ |A| |A|1+1+

Disperser Lemma [BKT]:Disperser Lemma [BKT]: Let Let >0>0 and and FF a prime a prime field, field, thenthen 99c=poly(1/c=poly(1/)) and poly-time and poly-time E:FE:FccFF s.t. if s.t. if XX11,…,X,…,XccµµFF satisfy satisfy |X|Xii||¸̧ |F| |F|, then , then E(XE(X11,…,X,…,Xcc) = F) = FProof: Proof: Use lemma of Rusza to get “asymmetric” version of Use lemma of Rusza to get “asymmetric” version of Thm 1.Thm 1.Lemma [R,N]: Lemma [R,N]: If If A,B A,B µµGG w/ w/ |A|=|B|=M|A|=|B|=M, and , and |A|A B| B| ·· M M1+1+, , then then |A|A A| A| ·· M M1+O(1+O())

Thm 1 [BKT,K]: Thm 1 [BKT,K]: 99 absolute constant absolute constant >0>0 s.t. s.t. for prime field for prime field FF, and sets , and sets A,B,CA,B,CµµFF, , (with (with |A|=|B||A|=|B|=|C|=|C|))

|A |A¢¢B+C| B+C| ¸̧ |A| |A|1+1+

We let We let E E be recursive application of be recursive application of a,b,ca,b,caa¢¢b+cb+c with with depthdepth O(log(1/ O(log(1/)))). . |A |A ¢ ¢ A| A| large large )) |A |A ¢¢ B| B| largelarge )) |A |A¢¢B+C| B+C| largelarge|A+A| |A+A| largelarge )) |A+C| |A+C| largelarge )) |A |A¢¢B+C| B+C| largelarge

¢¢

++

¢¢

++

¢¢

++

¢¢

++

¢¢

++

¢¢

++

¢¢

++

¢¢

++ aa1 1 , a, a22, …, … aapoly(1/delta)poly(1/delta)

.. .. .. ........

....

¢¢ ++


|A |A¢¢B+C| B+C| ¸̧ |A| |A|1+1+

Plan:Plan:

3. Introduce main tool – Thm by [BKT,K]3. Introduce main tool – Thm by [BKT,K]

4. 4. Prove our main theorem.Prove our main theorem.

1. Discuss problem and model1. Discuss problem and model

2. State our result2. State our result

Show BKT (almost) immediately implies Show BKT (almost) immediately implies dispersersdispersers..

Distributional Version of Distributional Version of [BKT][BKT]

Our Main Lemma: Our Main Lemma: 99 absolute constant absolute constant >0>0 s.t. for s.t. for

prime field prime field FF, and distributions , and distributions A,B,CA,B,CµµFF, , (with (with H(A)=H(B)=H(C)H(A)=H(B)=H(C))), the , the distributiondistribution AA¢¢B+C B+C is is 22--H(A)H(A) close to having entropyclose to having entropy ¸̧ (1+ (1+)H(A))H(A)

Main Lemma Main Lemma )) Main Theorem. Main Theorem.


|A |A¢¢B+C| B+C| ¸̧ |A| |A|1+1+

( The distribution( The distribution A A¢¢B+C B+C assigns to assigns to x x the prob the prob that that aa¢¢b+c=x b+c=x with with aa22RRA A ,, b b22RRB B ,, c c22RRC C ))


prime field prime field FF, and distributions , and distributions A,B,CA,B,CµµFF, , (with (with H(A)=H(B)=H(C)H(A)=H(B)=H(C))), the , the distributiondistribution AA¢¢B+C B+C is is 22--H(A)H(A) close to having entropyclose to having entropy ¸̧ (1+ (1+)H(A))H(A)Main Lemma Main Lemma )) Main Theorem. Main Theorem.

¢¢

++

¢¢

++

¢¢

++

¢¢

++

¢¢

++

¢¢

++

¢¢

++

¢¢

++ aa1 1 , a, a22, …, …

.. .. .. ........

