BZPEERReading, trust and collaboration for research
Menu

Discover

GraphFollow connections around a paper, topic or saved view.

Workspaces

HomePick up where your research flow left off.InboxHandle requests, replies and notifications from one place.CollectionsCurate reading lists, evidence sets and shareable dossiers.ResearchSee your private provenance graph, trail and imports.CollaborationMove from discovery into focused discussion rooms.PublishDraft, preview and publish full-text research articles.

Network

ExpertsFind specialists worth following or asking for help.CommunitiesJoin research circles organized around shared work.PartnersSee external organizations active around the same topics.

Opportunities

ListingsBrowse roles, calls and collaborations with clearer fit signals.

Account

Log inReturn to your reading and collaboration workspace.Create accountStart saving work, following people and joining teams.
Log inCreate account

Researcher profile

Thomas Holenstein

Thomas Holenstein contributes to research discovery and scholarly infrastructure.

ResearcherAffiliation not importedOpen to collaborate
Computational ComplexityCryptography and SecurityData Structures and AlgorithmsDiscrete Mathematicsmath.NTmath.RAInformation Theorymath.COmath.IT

Trust snapshot

Quick read

Trust 21 - EmergingVerification L1Unclaimed author
11works
0followers
9topics
4close collaborators

Actions

Decide how to stay connected

Follow researcher0

Identity and collaboration

How to connect with this researcher

Claiming links this public author record to a researcher profile and unlocks direct collaboration workflows.

Log in to claim

Direct collaboration

Open a focused conversation when the fit is right

Claim this author entity first to unlock direct invitations.

Research graph

See the researcher in context

Open full explorer

Inspect adjacent work, topics, institutions and collaborators without jumping out to a separate graph page.

Building this graph slice

BZPEER is loading the nearby papers, people, topics and institutions for this page.

Published work

11 published item(s)

preprint2015arXiv

Upper Tail Estimates with Combinatorial Proofs

We study generalisations of a simple, combinatorial proof of a Chernoff bound similar to the one by Impagliazzo and Kabanets (RANDOM, 2010). In particular, we prove a randomized version of the hitting property of expander random walks and apply it to obtain a concentration bound for expander random walks which is essentially optimal for small deviations and a large number of steps. At the same time, we present a simpler proof that still yields a "right" bound settling a question asked by Impagliazzo and Kabanets. Next, we obtain a simple upper tail bound for polynomials with input variables in $[0, 1]$ which are not necessarily independent, but obey a certain condition inspired by Impagliazzo and Kabanets. The resulting bound is used by Holenstein and Sinha (FOCS, 2012) in the proof of a lower bound for the number of calls in a black-box construction of a pseudorandom generator from a one-way function. We then show that the same technique yields the upper tail bound for the number of copies of a fixed graph in an Erdős-Rényi random graph, matching the one given by Janson, Oleszkiewicz and Ruciński (Israel J. Math, 2002).

0 citations0 reviewsNo code linkedOpen access
preprint2014arXiv

A New View on Worst-Case to Average-Case Reductions for NP Problems

We study the result by Bogdanov and Trevisan (FOCS, 2003), who show that under reasonable assumptions, there is no non-adaptive worst-case to average-case reduction that bases the average-case hardness of an NP-problem on the worst-case complexity of an NP-complete problem. We replace the hiding and the heavy samples protocol in [BT03] by employing the histogram verification protocol of Haitner, Mahmoody and Xiao (CCC, 2010), which proves to be very useful in this context. Once the histogram is verified, our hiding protocol is directly public-coin, whereas the intuition behind the original protocol inherently relies on private coins.

