Shafi Goldwasser, Madhu Sudan and Vinod Vaikuntanathan ... · Distributed Computing With Imperfect...

Distributed Computing With Imperfect Randomness

Shafi Goldwasser, Madhu Sudan and Vinod Vaikuntanathan

Presentation by: Daniel Thomas

Donnerstag, 19. Mai 2011

1. Randomness

2


1. Randomness

3

QuickSort


1. Randomness

4

QuickSort

P


1. Randomness

5

QuickSortP

< P >= P


1. Randomness

6

QuickSortP

< P >= P

What If Already Sorted?


1. Randomness

7

QuickSortP

< P >= P

What If Already Sorted?

→ Randomized QuickSort


1. Randomness

8

Real Randomness?(Strong Randomness)


1. Randomness

9

Atomic Decay?



1. Randomness

10

Atomic Decay?



1. Randomness

11

Pseudorandomness?(Weak Randmoness?)


1. Randomness

12

Pseudorandomness?(Weak Randmoness?)

Get Randomness From System?


Setting

13

1. Randomness


Setting

14

Agreement?

1. Randomness


15

Faulty Player

Agreement?

Setting

1. Randomness


16

Faulty Player

Agreement?

Weak Random Source

Weak Random Source

Weak Random Source

1. Randomness

Setting


1. Randomness, Overview

2. Byzantine Agreement

4. Randomness In A Distributed Environment

3. Probabilistic BA Protocol


2. Byzantine Agreement (single fault case)

18



19

v(1)

v(3)

v(2)

v(4)

Traitors

Loyal



20

A. The non-faulty generals compute exactly the same vectorB. The element of this vector corresponding to a given non-faulty general is the private value/opinion of this general

v(1)

v(3)

v(2)

v(4)

Traitors

Loyal



21

Works if n >= 3m + 1And for m+1 rounds are required.

v(1)

v(3)

v(2)

v(4)

Traitors

Loyal


3. Probabilistic Byzantine Agreement Protocols

22

Deterministic AlgorithmRandomized Algorithm

A Simple and Efficient Randomized Byzantine Agreement Algorithm, B.Chor And B.A Coan

m+1 rounds O(m/log n) rounds


3. Probabilistic Byzantine Agreement Protocols

23

Deterministic AlgorithmRandomized Algorithm

A Simple and Efficient Randomized Byzantine Agreement Algorithm, B.Chor And B.A Coan

m+1 rounds O(m/log n) rounds

Randomized Algorithm Expects Players To Have Real Random Source!



24

Formalizing Our Randomness Model



25

Formalizing Our Randomness Model

Strong Randomness: Um

Weak Randomness: (k, δ)-weak source

No Randomness


Randomness Model

Each player (sensor) has access to its own weak source that is independent of the sources of all other players

Is there a way to get real randomness (a string of unbiased and independent random bits) by combining weak random sources?

26



Randomness Model

Each player (sensor) has access to its own weak source that is independent of the sources of all other players

Is there a way to get real randomness (a string of unbiased and independent random bits) by combining weak random sources?

27


Extractors!


Extractors

28


ExtractorDeterministic Function

Ext: {0,1} ➝ {0,1}

Weak Random Source{0,1}

0100110011011101011

Almost unbiased & independent bits{0,1}

01001110

k

k m

m


Extractors

29


ExtractorDeterministic Function

Ext: {0,1} ➝ {0,1}

Weak Random Source{0,1}

0100110011011101011

Almost unbiased & independent bits {0,1}

01001110

k

k m

m

Not Possible

In General


2 Source Extractors

30


Weak Random Source0100110011011101011

Weak Random Source0100111011010011011←independent→

(k, δ)-two source Extractor)Deterministic Function

Ext: ({0,1} ) ➝ {0,1}


01001110

k m

m

2


A Very Simple Extractor

31




32


0 1



33


0 10 0



34


0 10 01 1



35


0 10 01 11 0



36


0 10 01 11 00 0



37


0 10 01 11 00 01 0



38


0 10 01 11 00 01 00 1



39


0 10 01 11 00 01 00 1

0

1

10



40


0 10 01 11 00 01 00 1

0

1

10

Not a (k, δ)-two source Extractor!(do you see why?)


41

Agreement?


Is this enough?


42


Is this enough?No, as we have faulty players!What if they try to “poison” therandomness?


43


Multi-source extractors whose output is random even if an arbitrary subset of the input sources don’t send a weak random string (e.g. faulty players) but all sources are independent

Immune Extractors


44

4. Randomness In A Distributed Environment(κ, τ) Immune Extractors, as a picture

(k, δ) source (k, δ) source(k, δ) source(k, δ) source


01001110

(κ, τ)-immune extractorDeterministic Function

Ext: ({0,1}) ➝ {0,1}k+1

m

m

κ + 1 block sources

m


45


Let Ext be any (k, δ) two source extractor Let X₁², X₁³, ... denote t distinct blocks from the source X₁ Let X₂, X₃, ... be one block each from the other t sources I-Ext({X₁} , X₂, ..., Xt+1) = ⊕ Ext(X₁, Xi)

I-Ext: A(t, t-1)-immune extractor

ii=2

t+1 t+1

i=2

i


46


Let Ext be any (k, δ) two source extractor Let X₁², X₁³, ... denote t distinct blocks from the source X₁ Let X₂, X₃, ... be one block each from the other t sources I-Ext({X₁} , X₂, ..., Xt+1) = ⊕ Ext(X₁, Xi)

Theorem: I-Ext is a (t, t-1) immune extractor!

I-Ext: A (t, t-1)-immune extractor

ii=2

t+1 t+1

i=2

i

i


47


... each player sends each other player a string from its weak random source ...


48


... each player can use I-Ext to generate a string very close to Um ...


49


... every player has an almost random string ...


50

5. Conclusion

The paper mainly showed how it is possible to for each player of a network to extract a almost unbiased, uniform random string by sharing their (mutually independent) random sources, even in presence of faulty or even malicious parties.


51

?Donnerstag, 19. Mai 2011

Shafi Goldwasser, Madhu Sudan and Vinod Vaikuntanathan ... · Distributed Computing With Imperfect...

Documents

Transcript of Shafi Goldwasser, Madhu Sudan and Vinod Vaikuntanathan ... · Distributed Computing With Imperfect...