guessing secrets efficiently

Shuchi Chawla, Carnegie Mellon University

Guessing Secrets Efficiently

Shuchi Chawla1/23/2002

Shuchi Chawla, Carnegie Mellon University

A game similar to 20 questions

Alice has k secret n-bit strings Bob wants to learn them Bob can ask binary questions about one secret Alice uses any secret of her choice to reply

What should he ask? How should he figure out the secrets? How many questions are needed? Can he learn all?

Shuchi Chawla, Carnegie Mellon University

How it all began…

Problem first defined by Chung, Graham & Leighton, EJC’01

Efficiently solve for the 2 secrets caseAlon et al, SODA’02Chung et al, SODA’02Micciancio & Segerlind, Unpublished

K secrets caseLargely open

Shuchi Chawla, Carnegie Mellon University

What can Bob hope to learn?

Consider the two secret case

He may hope to learn one of the secrets

What if Alice has 3 in mind and always goes with the majority of the twoAll the three pairs are always consistent

with the answers!

Shuchi Chawla, Carnegie Mellon University

Formalizing the problem

Alice’s secret is an edge in the graph

Bob specifies a partition of the graph

Shuchi Chawla, Carnegie Mellon University

Formalizing the problem

Alice’s secret is an edge in the graph

Bob specifies a partition of the graph

Alice chooses one part

Shuchi Chawla, Carnegie Mellon University

Formalizing the problem

Alice’s secret is an edge in the graph

Bob specifies a partition of the graph

Alice chooses one part

Bob deletes all edges inside the other

Shuchi Chawla, Carnegie Mellon University

Formalizing the problem

Alice’s secret is an edge in the graph

Bob specifies a partition of the graph

Alice chooses one part

Bob deletes all edges inside the other

Shuchi Chawla, Carnegie Mellon University

Formalizing the problem

Alice’s secret is an edge in the graph

Bob specifies a partition of the graph

Alice chooses one part

Bob deletes all edges inside the other

Shuchi Chawla, Carnegie Mellon University

Formalizing the problem

Alice’s secret is an edge in the graph

Bob specifies a partition of the graph

Alice chooses one part

Bob deletes all edges inside the other

Shuchi Chawla, Carnegie Mellon University

Formalizing the problem

Alice’s secret is an edge in the graph

Bob specifies a partition of the graph

Alice chooses one part

Bob deletes all edges inside the other

Shuchi Chawla, Carnegie Mellon University

Formalizing the problem

Alice’s secret is an edge in the graph

Bob specifies a partition of the graph

Alice chooses one part

Bob deletes all edges inside the other

Bob cant do any better!

Shuchi Chawla, Carnegie Mellon University

A star or triangle

Alice always picks the bigger set

Bob cant delete any more edges!

Bob cannot learn more if all pairs of edges intersect

- star or triangleThe model generalizes easily to k

secrets k-uniform hypergraphs

Shuchi Chawla, Carnegie Mellon University

Guessing “Efficiently”

Few, short questions, fast inversion algorithm

[Chung et al’01]: At least 3n-5 queries required – information theoretic

argument Algorithm using 4n+3 queries – each 2n bit long,

O(2n) time [MS02] improve this to O(n)-bit questions, O(n2) time [Chung et al’01] achieve similar bounds using inner

product questions All the above are Adaptive strategies

Shuchi Chawla, Carnegie Mellon University

Oblivious strategies

Specify all questions up-front

Desirable – ease of implementation & inversion

[Alon et al]Basic idea: view the strings as codes

Shuchi Chawla, Carnegie Mellon University

Sequence of functions fi: [N] -> {0,1}

Each secret x[N] f1(x),f2(x),…,fm(x)Call this “code” C

A code is (2,2)-separating iffFor all a,b,c,d[N]

i for which C(a)=C(b) C(c)=C(d)

Such a code would solve the guessing problem

Shuchi Chawla, Carnegie Mellon University

Constructing a good code

If a binary linear code C is –biased, for some <1/14, then it is (2,2)-separating

[ABN+92] For any >0 there exists an explicit family of constant rate binary linear -biased codes.

Inversion can be done using list decoding in time O(n3)

Shuchi Chawla, Carnegie Mellon University

Obtaining the solution

Say the secret is (x1,x2)Bob uses code CAlice answers a = (a1,a2,…,am)

For each i, C(x1)i=ai or C(x2)i=ai

C is -biased for at least (1/2- )n i, C(x1)i=C(x2)i

Either C(x1) or C(x2) is within distance (1/4+

)n of a

Shuchi Chawla, Carnegie Mellon University

Decoding a

wlog C(x1) is within distance (1/4+ )n of a

1. Decode C upto a distance of (1/4+ )n 2. For each x returned in the previous step,

remove the answers that correspond to x, and then perform an “erasure list decoding” of C obtaining y

3. Return all pairs (x,y)

Paper proves we get either a star or triangle

Shuchi Chawla, Carnegie Mellon University

K-secrets, k>2

Looking for intersecting k-uniform hypergraphs

Representation is difficult - what does an intersecting hypergraph look

like?

[Alon et al] show connection to 2k-universal families of binary strings

Shuchi Chawla, Carnegie Mellon University

2k-universal families of binary strings

Find a small subset S{0,1}N such that:For every set {i1,…,i2k} and string (a1,…,a2k),

xS such that xiy=ay for each y.

0 0 1 1 1 00 1 1 0 0 11 0 0 1 0 11 1 0 0 1 00 1 0 1 0 01 0 1 0 1 1

S =

N=6k=1

Shuchi Chawla, Carnegie Mellon University

2k-universal families of binary strings

Find a small subset S{0,1}N such that:For every set {i1,…,i2k} and string (a1,…,a2k),

xS such that xiy=ay for each y.

0 0 1 1 1 00 1 1 0 0 11 0 0 1 0 11 1 0 0 1 00 1 0 1 0 01 0 1 0 1 1

S =Our

functions

Secrets

N=6k=1

Shuchi Chawla, Carnegie Mellon University

Filling in details..

There is an explicit strategy for Bob that uses ~O(k26kn) questions [ABN+92]

[Alon et al’02] also give a poly(n) time algorithm for inversion that finds a set of size poly(n) secrets that contains at least one secret of Alice.