-
Models That Prove Their Own Correctness
Authors:
Noga Amit,
Shafi Goldwasser,
Orr Paradise,
Guy Rothblum
Abstract:
How can we trust the correctness of a learned model on a particular input of interest? Model accuracy is typically measured *on average* over a distribution of inputs, giving no guarantee for any fixed input. This paper proposes a theoretically-founded solution to this problem: to train *Self-Proving models* that prove the correctness of their output to a verification algorithm $V$ via an Interact…
▽ More
How can we trust the correctness of a learned model on a particular input of interest? Model accuracy is typically measured *on average* over a distribution of inputs, giving no guarantee for any fixed input. This paper proposes a theoretically-founded solution to this problem: to train *Self-Proving models* that prove the correctness of their output to a verification algorithm $V$ via an Interactive Proof. Self-Proving models satisfy that, with high probability over a random input, the model generates a correct output *and* successfully proves its correctness to $V\!$. The *soundness* property of $V$ guarantees that, for *every* input, no model can convince $V$ of the correctness of an incorrect output. Thus, a Self-Proving model proves correctness of most of its outputs, while *all* incorrect outputs (of any model) are detected by $V$. We devise a generic method for learning Self-Proving models, and we prove convergence bounds under certain assumptions. The theoretical framework and results are complemented by experiments on an arithmetic capability: computing the greatest common divisor (GCD) of two integers. Our learning method is used to train a Self-Proving transformer that computes the GCD *and* proves the correctness of its answer.
△ Less
Submitted 7 June, 2024; v1 submitted 24 May, 2024;
originally announced May 2024.
-
A Systematic Study of Ia-CSM Supernovae from the ZTF Bright Transient Survey
Authors:
Yashvi Sharma,
Jesper Sollerman,
Christoffer Fremling,
Shrinivas R. Kulkarni,
Kishalay De,
Ido Irani,
Steve Schulze,
Nora Linn Strotjohann,
Avishay Gal-Yam,
Kate Maguire,
Daniel A. Perley,
Eric C. Bellm,
Erik C. Kool,
Thomas Brink,
Rachel Bruch,
Maxime Deckers,
Richard Dekany,
Alison Dugas,
Samantha Goldwasser,
Matthew J. Graham,
Melissa L. Graham,
Steven L. Groom,
Matt Hankins,
Jacob Jencson,
Joel P. Johansson
, et al. (13 additional authors not shown)
Abstract:
Among the supernovae (SNe) that show strong interaction with the circumstellar medium, there is a rare subclass of Type Ia supernovae, SNe Ia-CSM, that show strong narrow hydrogen emission lines much like SNe IIn but on top of a diluted over-luminous Type Ia spectrum. In the only previous systematic study of this class (Silverman et al. 2013), 16 objects were identified, 8 historic and 8 from the…
▽ More
Among the supernovae (SNe) that show strong interaction with the circumstellar medium, there is a rare subclass of Type Ia supernovae, SNe Ia-CSM, that show strong narrow hydrogen emission lines much like SNe IIn but on top of a diluted over-luminous Type Ia spectrum. In the only previous systematic study of this class (Silverman et al. 2013), 16 objects were identified, 8 historic and 8 from the Palomar Transient Factory (PTF). Now using the successor survey to PTF, the Zwicky Transient Facility (ZTF), we have classified 12 additional objects of this type through the systematic Bright Transient Survey (BTS). In this study, we present and analyze the optical and mid-IR light curves, optical spectra, and host galaxy properties of this sample. Consistent with previous studies, we find the objects to have slowly evolving light curves compared to normal SNe Ia with peak absolute magnitudes between -19.1 and -21, spectra having weak H$β$, large Balmer decrements of ~7 and strong Ca NIR emission. Out of 10 SNe from our sample observed by NEOWISE, 9 have $3σ$ detections, along with some showing a clear reduction in red-wing of H$α$, indicative of newly formed dust. We do not find our SN Ia-CSM sample to have a significantly different distribution of equivalent width of He I $\lambda5876$ than SNe IIn as observed in Silverman et al. 2013. The hosts tend to be late-type galaxies with recent star formation. We also derive a rate estimate of 29$^{+27}_{-21}$ Gpc$^{-3}$ yr$^{-1}$ for SNe Ia-CSM which is ~0.02--0.2 % of the SN Ia rate. This work nearly doubles the sample of well-studied Ia-CSM objects in Silverman et al. 2013, increasing the total number to 28.
