Ariel Gabizon

• Technion – Israel Institute of Technology

Syncing the latest state of a blockchain can be a resource-intensive task, driving (especially mobile) end users towards centralized services offering instant access. To expand full decentralized access to anyone with a mobile phone, we introduce a consensus-agnostic compiler for constructing ultralight clients, providing secure and highly efficien...

Polynomial commitment schemes (PCS) have recently been in the spotlight for their key role in building SNARKs. A PCS provides the ability to commit to a polynomial over a finite field and prove its evaluation at points. A succinct PCS has commitment and evaluation proof size sublinear in the degree of the polynomial. An efficient PCS has sublinear...

A basic combinatorial interpretation of Shannon’s entropy function is via the “20 questions” game. This cooperative game is played by two players, Alice and Bob: Alice picks a distribution π over the numbers {1, …, n}, and announces it to Bob. She then chooses a number x according to π, and Bob attempts to identify x using as few Yes/No queries as...

Recent efficient constructions of zero-knowledge Succinct Non-interactive Arguments of Knowledge (zk-SNARKs), require a setup phase in which a common-reference string (CRS) with a certain structure is generated. This CRS is sometimes referred to as the public parameters of the system, and is used for constructing and verifying proofs. A drawback of...

We study the problem of constructing proof systems that achieve both soundness and zero knowledge unconditionally (without relying on intractability assumptions). Known techniques for this goal are primarily combinatorial, despite the fact that constructions of interactive proofs (IPs) and probabilistically checkable proofs (PCPs) heavily rely on a...

A basic combinatorial interpretation of Shannon's entropy function is via the "20 questions" game. This cooperative game is played by two players, Alice and Bob: Alice picks a distribution Π over the numbers {1,…,n}, and announces it to Bob. She then chooses a number x according to Π, and Bob attempts to identify x using as few Yes/No queries as po...

A party executing a computation on behalf of others may benefit from misreporting its output. Cryptographic protocols that detect this can facilitate decentralized systems with stringent computational integrity requirements. For the computation’s result to be publicly trustworthy, it is moreover imperative to usepublicly verifiable protocols that h...

Roughly speaking, an (n, (r, s))-Cover Free Family (CFF) is a small set of n-bit strings such that: “in any \(d:=r+s\) indices we see all patterns of weight r”. CFFs have been of interest for a long time both in discrete mathematics as part of block design theory, and in theoretical computer science where they have found a variety of applications,...

The seminal result that every language having an interactive proof also has a zero-knowledge interactive proof assumes the existence of one-way functions. Ostrovsky and Wigderson [33] proved that this assumption is necessary: if one-way functions do not exist, then only languages in BPP have zero-knowledge interactive proofs.

A basic combinatorial interpretation of Shannon's entropy function is via the "20 questions" game. This cooperative game is played by two players, Alice and Bob: Alice picks a distribution $\pi$ over the numbers $\{1,\ldots,n\}$, and announces it to Bob. She then chooses a number $x$ according to $\pi$, and Bob attempts to identify $x$ using as few...

We present the first constructions of single-prover proof systems that achieve perfect zero knowledge (PZK) for languages beyond NP, under no intractability assumptions: 1. The complexity class #P has PZK proofs in the model of Interactive PCPs (IPCPs) [KR08], where the verifier first receives from the prover a PCP and then engages with the prover...

We examine a protocol $\pi_{\text{beacon}}$ that outputs unpredictable and publicly verifiable randomness, meaning that the output is unknown at the time that $\pi_{\text{beacon}}$ starts, yet everyone can verify that the output is close to uniform after $\pi_{\text{beacon}}$ terminates. We show that $\pi_{\text{beacon}}$ can be instantiated via Bi...

We study decentralized cryptocurrency protocols in which the participants do not deplete physical scarce resources. Such protocols commonly rely on Proof of Stake, i.e., on mechanisms that extend voting power to the stakeholders of the system. We offer analysis of existing protocols that have a substantial amount of popularity. We then present our...

Motivated by applications in cryptography, we introduce and study the problem of distribution design. The goal of distribution design is to find a joint distribution on $n$ random variables that satisfies a given set of constraints on the marginal distributions. Each constraint can either require that two sequences of variables be identically distr...