....

¢¢ ++

aapoly(1/delta)poly(1/delta)



Plan:Plan:Prove Main Lemma by reducing to [BKT].Prove Main Lemma by reducing to [BKT].

We use “magic lemmas” of Gowers & We use “magic lemmas” of Gowers & RuszaRuszain the reduction.in the reduction.



Detailed Plan:Detailed Plan:1. 1. Introduce Introduce collision probabilitycollision probability – – a different entropy measure.a different entropy measure.

2. 2. Rephrase Main Lemma in terms of C.P.Rephrase Main Lemma in terms of C.P.

3. 3. Show naïve approach to proving, and show Show naïve approach to proving, and show counterexamplecounterexample

4. 4. Use Gowers’ & Rusza’s lemmas to show Use Gowers’ & Rusza’s lemmas to show counterexample essentially captures all casescounterexample essentially captures all cases

cp(X) = Prcp(X) = Prx,x’x,x’XX[ x= x’ ] = [ x= x’ ] = xx p pxx22

Collision ProbabilityCollision Probability

Fact 3: Fact 3: IfIf X X is convex combination ofis convex combination of X X11,…,X,…,Xmm thenthen cp(X) cp(X) ·· max { cp(X max { cp(X11), … , cp(X), … , cp(Xmm) }) }

Fact 1: Fact 1: IfIf H(X) H(X)¸̧k k then then cp(X)cp(X)··22-k-k

Fact 2: Fact 2: IfIf cp(X) cp(X)··22-k(1+-k(1+)) then is then is 22--k/2k/2 close to close to having min-entropy at least having min-entropy at least k(1+k(1+/2)/2). .

Notation:Notation: IfIf D D is r.v., then the is r.v., then the 2-entropy 2-entropy of of DD is is HH22(D) = log(1/cp(D))(D) = log(1/cp(D))

Fact 1 Fact 1 + + Fact 2Fact 2 )) HH22(D) ~ H(D)(D) ~ H(D)

Main Lemma: Main Lemma: 99 >0>0 s.t. for prime field s.t. for prime field FF, , dists dists A,B,CA,B,CµµFF, , (with (with H(A)=H(B)=H(C)H(A)=H(B)=H(C), , the the distributiondistribution AA¢¢B+C B+C is is 22--H(A)H(A) close to close to entropyentropy ¸̧ (1+ (1+)H(A))H(A)

Main Lemma (CP version): Main Lemma (CP version): 99 >0>0 s.t. for prime s.t. for prime field field FF, and sets , and sets A,B,CA,B,CµµF F (with (with |A|=|B|=|C| |A|=|B|=|C| )), , the the distributiondistribution AA¢¢B+C B+C is is |A||A|-- close to close to having having 2-entropy 2-entropy ¸̧ (1+ (1+)log |A|)log |A|

Thus, it is sufficient to prove CP version.Thus, it is sufficient to prove CP version.

Detailed Plan:Detailed Plan:1. Introduce 1. Introduce collision probabilitycollision probability – – a different entropy measure. a different entropy measure.

2. Rephrase Main Lemma in terms of C.P.2. Rephrase Main Lemma in terms of C.P.

3. 3. Show naïve approach to proving, and show Show naïve approach to proving, and show counterexamplecounterexample

4. 4. Use Gower’s and Rusza’s lemmas to show Use Gower’s and Rusza’s lemmas to show counterexample essentially captures all casescounterexample essentially captures all cases

Main Lemma (CP version): Main Lemma (CP version): 99 >0>0 s.t. for s.t. for prime field prime field FF, and sets , and sets A,B,CA,B,CµµF F (with (with |A|=|B|=|C| |A|=|B|=|C| )), , the the distributiondistribution AA¢¢B+C B+C is is |A||A|-- close to close to having having 2-entropy 2-entropy ¸̧ (1+ (1+)log |A|)log |A|