△ Less
Submitted 11 January, 2023;
originally announced January 2023.
-
A Theory of Unsupervised Translation Motivated by Understanding Animal Communication
Authors:
Shafi Goldwasser,
David F. Gruber,
Adam Tauman Kalai,
Orr Paradise
Abstract:
Neural networks are capable of translating between languages -- in some cases even between two languages where there is little or no access to parallel translations, in what is known as Unsupervised Machine Translation (UMT). Given this progress, it is intriguing to ask whether machine learning tools can ultimately enable understanding animal communication, particularly that of highly intelligent…
▽ More
Neural networks are capable of translating between languages -- in some cases even between two languages where there is little or no access to parallel translations, in what is known as Unsupervised Machine Translation (UMT). Given this progress, it is intriguing to ask whether machine learning tools can ultimately enable understanding animal communication, particularly that of highly intelligent animals. We propose a theoretical framework for analyzing UMT when no parallel translations are available and when it cannot be assumed that the source and target corpora address related subject domains or posses similar linguistic structure. We exemplify this theory with two stylized models of language, for which our framework provides bounds on necessary sample complexity; the bounds are formally proven and experimentally verified on synthetic data. These bounds show that the error rates are inversely related to the language complexity and amount of common ground. This suggests that unsupervised translation of animal communication may be feasible if the communication system is sufficiently complex.
△ Less
Submitted 3 November, 2023; v1 submitted 20 November, 2022;
originally announced November 2022.
-
Planting Undetectable Backdoors in Machine Learning Models
Authors:
Shafi Goldwasser,
Michael P. Kim,
Vinod Vaikuntanathan,
Or Zamir
Abstract:
Given the computational cost and technical expertise required to train machine learning models, users may delegate the task of learning to a service provider. We show how a malicious learner can plant an undetectable backdoor into a classifier. On the surface, such a backdoored classifier behaves normally, but in reality, the learner maintains a mechanism for changing the classification of any inp…
▽ More
Given the computational cost and technical expertise required to train machine learning models, users may delegate the task of learning to a service provider. We show how a malicious learner can plant an undetectable backdoor into a classifier. On the surface, such a backdoored classifier behaves normally, but in reality, the learner maintains a mechanism for changing the classification of any input, with only a slight perturbation. Importantly, without the appropriate "backdoor key", the mechanism is hidden and cannot be detected by any computationally-bounded observer. We demonstrate two frameworks for planting undetectable backdoors, with incomparable guarantees.
First, we show how to plant a backdoor in any model, using digital signature schemes. The construction guarantees that given black-box access to the original model and the backdoored version, it is computationally infeasible to find even a single input where they differ. This property implies that the backdoored model has generalization error comparable with the original model. Second, we demonstrate how to insert undetectable backdoors in models trained using the Random Fourier Features (RFF) learning paradigm or in Random ReLU networks. In this construction, undetectability holds against powerful white-box distinguishers: given a complete description of the network and the training data, no efficient distinguisher can guess whether the model is "clean" or contains a backdoor.
Our construction of undetectable backdoors also sheds light on the related issue of robustness to adversarial examples. In particular, our construction can produce a classifier that is indistinguishable from an "adversarially robust" classifier, but where every input has an adversarial example! In summary, the existence of undetectable backdoors represent a significant theoretical roadblock to certifying adversarial robustness.
△ Less
Submitted 14 April, 2022;
originally announced April 2022.
-
Deniable Encryption in a Quantum World
Authors:
Andrea Coladangelo,
Shafi Goldwasser,
Umesh Vazirani
Abstract:
(Sender-)Deniable encryption provides a very strong privacy guarantee: a sender who is coerced by an attacker into "opening" their ciphertext after-the-fact is able to generate "fake" local random choices that are consistent with any plaintext of their choice. The only known fully-efficient constructions of public-key deniable encryption rely on indistinguishability obfuscation (iO) (which current…
▽ More
(Sender-)Deniable encryption provides a very strong privacy guarantee: a sender who is coerced by an attacker into "opening" their ciphertext after-the-fact is able to generate "fake" local random choices that are consistent with any plaintext of their choice. The only known fully-efficient constructions of public-key deniable encryption rely on indistinguishability obfuscation (iO) (which currently can only be based on sub-exponential hardness assumptions). In this work, we study (sender-)deniable encryption in a setting where the encryption procedure is a quantum algorithm, but the ciphertext is classical. First, we propose a quantum analog of the classical definition in this setting. We give a fully efficient construction satisfying this definition, assuming the quantum hardness of the Learning with Errors (LWE) problem. Second, we show that quantum computation unlocks a fundamentally stronger form of deniable encryption, which we call perfect unexplainability. The primitive at the heart of unexplainability is a quantum computation for which there is provably no efficient way, such as exhibiting the "history of the computation", to establish that the output was indeed the result of the computation. We give a construction which is secure in the random oracle model, assuming the quantum hardness of LWE. Crucially, this notion implies a form of protection against coercion "before-the-fact", a property that is impossible to achieve classically.
