Advertisement

Statistical Difference Beyond the Polarizing Regime

  • Itay BermanEmail author
  • Akshay Degwekar
  • Ron D. Rothblum
  • Prashant Nalini Vasudevan
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11892)

Abstract

The polarization lemma for statistical distance (\({\text {SD}}\)), due to Sahai and Vadhan (JACM, 2003), is an efficient transformation taking as input a pair of circuits \((C_0,C_1)\) and an integer k and outputting a new pair of circuits \((D_0,D_1)\) such that if \({\text {SD}}(C_0,C_1) \ge \alpha \) then \({\text {SD}}(D_0,D_1) \ge 1-2^{-k}\) and if \({\text {SD}}(C_0,C_1) \le \beta \) then \({\text {SD}}(D_0,D_1) \le 2^{-k}\). The polarization lemma is known to hold for any constant values \(\beta < \alpha ^2\), but extending the lemma to the regime in which \(\alpha ^2 \le \beta < \alpha \) has remained elusive. The focus of this work is in studying the latter regime of parameters. Our main results are:
  1. 1.

    Polarization lemmas for different notions of distance, such as Triangular Discrimination (\({{\,\mathrm{TD}\,}}\)) and Jensen-Shannon Divergence (\({{\,\mathrm{JS}\,}}\)), which enable polarization for some problems where the statistical distance satisfies \( \alpha ^2< \beta < \alpha \). We also derive a polarization lemma for statistical distance with any inverse-polynomially small gap between \( \alpha ^2 \) and \( \beta \) (rather than a constant).

     
  2. 2.

    The average-case hardness of the statistical difference problem (i.e., determining whether the statistical distance between two given circuits is at least \(\alpha \) or at most \(\beta \)), for any values of \(\beta < \alpha \), implies the existence of one-way functions. Such a result was previously only known for \(\beta < \alpha ^2\).

     
  3. 3.

    A (direct) constant-round interactive proof for estimating the statistical distance between any two distributions (up to any inverse polynomial error) given circuits that generate them. Proofs of closely related statements have appeared in the literature but we give a new proof which we find to be cleaner and more direct.

     