Naïve ApproachNaïve ApproachProve direct analog to BKTProve direct analog to BKT

““Conjecture”: Conjecture”: 99 >0>0 s.t. for prime s.t. for prime FF, and set , and set AAµµF F

max { Hmax { H22(A+A) , H(A+A) , H22(A(A¢¢ A) } A) } ¸̧ (1+ (1+)log|A|)log|A|

Counter Example: Counter Example: A=AA=AG G [[AAAA AAG G - geometric seq. - geometric seq. AAAA - (disjoint) arithmetic seq.- (disjoint) arithmetic seq.

However, in this case However, in this case HH22(A(A¢¢ A+A) A+A) ¸̧ (1+ (1+)log |A|)log |A|

cp(A+A),cp(Acp(A+A),cp(A¢¢A)A)¸̧1/10|A| 1/10|A| hencehence H H22(A+A), H(A+A), H22(A(A¢¢A)A)··log|A|+O(1)log|A|+O(1)

Naïve ApproachNaïve ApproachCounter Example: Counter Example: A=AA=AG G [[ A AAA AAGG - geometric seq.- geometric seq.AAAA - (disjoint) arithmetic seq. - (disjoint) arithmetic seq.

Claim:Claim: HH22(A(A¢¢A + A) A + A) ¸̧ (1+ (1+)log |A|)log |A|

Sketch:Sketch: AA¢¢A+AA+A is convex comb of is convex comb of AAA A ¢¢A+AA+A and and AAGG

¢¢A+AA+A.. cp(Acp(AAA ¢¢A+A)A+A)·· cp(A cp(AAA¢¢A) A) which is low sincewhich is low since A A¢ ¢ is is an arithmetic seqan arithmetic seq

AAGG¢¢A+A A+A is convex comb of is convex comb of A AGGa+A a+A butbut cp(Acp(AGGa+A)a+A) is low since is low since A AGGa a is a geometric seqis a geometric seq

Detailed Plan:Detailed Plan:1. Introduce 1. Introduce collision probabilitycollision probability – – a different entropy measure. a different entropy measure.

2. Rephrase Main Lemma in terms of C.P.2. Rephrase Main Lemma in terms of C.P.

3. Show naïve approach to proving, and show 3. Show naïve approach to proving, and show counterexamplecounterexample

4. 4. Use Gowers’ and Rusza’s lemmas to show Use Gowers’ and Rusza’s lemmas to show counterexample essentially captures all casescounterexample essentially captures all cases

Main Lemma: Main Lemma: 99 absolute constant absolute constant >0>0 s.t. for prime field s.t. for prime field FF, and sets , and sets A,B,CA,B,CµµF F (with (with |A|=|B|=|C| |A|=|B|=|C| )), the , the distributiondistribution AA¢¢B+C B+C is is |A||A|-- close to having close to having c.p.c.p.·· |A| |A|-(1+-(1+

Proof of Main LemmaProof of Main Lemma

(Loose) Notations:(Loose) Notations:

A number A number ¸̧ M M1+1+is called is called “large”“large”A number A number ¸̧ M M1-1-(()) is called is called “not-too-small”“not-too-small” A distribution A distribution DD has has “high 2-entropy”“high 2-entropy” if if HH22(D) (D) ¸̧ (1+(1+)log M)log M

Main Lemma (CP version): Main Lemma (CP version): 99 absolute constant absolute constant >0>0 s.t. for prime field s.t. for prime field FF, and sets , and sets A,B,CA,B,CµµF F (with (with |A|=|B|=|C| |A|=|B|=|C| )), the , the distributiondistribution AA¢¢B+C B+C is is |A||A|-- close to having close to having 2-entropy 2-entropy ¸̧ (1+ (1+)log |A|)log |A|