△ Less
Submitted 3 June, 2022; v1 submitted 30 December, 2021;
originally announced December 2021.
-
Cetacean Translation Initiative: a roadmap to deciphering the communication of sperm whales
Authors:
Jacob Andreas,
Gašper Beguš,
Michael M. Bronstein,
Roee Diamant,
Denley Delaney,
Shane Gero,
Shafi Goldwasser,
David F. Gruber,
Sarah de Haas,
Peter Malkin,
Roger Payne,
Giovanni Petri,
Daniela Rus,
Pratyusha Sharma,
Dan Tchernov,
Pernille Tønnesen,
Antonio Torralba,
Daniel Vogt,
Robert J. Wood
Abstract:
The past decade has witnessed a groundbreaking rise of machine learning for human language analysis, with current methods capable of automatically accurately recovering various aspects of syntax and semantics - including sentence structure and grounded word meaning - from large data collections. Recent research showed the promise of such tools for analyzing acoustic communication in nonhuman speci…
▽ More
The past decade has witnessed a groundbreaking rise of machine learning for human language analysis, with current methods capable of automatically accurately recovering various aspects of syntax and semantics - including sentence structure and grounded word meaning - from large data collections. Recent research showed the promise of such tools for analyzing acoustic communication in nonhuman species. We posit that machine learning will be the cornerstone of future collection, processing, and analysis of multimodal streams of data in animal communication studies, including bioacoustic, behavioral, biological, and environmental data. Cetaceans are unique non-human model species as they possess sophisticated acoustic communications, but utilize a very different encoding system that evolved in an aquatic rather than terrestrial medium. Sperm whales, in particular, with their highly-developed neuroanatomical features, cognitive abilities, social structures, and discrete click-based encoding make for an excellent starting point for advanced machine learning tools that can be applied to other animals in the future. This paper details a roadmap toward this goal based on currently existing technology and multidisciplinary scientific community effort. We outline the key elements required for the collection and processing of massive bioacoustic data of sperm whales, detecting their basic communication units and language-like higher-level structures, and validating these models through interactive playback experiments. The technological capabilities developed by such an undertaking are likely to yield cross-applications and advancements in broader communities investigating non-human communication and animal behavioral research.
△ Less
Submitted 17 April, 2021;
originally announced April 2021.
-
Bright, months-long stellar outbursts announce the explosion of interaction-powered supernovae
Authors:
Nora L. Strotjohann,
Eran O. Ofek,
Avishay Gal-Yam,
Rachel Bruch,
Steve Schulze,
Nir Shaviv,
Jesper Sollerman,
Alexei V. Filippenko,
Ofer Yaron,
Christoffer Fremling,
Jakob Nordin,
Erik C. Kool,
Dan A. Perley,
Anna Y. Q. Ho,
Yi Yang,
Yuhan Yao,
Maayane T. Soumagnac,
Melissa L. Graham,
Cristina Barbarino,
Leonardo Tartaglia,
Kishalay De,
Daniel A. Goldstein,
David O. Cook,
Thomas G. Brink,
Kirsty Taggart
, et al. (31 additional authors not shown)
Abstract:
Interaction-powered supernovae (SNe) explode within an optically-thick circumstellar medium (CSM) that could be ejected during eruptive events. To identify and characterize such pre-explosion outbursts we produce forced-photometry light curves for 196 interacting SNe, mostly of Type IIn, detected by the Zwicky Transient Facility between early 2018 and June 2020. Extensive tests demonstrate that we…
▽ More
Interaction-powered supernovae (SNe) explode within an optically-thick circumstellar medium (CSM) that could be ejected during eruptive events. To identify and characterize such pre-explosion outbursts we produce forced-photometry light curves for 196 interacting SNe, mostly of Type IIn, detected by the Zwicky Transient Facility between early 2018 and June 2020. Extensive tests demonstrate that we only expect a few false detections among the 70,000 analyzed pre-explosion images after applying quality cuts and bias corrections. We detect precursor eruptions prior to 18 Type IIn SNe and prior to the Type Ibn SN2019uo. Precursors become brighter and more frequent in the last months before the SN and month-long outbursts brighter than magnitude -13 occur prior to 25% (5 - 69%, 95% confidence range) of all Type IIn SNe within the final three months before the explosion. With radiative energies of up to $10^{49}\,\text{erg}$, precursors could eject $\sim1\,\text{M}_\odot$ of material. Nevertheless, SNe with detected precursors are not significantly more luminous than other SNe IIn and the characteristic narrow hydrogen lines in their spectra typically originate from earlier, undetected mass-loss events. The long precursor durations require ongoing energy injection and they could, for example, be powered by interaction or by a continuum-driven wind. Instabilities during the neon and oxygen burning phases are predicted to launch precursors in the final years to months before the explosion; however, the brightest precursor is 100 times more energetic than anticipated.