Roughly speaking, an $(n,(r,s))$-Cover Free Family (CFF) is a small set of $n$-bit strings such that: "in any $d:=r+s$ indices we see all patterns of weight $r$". CFFs have been of interest for a long time both in discrete mathematics as part of block design theory, and in theoretical computer science where they have found a variety of applications...

In this paper we consider generalized versions of four well-studied problems in parameterized complexity and exact exponential time algorithms: k-Path, Set Packing, Multilinear Monomial Testing and Hamiltonian Path. The generalization is in every case obtained by introducing a relaxation parameter, which relaxes the constraints on feasible solution...

Deterministic randomness extractors are functions E: {0, 1}4 → {0, 1}m which refine imperfect sources of randomness in the following sense: For every probability distribution X in some "interesting family" of distributions over {0, 1}n, applying E on a sample from X yields a distribution that is (close to) the uniform distribution. Randomness extra...

The notion of a $q$-representative set for a family of subsets has recently proven to be very useful in the design of parameterized and exact algorithms. We generalize this notion to families of $\mathit{multisets}$. We also give an efficient way to find a representative set for a family of multisets. As an application we give a deterministic algor...

We propose a new model of a weakly random source that admits randomness extraction. Our model of additive sources includes such natural sources as uniform distributions on arithmetic progressions (APs), generalized arithmetic progressions (GAPs), and Bohr sets, each of which generalizes affine sources. We give an explicit extractor for additive sou...

In this paper, we pioneer a study of parameterized automata constructions for languages relevant to the design of parameterized algorithms. We focus on the \(k\) -Distinct language \(L_k(\varSigma )\subseteq \varSigma ^k\), defined as the set of words of length \(k\) whose symbols are all distinct. This language is implicitly related to several bre...

We introduce and study the notion of non-interactive secure multiparty computation (NIMPC). An NIMPC protocol for a function f(x 1,…,x n ) is specified by a joint probability distribution R = (R 1,…,R n ) and local encoding functions Enc i (x i ,r i ), 1 ≤ i ≤ n. Given correlated randomness (r 1,…,r n ) ∈ R R, each party P i , using its input x i a...

We study cryptocurrency protocols that do not make use of {\em Proof of Work}. Such protocols commonly rely on {\em Proof of Stake}, i.e., on mechanisms that extend voting power to the stakeholders of the system. We offer analysis of existing protocols that have a substantial amount of popularity. We then present our novel pure {\em Proof of Stake}...

Subspace codes have received an increasing interest recently, due to their application in error-correction for random network coding. In particular, cyclic subspace codes are possible candidates for large codes with efficient encoding and decoding algorithms. In this paper we consider such cyclic codes. We provide constructions of optimal cyclic co...

Let $G$ be a directed graph on $n$ vertices. Given an integer $k<=n$, the SIMPLE $k$-PATH problem asks whether there exists a simple $k$-path in $G$. In case $G$ is weighted, the MIN-WT SIMPLE $k$-PATH problem asks for a simple $k$-path in $G$ of minimal weight. The fastest currently known deterministic algorithm for MIN-WT SIMPLE $k$-PATH by Fomin...

An r-simple k-path is a path in the graph of length k that passes through each vertex at most r times. The r-SIMPLE k-PATH problem, given a graph G as input, asks whether there exists an r-simple k-path in G. We first show that this problem is NP-Complete. We then show that there is a graph G that contains an r-simple k-path and no simple path of l...

Let $F$ be the field of $q$ elements. We investigate the following Ramsey coloring problem for vector spaces: Given a vector space $\F^n$, give a coloring of the points of $F^n$ with two colors such that no affine line (i.e., affine subspace of dimension $1$) is monochromatic. Our main result is as follows: For any $q\geq 25\cdot n$ and $n>4$, we g...

We describe new constructions of error correcting codes, obtained by "degree-lifting" a short algebraic geometry base-code of block-length q to a lifted-code of block-length qm, for arbitrary integer m. The construction generalizes the way degree-d, univariate polynomials evaluated over the q-element field (also known as Reed-Solomon codes) are "li...