0 citations0 reviewsNo code linkedOpen access
preprint2014arXiv

A Protocol for Generating Random Elements with their Probabilities

We give an AM protocol that allows the verifier to sample elements x from a probability distribution P, which is held by the prover. If the prover is honest, the verifier outputs (x, P(x)) with probability close to P(x). In case the prover is dishonest, one may hope for the following guarantee: if the verifier outputs (x, p), then the probability that the verifier outputs x is close to p. Simple examples show that this cannot be achieved. Instead, we show that the following weaker condition holds (in a well defined sense) on average: If (x, p) is output, then p is an upper bound on the probability that x is output. Our protocol yields a new transformation to turn interactive proofs where the verifier uses private random coins into proofs with public coins. The verifier has better running time compared to the well-known Goldwasser-Sipser transformation (STOC, 1986). For constant-round protocols, we only lose an arbitrarily small constant in soundness and completeness, while our public-coin verifier calls the private-coin verifier only once.

0 citations0 reviewsNo code linkedOpen access
preprint2014arXiv

Computing the $p$-adic Canonical Quadratic Form in Polynomial Time

An $n$-ary integral quadratic form is a formal expression $Q(x_1,..,x_n)=\sum_{1\leq i,j\leq n}a_{ij}x_ix_j$ in $n$-variables $x_1,...,x_n$, where $a_{ij}=a_{ji} \in \mathbb{Z}$. We present a randomized polynomial time algorithm that given a quadratic form $Q(x_1,...,x_n)$, a prime $p$, and a positive integer $k$ outputs a $\mathtt{U} \in \text{GL}_n(\mathbb{Z}/p^k\mathbb{Z})$ such that $\mathtt{U}$ transforms $Q$ to its $p$-adic canonical form.

0 citations0 reviewsNo code linkedOpen access
preprint2014arXiv

Sampling a Uniform Random Solution of a Quadratic Equation Modulo $p^k$

An $n$-ary integral quadratic form is a formal expression $Q(x_1,...,x_n)=\sum_{1\leq i,j\leq n}a_{ij}x_ix_j$ in $n$-variables $x_1,...,x_n$, where $a_{ij}=a_{ji} \in \mathbb{Z}$. We present a poly$(n,k, \log p, \log t)$ randomized algorithm that given a quadratic form $Q(x_1,...,x_n)$, a prime $p$, a positive integer $k$ and an integer $t$, samples a uniform solution of $Q(x_1,...,x_n)\equiv t \bmod{p^k}$.

0 citations0 reviewsNo code linkedOpen access
preprint2013arXiv

The PFR Conjecture Holds for Two Opposing Special Cases

Let $A \subseteq F_2^n$ be a set with $|2A| = K|A|$. We prove that if (1) for at least a fraction $1-K^{-9}$ of all $s \in 2A$, the set $(A+s) \cap A$ has size at most $L\cdot|A|/K$, or (2) for at least a fraction $K^{-L}$ of all $s \in 2A$, the set $(A+s) \cap A$ has size at least $|A|\cdot(1- K^{-1/L})$, then there is a subset $B \subseteq A$ of size $|A|/K^{O_L(1)}$ such that $\mathrm{span}(B) \leq K^{O_L(1)}\cdot|A|$.

0 citations0 reviewsNo code linkedOpen access
preprint2012arXiv

Constructing a Pseudorandom Generator Requires an Almost Linear Number of Calls

We show that a black-box construction of a pseudorandom generator from a one-way function needs to make Omega(n/log(n)) calls to the underlying one-way function. The bound even holds if the one-way function is guaranteed to be regular. In this case it matches the best known construction due to Goldreich, Krawczyk, and Luby (SIAM J. Comp. 22, 1993), which uses O(n/log(n)) calls.