△ Less
Submitted 12 March, 2021; v1 submitted 21 October, 2020;
originally announced October 2020.
-
Beyond Perturbations: Learning Guarantees with Arbitrary Adversarial Test Examples
Authors:
Shafi Goldwasser,
Adam Tauman Kalai,
Yael Tauman Kalai,
Omar Montasser
Abstract:
We present a transductive learning algorithm that takes as input training examples from a distribution $P$ and arbitrary (unlabeled) test examples, possibly chosen by an adversary. This is unlike prior work that assumes that test examples are small perturbations of $P$. Our algorithm outputs a selective classifier, which abstains from predicting on some examples. By considering selective transduct…
▽ More
We present a transductive learning algorithm that takes as input training examples from a distribution $P$ and arbitrary (unlabeled) test examples, possibly chosen by an adversary. This is unlike prior work that assumes that test examples are small perturbations of $P$. Our algorithm outputs a selective classifier, which abstains from predicting on some examples. By considering selective transductive learning, we give the first nontrivial guarantees for learning classes of bounded VC dimension with arbitrary train and test distributions---no prior guarantees were known even for simple classes of functions such as intervals on the line. In particular, for any function in a class $C$ of bounded VC dimension, we guarantee a low test error rate and a low rejection rate with respect to $P$. Our algorithm is efficient given an Empirical Risk Minimizer (ERM) for $C$. Our guarantees hold even for test examples chosen by an unbounded white-box adversary. We also give guarantees for generalization, agnostic, and unsupervised settings.
△ Less
Submitted 30 September, 2020; v1 submitted 9 July, 2020;
originally announced July 2020.
-
Formalizing Data Deletion in the Context of the Right to be Forgotten
Authors:
Sanjam Garg,
Shafi Goldwasser,
Prashant Nalini Vasudevan
Abstract:
The right of an individual to request the deletion of their personal data by an entity that might be storing it -- referred to as the right to be forgotten -- has been explicitly recognized, legislated, and exercised in several jurisdictions across the world, including the European Union, Argentina, and California. However, much of the discussion surrounding this right offers only an intuitive not…
▽ More
The right of an individual to request the deletion of their personal data by an entity that might be storing it -- referred to as the right to be forgotten -- has been explicitly recognized, legislated, and exercised in several jurisdictions across the world, including the European Union, Argentina, and California. However, much of the discussion surrounding this right offers only an intuitive notion of what it means for it to be fulfilled -- of what it means for such personal data to be deleted.
In this work, we provide a formal definitional framework for the right to be forgotten using tools and paradigms from cryptography. In particular, we provide a precise definition of what could be (or should be) expected from an entity that collects individuals' data when a request is made of it to delete some of this data. Our framework captures several, though not all, relevant aspects of typical systems involved in data processing. While it cannot be viewed as expressing the statements of current laws (especially since these are rather vague in this respect), our work offers technically precise definitions that represent possibilities for what the law could reasonably expect, and alternatives for what future versions of the law could explicitly require.
Finally, with the goal of demonstrating the applicability of our framework and definitions, we consider various natural and simple scenarios where the right to be forgotten comes up. For each of these scenarios, we highlight the pitfalls that arise even in genuine attempts at implementing systems offering deletion guarantees, and also describe technological solutions that provably satisfy our definitions. These solutions bring together techniques built by various communities.