Our Goal:Our Goal: Prove that Prove that AA¢¢B+CB+C is close to having high 2- is close to having high 2-entropy.entropy.(i.e., it is close to having c.p. (i.e., it is close to having c.p. ·· 1/M 1/M1+1+))

Let Let M=|A|=|B|=|C|M=|A|=|B|=|C| and fix some and fix some >0>0 (e.g., BKT’s (e.g., BKT’s divided divided by 100)by 100)

Tools:Tools:

Thm 1 [BKT,K]: Thm 1 [BKT,K]: If If A AµµF F is not too small then is not too small then either either |A|A¢¢A| A| oror |A+A| |A+A| is large. is large.

Lemma [R,N]: Lemma [R,N]: If If |A|A A| A| is large then is large then |A|A B| B| is large.is large.

Magic Lemma [G,BS]:Magic Lemma [G,BS]: Either Either HH22(A(A B)B) is large or is large or 9 9 not-too-small subsets not-too-small subsets A’A’µµAA, , B’B’µµBB s.t. s.t. |A’|A’ B’| B’| is not largeis not large..

Cor [BKT+R]: Cor [BKT+R]: If If 99 not-too-small not-too-small BB s.t. s.t. |A|A¢¢B|B| is not is not large then large then |A+C| |A+C| is large is large 88 not-too-small not-too-small CC..

A First Distributional Analog:A First Distributional Analog:

Proof: Proof: |A|A¢¢B|B| is not large is not large )) |A|A¢¢A|A| is not large [R] is not large [R] )) |A+A||A+A| isis large [BKT] large [BKT] )) |A+C||A+C| is large [R]. is large [R].

Natural Analog: Natural Analog: If If 99 not-too-small not-too-small BB s.t. s.t. HH22(A(A¢¢B)B) is is not large then not large then HH22(A+C) (A+C) is large is large 88 not-too-small not-too-small CC..

This is false:This is false: e.g.,e.g., A=B=C=A=B=C=AAGG [[AAAA

However, the following However, the following isis true:true:PF Lemma: PF Lemma: If If 99 not-too-small not-too-small BB s.t. s.t. |A|A¢¢B|B| is not large is not large then then HH22(A+C) (A+C) is large is large 88 not-too-small not-too-small CC..

Def: Def: A not-too-small setA not-too-small set AAµµFF is is “plus friendly”“plus friendly” if if HH22(A+C)(A+C) is large is large 88 not-too-small set not-too-small set CC. .

Proof: Proof: IfIf HH22(A+C)(A+C) is not large then by is not large then by Gowers’s Gowers’s LemmaLemma 99 not-too-small not-too-small A’A’µµAA, , C’C’µµCC s.t. s.t. |A’+C’||A’+C’| is not large. is not large.

PF Lemma: PF Lemma: If If 99 not-too-small not-too-small BB s.t. s.t. |A|A¢¢B|B| is not large is not large then then HH22(A+C) (A+C) is large is large 88 not-too-small not-too-small CC..

By By Rusza’s lemmaRusza’s lemma |A’+A’||A’+A’| is not large is not large )) by by BKTBKT |A’|A’¢¢A’|A’| isis large. large.

Since Since A’A’µµAA , , |A|A¢¢A|A| is also large is also large )) by by Rusza’s lemmaRusza’s lemma |A|A¢¢B|B| is large – contradiction! is large – contradiction!

1. 1. AA plus-friendly, plus-friendly, bb22FF )) AbAb plus-friendly. plus-friendly.

2. 2. A’A’ , , A’’A’’ plus-friendly, disjoint plus-friendly, disjoint )) A’A’[[A’’A’’ plus-friendly. plus-friendly.

Our Goal:Our Goal: Prove Prove AA¢¢B+CB+C close to having “low c.p.”. close to having “low c.p.”.