References

  1. [AARV17]
    Applebaum, B., Arkis, B., Raykov, P., Vasudevan, P.N.: Conditional disclosure of secrets: amplification, closure, amortization, lower-bounds, and separations. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017, Part I. LNCS, vol. 10401, pp. 727–757. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-63688-7_24CrossRefGoogle Scholar
  2. [AGGM06]
    Akavia, A., Goldreich, O., Goldwasser, S., Moshkovitz, D.: On basing one-way functions on NP-hardness. In: Kleinberg, J.M. (ed.) Symposium on Theory of Computing, pp. 701–710. ACM (2006)Google Scholar
  3. [AH91]
    Aiello, W., Hastad, J.: Statistical zero-knowledge languages can be recognized in two rounds. J. Comput. Syst. Sci. 42(3), 327–345 (1991)MathSciNetCrossRefGoogle Scholar
  4. [BB15]
    Bogdanov, A., Brzuska, C.: On basing size-verifiable one-way functions on NP-hardness. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9014, pp. 1–6. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46494-6_1CrossRefGoogle Scholar
  5. [BBF16]
    Brakerski, Z., Brzuska, C., Fleischhacker, N.: On statistically secure obfuscation with approximate correctness. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part II. LNCS, vol. 9815, pp. 551–578. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53008-5_19CrossRefGoogle Scholar
  6. [BBM11]
    Bhatnagar, N., Bogdanov, A., Mossel, E.: The computational complexity of estimating MCMC convergence time. In: Goldberg, L.A., Jansen, K., Ravi, R., Rolim, J.D.P. (eds.) APPROX/RANDOM -2011. LNCS, vol. 6845, pp. 424–435. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-22935-0_36CrossRefGoogle Scholar
  7. [BCH+17]
    Bouland, A., Chen, L., Holden, D., Thaler, J., Vasudevan, P.N.: On the power of statistical zero knowledge. In: FOCS (2017)Google Scholar
  8. [BDRV18]
    Berman, I., Degwekar, A., Rothblum, R.D., Vasudevan, P.N.: Multi-collision resistant hash functions and their applications. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 133–161. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-78375-8_5CrossRefGoogle Scholar
  9. [BDV17]
    Bitansky, N., Degwekar, A., Vaikuntanathan, V.: Structure vs. hardness through the obfuscation lens. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 696–723. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-63688-7_23CrossRefGoogle Scholar
  10. [BG03]
    Ben-Or, M., Gutfreund, D.: Trading help for interaction in statistical zero-knowledge proofs. J. Cryptol. 16(2), 95–116 (2003)MathSciNetCrossRefGoogle Scholar
  11. [BHZ87]
    Boppana, R.B., Håstad, J., Zachos, S.: Does co-NP have short interactive proofs? Inf. Process. Lett. 25(2), 127–132 (1987)MathSciNetCrossRefGoogle Scholar
  12. [BKP18]
    Bitansky, N., Kalai, Y.T., Paneth, O.: Multi-collision resistance: a paradigm for keyless hash functions. In: STOC (2018)Google Scholar
  13. [BL13]
    Bogdanov, A., Lee, C.H.: Limits of provable security for homomorphic encryption. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 111–128. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40041-4_7CrossRefGoogle Scholar
  14. [Cam86]
    Le Cam, L.: Part I. Springer, New York (1986).  https://doi.org/10.1007/978-1-4612-4946-7CrossRefzbMATHGoogle Scholar
  15. [CCKV08]
    Chailloux, A., Ciocan, D.F., Kerenidis, I., Vadhan, S.: Interactive and noninteractive zero knowledge are equivalent in the help model. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 501–534. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-78524-8_28CrossRefGoogle Scholar
  16. [CGVZ18]
    Chen, Y.-H., Göös, M., Vadhan, S.P., Zhang, J.: A tight lower bound for entropy flattening. In: CCC (2018)Google Scholar
  17. [DNR04]
    Dwork, C., Naor, M., Reingold, O.: Immunizing encryption schemes from decryption errors. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 342–360. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-24676-3_21CrossRefGoogle Scholar
  18. [FGM+89]
    Fürer, M., Goldreich, O., Mansour, Y., Sipser, M., Zachos, S.: On completeness and soundness in interactive proof systems. Adv. Comput. Res. 5, 429–442 (1989)Google Scholar
  19. [For89]
    Fortnow, L.: The complexity of perfect zero-knowledge. Adv. Comput. Res. 5, 327–343 (1989)CrossRefGoogle Scholar
  20. [FV17]
    Fehr, S., Vaudenay, S.: Personal Communication (2017)Google Scholar
  21. [Gol90]
    Goldreich, O.: A note on computational indistinguishability. Inf. Process. Lett. 34(6), 277–281 (1990)MathSciNetCrossRefGoogle Scholar
  22. [Gol17]
    Goldreich, O.: Introduction to Property Testing. Cambridge University Press, Cambridge (2017)CrossRefGoogle Scholar