△ Less
Submitted 24 February, 2020;
originally announced February 2020.
-
Pseudo-deterministic Streaming
Authors:
Shafi Goldwasser,
Ofer Grossman,
Sidhanth Mohanty,
David P. Woodruff
Abstract:
A pseudo-deterministic algorithm is a (randomized) algorithm which, when run multiple times on the same input, with high probability outputs the same result on all executions. Classic streaming algorithms, such as those for finding heavy hitters, approximate counting, $\ell_2$ approximation, finding a nonzero entry in a vector (for turnstile algorithms) are not pseudo-deterministic. For example, i…
▽ More
A pseudo-deterministic algorithm is a (randomized) algorithm which, when run multiple times on the same input, with high probability outputs the same result on all executions. Classic streaming algorithms, such as those for finding heavy hitters, approximate counting, $\ell_2$ approximation, finding a nonzero entry in a vector (for turnstile algorithms) are not pseudo-deterministic. For example, in the instance of finding a nonzero entry in a vector, for any known low-space algorithm $A$, there exists a stream $x$ so that running $A$ twice on $x$ (using different randomness) would with high probability result in two different entries as the output.
In this work, we study whether it is inherent that these algorithms output different values on different executions. That is, we ask whether these problems have low-memory pseudo-deterministic algorithms. For instance, we show that there is no low-memory pseudo-deterministic algorithm for finding a nonzero entry in a vector (given in a turnstile fashion), and also that there is no low-dimensional pseudo-deterministic sketching algorithm for $\ell_2$ norm estimation. We also exhibit problems which do have low memory pseudo-deterministic algorithms but no low memory deterministic algorithm, such as outputting a nonzero row of a matrix, or outputting a basis for the row-span of a matrix.
We also investigate multi-pseudo-deterministic algorithms: algorithms which with high probability output one of a few options. We show the first lower bounds for such algorithms. This implies that there are streaming problems such that every low space algorithm for the problem must have inputs where there are many valid outputs, all with a significant probability of being outputted.
△ Less
Submitted 26 November, 2019;
originally announced November 2019.
-
Doubly-Efficient Pseudo-Deterministic Proofs
Authors:
Michel Goemans,
Shafi Goldwasser,
Dhiraj Holden
Abstract:
In [20] Goldwasser, Grossman and Holden introduced pseudo-deterministic interactive proofs for search problems where a powerful prover can convince a probabilistic polynomial time verifier that a solution to a search problem is canonical. They studied search problems for which polynomial time algorithms are not known and for which many solutions are possible. They showed that whereas there exists…
▽ More
In [20] Goldwasser, Grossman and Holden introduced pseudo-deterministic interactive proofs for search problems where a powerful prover can convince a probabilistic polynomial time verifier that a solution to a search problem is canonical. They studied search problems for which polynomial time algorithms are not known and for which many solutions are possible. They showed that whereas there exists a constant round pseudo deterministic proof for graph isomorphism where the canonical solution is the lexicographically smallest isomorphism, the existence of pseudo-deterministic interactive proofs for NP-hard problems would imply the collapse of the polynomial time hierarchy.
In this paper, we turn our attention to studying doubly-efficient pseudo-deterministic proofs for polynomial time search problems: pseudo-deterministic proofs with the extra requirement that the prover runtime is polynomial and the verifier runtime to verify that a solution is canonical is significantly lower than the complexity of finding any solution, canonical or otherwise. Naturally this question is particularly interesting for search problems for which a lower bound on its worst case complexity is known or has been widely conjectured.
We show doubly-efficient pseudo-deterministic algorithms for a host of natural problems whose complexity has long been conjectured. In particular, we show a doubly efficient pseudo-deterministic NP proof for linear programming, 3-SUM and problems reducible to 3-SUM, the hitting set problem, and the Zero Weight Triangle problem and show a doubly-efficient pseudo-deterministic MA proof for the Orthogonal Vectors problem and the $k$-Clique problem.
△ Less
Submitted 26 April, 2020; v1 submitted 2 October, 2019;
originally announced October 2019.
-
Fine-grained Complexity Meets IP = PSPACE
Authors:
Lijie Chen,
Shafi Goldwasser,
Kaifeng Lyu,
Guy N. Rothblum,
Aviad Rubinstein
Abstract:
In this paper we study the fine-grained complexity of finding exact and approximate solutions to problems in P. Our main contribution is showing reductions from exact to approximate solution for a host of such problems.