11++22 )) contradiction contradiction since since AA¢¢B+CB+C is is MM-- close to close to

convex comb of convex comb of AA++¢¢B+CB+C and and AA¢¢¢¢B+CB+C, but, but

a)a) HH22(A(A++¢¢B+C)B+C) is large since convex comb of is large since convex comb of AA++b+C b+C andand A A++b b is plus-friendly.is plus-friendly.

b)b) HH22(A(A¢¢¢¢B+C)B+C) is large since convex comb of is large since convex comb of

AA¢¢B+c B+c which are permutations ofwhich are permutations of A A¢¢BB..

Assume Assume HH22(A(A¢¢B+C) B+C) not large.not large.

We’ll show We’ll show A=AA=A++[[AA¢¢ s.t. s.t. AA++,A,A¢¢are disjoint andare disjoint and1)1) A A++ is “plus friendly” is “plus friendly” (or (or AA++ is is

empty)empty)2)2) H H22(A(A¢¢ ¢¢B) B) is large is large (or (or |A|A¢¢||·· M M1-1-

))

Our Goal:Our Goal: Prove Prove AA¢¢B+CB+C close to having “low c.p.”. close to having “low c.p.”.

Assume Assume HH22(A(A¢¢B+C) B+C) not large. not large.

We’ll show We’ll show A=AA=A++[[AA¢¢ s.t. s.t. AA++,A,A¢¢ disjoint and disjoint and1)1) A A++ is “plus friendly” is “plus friendly” (or (or AA++ is is

empty)empty)2)2) H H22(A(A¢¢ ¢¢B) B) is large is large (or (or |A|A¢¢||·· M M1-1-

))

We build partition iteratively. Initially We build partition iteratively. Initially AA++==;; , , AA¢¢=A=A..

Assume Assume AA¢¢ is not-too-small (o/w we’re done). is not-too-small (o/w we’re done).

By By Gowers’ lemmaGowers’ lemma, , 99 not-too-small subsets not-too-small subsets A’A’µµAA¢¢, ,

B’B’µµBB s.t. s.t. |A’|A’¢¢B’|B’| not large. not large. By By PF LemmaPF Lemma A’A’ is plus-friendly, is plus-friendly,

remove remove A’A’ from from AA¢ ¢ and add it to and add it to AA++..

Assume Assume HH22(A(A¢¢¢¢B)B) is not large (o/w we’re done). is not large (o/w we’re done).


|| E(X E(X11,…,X,…,Xcc) – U) – Unn ||11 < 2 < 2--(n)(n)

This finishes the proof of the Main Lemma This finishes the proof of the Main Lemma and hence the Main Theorem.and hence the Main Theorem.

Main Lemma: Main Lemma: 99 absolute constant absolute constant >0>0 s.t. for s.t. for prime field prime field FF, and distributions , and distributions A,B,CA,B,CµµFF, , (with (with H(A)=H(B)=H(C)<0.8log|F|H(A)=H(B)=H(C)<0.8log|F|)), the , the distributiondistribution AA¢¢B+C B+C is is 22--H(A)H(A) close to having entropyclose to having entropy ¸̧ (1+ (1+)H(A))H(A)

22-10n-10n

Another Result:Another Result:

A disperser for the case that all samplesA disperser for the case that all samplescome from same distribution, which only come from same distribution, which only requires requires (log n)(log n) entropy entropy (using [EH])(using [EH])..

Open ProblemsOpen Problems Extractors/Dispersers with lower Extractors/Dispersers with lower

entropy requirement (entropy requirement (k=nk=n(1)(1) or even or even k=k=(log n)(log n) ) )

Improvement for the case of Improvement for the case of twotwo samples samples (related to constructing Ramsey (related to constructing Ramsey graphs)graphs)..

More applications of results/techniques.More applications of results/techniques.

extracting randomness from few independent sources boaz barak, ias russell impagliazzo, ucsd avi...

Documents

x w entropy n

csample extractor

entropy definition

output extractor

natural entropy sources

high entropy input

ias slide

result slide