  23. [GS89]
    Goldwasser, S., Sipser, M.: Private coins versus public coins in interactive proof systems. Adv. Comput. Res. 5, 73–90 (1989)Google Scholar
  24. [GSV98]
    Goldreich, O., Sahai, A., Vadhan, S.: Honest-verifier statistical zero-knowledge equals general statistical zero-knowledge. In: STOC (1998)Google Scholar
  25. [GSV99]
    Goldreich, O., Sahai, A., Vadhan, S.: Can statistical zero knowledge be made non-interactive? Or on the relationship of SZK and NISZK. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 467–484. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48405-1_30CrossRefGoogle Scholar
  26. [GV99]
    Goldreich, O., Vadhan, S.P.: Comparing entropies in statistical zero knowledge with applications to the structure of SZK. In: CCC (1999)Google Scholar
  27. [GV11]
    Goldreich, O., Vadhan, S.: On the complexity of computational problems regarding distributions. In: Goldreich, O. (ed.) Studies in Complexity and Cryptography. Miscellanea on the Interplay Between Randomness and Computation. LNCS, vol. 6650, pp. 390–405. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-22670-0_27CrossRefzbMATHGoogle Scholar
  28. [GVW02]
    Goldreich, O., Vadhan, S., Wigderson, A.: On interactive proofs with a laconic prover. Comput. Complex. 11(1–2), 1–53 (2002)MathSciNetCrossRefGoogle Scholar
  29. [HR05]
    Holenstein, T., Renner, R.: One-way secret-key agreement and applications to circuit polarization and immunization of public-key encryption. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 478–493. Springer, Heidelberg (2005).  https://doi.org/10.1007/11535218_29CrossRefGoogle Scholar
  30. [IL89]
    Impagliazzo, R., Luby, M.: One-way functions are essential for complexity based cryptography. In: STOC, pp. 230–235 (1989)Google Scholar
  31. [KNY17]
    Komargodski, I., Naor, M., Yogev, E.: White-box vs. black-box complexity of search problems: Ramsey and graph property testing. In: FOCS (2017)Google Scholar
  32. [KNY18]
    Komargodski, I., Naor, M., Yogev, E.: Collision resistant hashing for paranoids: dealing with multiple collisions. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 162–194. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-78375-8_6CrossRefGoogle Scholar
  33. [KY18]
    Komargodski, I., Yogev, E.: On distributional collision resistant hashing. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 303–327. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-96881-0_11CrossRefGoogle Scholar
  34. [LZ17]
    Lovett, S., Zhang, J.: On the impossibility of entropy reversal, and its application to zero-knowledge proofs. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017. LNCS, vol. 10677, pp. 31–55. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-70500-2_2CrossRefzbMATHGoogle Scholar
  35. [NR06]
    Naor, M., Rothblum, G.N.: Learning to impersonate. In: ICML, pp. 649–656 (2006)Google Scholar
  36. [Ost91]
    Ostrovsky, R.: One-way functions, hard on average problems, and statistical zero-knowledge proofs. In: Structure in Complexity Theory Conference, pp. 133–138 (1991)Google Scholar
  37. [OV08]
    Ong, S.J., Vadhan, S.: An equivalence between zero knowledge and commitments. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 482–500. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-78524-8_27CrossRefGoogle Scholar
  38. [OW93]
    Ostrovsky, R., Wigderson, A.: One-way functions are essential for non-trivial zero-knowledge. In: ISTCS, pp. 3–17 (1993)Google Scholar
  39. [PW17]
    Polyanskiy, Y., Wu, Y.: Lecture notes on information theory (2017). http://people.lids.mit.edu/yp/homepage/data/itlectures_v5.pdf
  40. [SV03]
    Sahai, A., Vadhan, S.: A complete problem for statistical zero knowledge. J. ACM (JACM) 50(2), 196–249 (2003)MathSciNetCrossRefGoogle Scholar
  41. [Top00]
    Topsøe, F.: Some inequalities for information divergence and related measures of discrimination. IEEE Trans. Inf. Theory 46(4), 1602–1609 (2000)MathSciNetCrossRefGoogle Scholar
  42. [Vad99]
    Vadhan, S.P.: A study of statistical zero-knowledge proofs. Ph.D. thesis, Massachusetts Institute of Technology (1999)Google Scholar
  43. [Yeh16]
    Yehudayoff, A.: Pointer chasing via triangular discrimination. Electron. Colloq. Comput. Complex. (ECCC) 23, 151 (2016)Google Scholar

Copyright information

© International Association for Cryptologic Research 2019

Authors and Affiliations

  • Itay Berman
    • 1
    Email author
  • Akshay Degwekar
    • 1
  • Ron D. Rothblum
    • 2
  • Prashant Nalini Vasudevan
    • 3
  1. 1.MITCambridgeUSA
  2. 2.TechnionHaifaIsrael
  3. 3.UC BerkeleyBerkeleyUSA

Personalised recommendations