As one (notable) example, we show that the Closest-LCS-Pair problem (Given two sets of strings $A$ and $B$, compute exactly the maximum $\textsf{LCS}(a, b)$ with…
▽ More
In this paper we study the fine-grained complexity of finding exact and approximate solutions to problems in P. Our main contribution is showing reductions from exact to approximate solution for a host of such problems.
As one (notable) example, we show that the Closest-LCS-Pair problem (Given two sets of strings $A$ and $B$, compute exactly the maximum $\textsf{LCS}(a, b)$ with $(a, b) \in A \times B$) is equivalent to its approximation version (under near-linear time reductions, and with a constant approximation factor). More generally, we identify a class of problems, which we call BP-Pair-Class, comprising both exact and approximate solutions, and show that they are all equivalent under near-linear time reductions.
Exploring this class and its properties, we also show:
$\bullet$ Under the NC-SETH assumption (a significantly more relaxed assumption than SETH), solving any of the problems in this class requires essentially quadratic time.
$\bullet$ Modest improvements on the running time of known algorithms (shaving log factors) would imply that NEXP is not in non-uniform $\textsf{NC}^1$.
$\bullet$ Finally, we leverage our techniques to show new barriers for deterministic approximation algorithms for LCS.
At the heart of these new results is a deep connection between interactive proof systems for bounded-space computations and the fine-grained complexity of exact and approximate solutions to problems in P. In particular, our results build on the proof techniques from the classical IP = PSPACE result.
△ Less
Submitted 9 December, 2022; v1 submitted 7 May, 2018;
originally announced May 2018.
-
Population stability: regulating size in the presence of an adversary
Authors:
Shafi Goldwasser,
Rafail Ostrovsky,
Alessandra Scafuro,
Adam Sealfon
Abstract:
We introduce a new coordination problem in distributed computing that we call the population stability problem. A system of agents each with limited memory and communication, as well as the ability to replicate and self-destruct, is subjected to attacks by a worst-case adversary that can at a bounded rate (1) delete agents chosen arbitrarily and (2) insert additional agents with arbitrary initial…
▽ More
We introduce a new coordination problem in distributed computing that we call the population stability problem. A system of agents each with limited memory and communication, as well as the ability to replicate and self-destruct, is subjected to attacks by a worst-case adversary that can at a bounded rate (1) delete agents chosen arbitrarily and (2) insert additional agents with arbitrary initial state into the system. The goal is perpetually to maintain a population whose size is within a constant factor of the target size $N$. The problem is inspired by the ability of complex biological systems composed of a multitude of memory-limited individual cells to maintain a stable population size in an adverse environment. Such biological mechanisms allow organisms to heal after trauma or to recover from excessive cell proliferation caused by inflammation, disease, or normal development.
We present a population stability protocol in a communication model that is a synchronous variant of the population model of Angluin et al. In each round, pairs of agents selected at random meet and exchange messages, where at least a constant fraction of agents is matched in each round. Our protocol uses three-bit messages and $ω(\log^2 N)$ states per agent. We emphasize that our protocol can handle an adversary that can both insert and delete agents, a setting in which existing approximate counting techniques do not seem to apply. The protocol relies on a novel coloring strategy in which the population size is encoded in the variance of the distribution of colors. Individual agents can locally obtain a weak estimate of the population size by sampling from the distribution, and make individual decisions that robustly maintain a stable global population size.
△ Less
Submitted 7 March, 2018;
originally announced March 2018.
-
Pseudo-deterministic Proofs
Authors:
Shafi Goldwasser,
Ofer Grossman,
Dhiraj Holden
Abstract:
We introduce pseudo-deterministic interactive proofs (psdAM): interactive proof systems for search problems where the verifier is guaranteed with high probability to output the same output on different executions. As in the case with classical interactive proofs, the verifier is a probabilistic polynomial time algorithm interacting with an untrusted powerful prover.
We view pseudo-deterministic…
▽ More
We introduce pseudo-deterministic interactive proofs (psdAM): interactive proof systems for search problems where the verifier is guaranteed with high probability to output the same output on different executions. As in the case with classical interactive proofs, the verifier is a probabilistic polynomial time algorithm interacting with an untrusted powerful prover.