0 citations0 reviewsNo code linkedOpen access
preprint2011arXiv

Equivalence of the Random Oracle Model and the Ideal Cipher Model, Revisited

We consider the cryptographic problem of constructing an invertible random permutation from a public random function (i.e., which can be accessed by the adversary). This goal is formalized by the notion of indifferentiability of Maurer et al. (TCC 2004). This is the natural extension to the public setting of the well-studied problem of building random permutations from random functions, which was first solved by Luby and Rackoff (Siam J. Comput., '88) using the so-called Feistel construction. The most important implication of such a construction is the equivalence of the random oracle model (Bellare and Rogaway, CCS '93) and the ideal cipher model, which is typically used in the analysis of several constructions in symmetric cryptography. Coron et al. (CRYPTO 2008) gave a rather involved proof that the six-round Feistel construction with independent random round functions is indifferentiable from an invertible random permutation. Also, it is known that fewer than six rounds do not suffice for indifferentiability. The first contribution (and starting point) of our paper is a concrete distinguishing attack which shows that the indifferentiability proof of Coron et al. is not correct. In addition, we provide supporting evidence that an indifferentiability proof for the six-round Feistel construction may be very hard to find. To overcome this gap, our main contribution is a proof that the Feistel construction with eigthteen rounds is indifferentiable from an invertible random permutation. The approach of our proof relies on assigning to each of the rounds in the construction a unique and specific role needed in the proof. This avoids many of the problems that appear in the six-round case.

0 citations0 reviewsNo code linkedOpen access
preprint2010arXiv

General Hardness Amplification of Predicates and Puzzles

We give new proofs for the hardness amplification of efficiently samplable predicates and of weakly verifiable puzzles which generalize to new settings. More concretely, in the first part of the paper, we give a new proof of Yao's XOR-Lemma that additionally applies to related theorems in the cryptographic setting. Our proof seems simpler than previous ones, yet immediately generalizes to statements similar in spirit such as the extraction lemma used to obtain pseudo-random generators from one-way functions [Hastad, Impagliazzo, Levin, Luby, SIAM J. on Comp. 1999]. In the second part of the paper, we give a new proof of hardness amplification for weakly verifiable puzzles, which is more general than previous ones in that it gives the right bound even for an arbitrary monotone function applied to the checking circuit of the underlying puzzle. Both our proofs are applicable in many settings of interactive cryptographic protocols because they satisfy a property that we call "non-rewinding". In particular, we show that any weak cryptographic protocol whose security is given by the unpredictability of single bits can be strengthened with a natural information theoretic protocol. As an example, we show how these theorems solve the main open question from [Halevi and Rabin, TCC2008] concerning bit commitment.

0 citations0 reviewsNo code linkedOpen access
preprint2010arXiv

Subsampling Mathematical Relaxations and Average-case Complexity

We initiate a study of when the value of mathematical relaxations such as linear and semidefinite programs for constraint satisfaction problems (CSPs) is approximately preserved when restricting the instance to a sub-instance induced by a small random subsample of the variables. Let $C$ be a family of CSPs such as 3SAT, Max-Cut, etc., and let $Π$ be a relaxation for $C$, in the sense that for every instance $P\in C$, $Π(P)$ is an upper bound the maximum fraction of satisfiable constraints of $P$. Loosely speaking, we say that subsampling holds for $C$ and $Π$ if for every sufficiently dense instance $P \in C$ and every $ε>0$, if we let $P'$ be the instance obtained by restricting $P$ to a sufficiently large constant number of variables, then $Π(P') \in (1\pm ε)Π(P)$. We say that weak subsampling holds if the above guarantee is replaced with $Π(P')=1-Θ(γ)$ whenever $Π(P)=1-γ$. We show: 1. Subsampling holds for the BasicLP and BasicSDP programs. BasicSDP is a variant of the relaxation considered by Raghavendra (2008), who showed it gives an optimal approximation factor for every CSP under the unique games conjecture. BasicLP is the linear programming analog of BasicSDP. 2. For tighter versions of BasicSDP obtained by adding additional constraints from the Lasserre hierarchy, weak subsampling holds for CSPs of unique games type. 3. There are non-unique CSPs for which even weak subsampling fails for the above tighter semidefinite programs. Also there are unique CSPs for which subsampling fails for the Sherali-Adams linear programming hierarchy. As a corollary of our weak subsampling for strong semidefinite programs, we obtain a polynomial-time algorithm to certify that random geometric graphs (of the type considered by Feige and Schechtman, 2002) of max-cut value $1-γ$ have a cut value at most $1-γ/10$.

0 citations0 reviewsNo code linkedOpen access