We view pseudo-deterministic interactive proofs as an extension of the study of pseudo-deterministic randomized polynomial time algorithms: the goal of the latter is to find canonical solutions to search problems whereas the goal of the former is to prove that a solution to a search problem is canonical to a probabilistic polynomial time verifier. Alternatively, one may think of the powerful prover as aiding the probabilistic polynomial time verifier to find canonical solutions to search problems, with high probability over the randomness of the verifier. The challenge is that pseudo-determinism should hold not only with respect to the randomness, but also with respect to the prover: a malicious prover should not be able to cause the verifier to output a solution other than the unique canonical one.
△ Less
Submitted 14 June, 2017;
originally announced June 2017.
-
How to Incentivize Data-Driven Collaboration Among Competing Parties
Authors:
Pablo Azar,
Shafi Goldwasser,
Sunoo Park
Abstract:
The availability of vast amounts of data is changing how we can make medical discoveries, predict global market trends, save energy, and develop educational strategies. In some settings such as Genome Wide Association Studies or deep learning, sheer size of data seems critical. When data is held distributedly by many parties, they must share it to reap its full benefits.
One obstacle to this rev…
▽ More
The availability of vast amounts of data is changing how we can make medical discoveries, predict global market trends, save energy, and develop educational strategies. In some settings such as Genome Wide Association Studies or deep learning, sheer size of data seems critical. When data is held distributedly by many parties, they must share it to reap its full benefits.
One obstacle to this revolution is the lack of willingness of different parties to share data, due to reasons such as loss of privacy or competitive edge. Cryptographic works address privacy aspects, but shed no light on individual parties' losses/gains when access to data carries tangible rewards. Even if it is clear that better overall conclusions can be drawn from collaboration, are individual collaborators better off by collaborating? Addressing this question is the topic of this paper.
* We formalize a model of n-party collaboration for computing functions over private inputs in which participants receive their outputs in sequence, and the order depends on their private inputs. Each output "improves" on preceding outputs according to a score function.
* We say a mechanism for collaboration achieves collaborative equilibrium if it ensures higher reward for all participants when collaborating (rather than working alone). We show that in general, computing a collaborative equilibrium is NP-complete, yet we design efficient algorithms to compute it in a range of natural model settings.
Our collaboration mechanisms are in the standard model, and thus require a central trusted party; however, we show this assumption is unnecessary under standard cryptographic assumptions. We show how to implement the mechanisms in a decentralized way with new extensions of secure multiparty computation that impose order/timing constraints on output delivery to different players, as well as privacy and correctness.
△ Less
Submitted 10 January, 2016;
originally announced January 2016.
-
Adaptively Secure Coin-Flip**, Revisited
Authors:
Shafi Goldwasser,
Yael Tauman Kalai,
Sunoo Park
Abstract:
The full-information model was introduced by Ben-Or and Linial in 1985 to study collective coin-flip**: the problem of generating a common bounded-bias bit in a network of $n$ players with $t=t(n)$ faults. They showed that the majority protocol can tolerate $t=O(\sqrt n)$ adaptive corruptions, and conjectured that this is optimal in the adaptive setting. Lichtenstein, Linial, and Saks proved tha…
▽ More
The full-information model was introduced by Ben-Or and Linial in 1985 to study collective coin-flip**: the problem of generating a common bounded-bias bit in a network of $n$ players with $t=t(n)$ faults. They showed that the majority protocol can tolerate $t=O(\sqrt n)$ adaptive corruptions, and conjectured that this is optimal in the adaptive setting. Lichtenstein, Linial, and Saks proved that the conjecture holds for protocols in which each player sends a single bit. Their result has been the main progress on the conjecture in the last 30 years.
In this work we revisit this question and ask: what about protocols involving longer messages? Can increased communication allow for a larger fraction of faulty players?
We introduce a model of strong adaptive corruptions, where in each round, the adversary sees all messages sent by honest parties and, based on the message content, decides whether to corrupt a party (and intercept his message) or not. We prove that any one-round coin-flip** protocol, regardless of message length, is secure against at most $\tilde{O}(\sqrt n)$ strong adaptive corruptions. Thus, increased message length does not help in this setting.
We then shed light on the connection between adaptive and strongly adaptive adversaries, by proving that for any symmetric one-round coin-flip** protocol secure against $t$ adaptive corruptions, there is a symmetric one-round coin-flip** protocol secure against $t$ strongly adaptive corruptions. Returning to the standard adaptive model, we can now prove that any symmetric one-round protocol with arbitrarily long messages can tolerate at most $\tilde{O}(\sqrt n)$ adaptive corruptions.
At the heart of our results lies a novel use of the Minimax Theorem and a new technique for converting any one-round secure protocol into a protocol with messages of $polylog(n)$ bits. This technique may be of independent interest.
△ Less
Submitted 4 May, 2015; v1 submitted 5 March, 2015;
originally announced March 2015.
-
The impossibility of obfuscation with auxiliary input or a universal simulator
Authors:
Nir Bitansky,
Ran Canetti,
Henry Cohn,
Shafi Goldwasser,
Yael Tauman Kalai,
Omer Paneth,
Alon Rosen
Abstract:
In this paper we show that the existence of general indistinguishability obfuscators conjectured in a few recent works implies, somewhat counterintuitively, strong impossibility results for virtual black box obfuscation. In particular, we show that indistinguishability obfuscation for all circuits implies:
* The impossibility of average-case virtual black box obfuscation with auxiliary input for…
▽ More
In this paper we show that the existence of general indistinguishability obfuscators conjectured in a few recent works implies, somewhat counterintuitively, strong impossibility results for virtual black box obfuscation. In particular, we show that indistinguishability obfuscation for all circuits implies:
* The impossibility of average-case virtual black box obfuscation with auxiliary input for any circuit family with super-polynomial pseudo-entropy. Such circuit families include all pseudo-random function families, and all families of encryption algorithms and randomized digital signatures that generate their required coin flips pseudo-randomly. Impossibility holds even when the auxiliary input depends only on the public circuit family, and not the specific circuit in the family being obfuscated.
* The impossibility of average-case virtual black box obfuscation with a universal simulator (with or without any auxiliary input) for any circuit family with super-polynomial pseudo-entropy.
These bounds significantly strengthen the impossibility results of Goldwasser and Kalai (STOC 2005).
△ Less
Submitted 12 February, 2014; v1 submitted 1 January, 2014;
originally announced January 2014.
-
On the Work of Madhu Sudan: the 2002 Nevalinna Prize Winner
Authors:
Shafi Goldwasser
Abstract:
Madhu Sudan's work spans many areas of computer science theory including computational complexity theory, the design of efficient algorithms, algorithmic coding theory, and the theory of program checking and correcting.
Two results of Sudan stand out in the impact they have had on the mathematics of computation. The first work shows a probabilistic characterization of the class NP -- those set…
▽ More
Madhu Sudan's work spans many areas of computer science theory including computational complexity theory, the design of efficient algorithms, algorithmic coding theory, and the theory of program checking and correcting.
Two results of Sudan stand out in the impact they have had on the mathematics of computation. The first work shows a probabilistic characterization of the class NP -- those sets for which short and easily checkable proofs of membership exist, and demonstrates consequences of this characterization to classifying the complexity of approximation problems. The second work shows a polynomial time algorithm for list decoding the Reed Solomon error correcting codes.
This short note will be devoted to describing Sudan's work on probabilistically checkable proofs -- the so called {\it PCP theorem} and its implications.
△ Less
Submitted 30 November, 2002;
originally announced December 2002.
-
Mathematical foundations of modern cryptography: computational complexity perspective
Authors:
Shafi Goldwasser
Abstract:
Theoretical computer science has found fertile ground in many areas of mathematics. The approach has been to consider classical problems through the prism of computational complexity, where the number of basic computational steps taken to solve a problem is the crucial qualitative parameter. This new approach has led to a sequence of advances, in setting and solving new mathematical challenges a…
▽ More
Theoretical computer science has found fertile ground in many areas of mathematics. The approach has been to consider classical problems through the prism of computational complexity, where the number of basic computational steps taken to solve a problem is the crucial qualitative parameter. This new approach has led to a sequence of advances, in setting and solving new mathematical challenges as well as in harnessing discrete mathematics to the task of solving real-world problems.
In this talk, I will survey the development of modern cryptography -- the mathematics behind secret communications and protocols -- in this light. I will describe the complexity theoretic foundations underlying the cryptographic tasks of encryption, pseudo-randomness number generators and functions, zero knowledge interactive proofs, and multi-party secure protocols. I will attempt to highlight the paradigms and proof techniques which unify these foundations, and which have made their way into the mainstream of complexity theory.
△ Less
Submitted 30 November, 2002;
originally announced December 2002.