Let \(\cal C\) be a class of probability distributions over a finite set Ω. A function is a disperser for \(\cal C\) with entropy threshold k and error if for any distribution X in \(\cal C\) such that X gives positive probability to at least 2k elements we have that the distribution D(X) gives positive probability to at least elements. A long line...

Let $\cal{C}$ be a class of probability distributions over a finite set Ω. A function $D : \Omega \mapsto\{0,1\}^{m}$ is a disperser for $\cal{C}$ with entropy threshold $k$ and error $\epsilon$ if for any distribution X in $\cal{C}$ such that X gives positive probability to at least $2^{k}$ elements we have that the distribution $D(X)$ gives posit...

Kuznetsov and Tsybakov [11] considered the problem of storing information in a memory where some cells are ‘stuck’ at certain values. More precisely, For 0 < r,p < 1 we want to store a string z ∈ {0,1}rn in an n-bit memory x = (x 1,…,x n ) in which a subset S ⊆ [n] of size pn are stuck at certain values u 1,…,u pn and cannot be modified. The encodi...

In this chapter we construct explicit deterministic extractors from polynomial sources, namely from distributions sampled by low-degree multivariate polynomials over finite fields. This naturally generalizes previous work on extraction from affine sources (which are degree 1 polynomials). A direct consequence is a deterministic extractor for distri...

A polynomial source of randomness over \(\mathbb F_q^n\) is a random variable X = f(Z) where f is a polynomial map and Z is a random variable distributed uniformly on \(\mathbb F_q^r\) for some integer r. The three main parameters of interest associated with a polynomial source are the field size q, the (total) degree D of the map f, and the “rate”...

Introduction Deterministic Extractors for Bit-Fixing Sources by Obtaining an Independent Seed Deterministic Extractors for Affine Sources Over Large Fields Extractors and Rank Extractors for Polynomial Sources Increasing the Output Length of Zero-Error Dispersers App. A, Sampling and Partitioning App. B, Basic Notions from Algebraic Geometry Biblio...

An \((n,k)\)-bit-fixing source is a distribution X over \({\{0,1\}}^n\) such that there is a subset of k variables in \(X_1,\ldots,X_n\) which are uniformly distributed and independent of each other, and the remaining \(n-k\) variables are fixed. A deterministic bit-fixing source extractor is a function \(E:{\{0,1\}}^n {\rightarrow} {\{0,1\}}^m\) w...

Let Fq be the field of q elements. An (n, k)-affine extractor is a mapping D : Fqn→ {0,1} such that for any k-dimensional affine subspace X ⊆ Fqn, D(x) is an almost unbiased bit when x is chosen uniformly from X. Loosely speaking, the problem of explicitly constructing affine extractors gets harder as q gets smaller and easier as k gets larger. Thi...

Getting the deterministic complexity closer to the best known randomized complexity is an important goal in algorithms and communication protocols. In this work, we investigate the case where instead of one input, the algorithm\protocol is given multiple inputs sampled independently from an arbitrary unknown distribution. We show that in this case...

Getting the deterministic complexity closer to the best known randomized complexity is an important goal in algorithms and communication protocols. In this work, we investigate the case where instead of one input, the algorithm/protocol is given multiple inputs sampled independently from an arbitrary unknown distribution. We show that in this case...

An (n,k)-affine source over a finite field $ \mathbb{F} $ \mathbb{F} is a random variable X = (X 1,..., X n ) ∈ $ \mathbb{F}^n $ \mathbb{F}^n , which is uniformly distributed over an (unknown) k-dimensional affine subspace of $ \mathbb{F}^n $ \mathbb{F}^n . We show how to (deterministically) extract practically all the randomness from affine s...

Let \(\cal C\) be a class of probability distributions over a finite set Ω. A function \(D:\Omega \mapsto {\{0,1\}}^m\) is a disperser for \(\cal C\) with entropy threshold k and error ε if for any distribution X in \(\cal C\) such that X gives positive probability to at least \(2^k\) elements we have that the distribution D(X) gives positive proba...

In this paper we construct explicit deterministic extractors from polynomial sources, which are distributions sampled by low degree multivariate polynomials over finite fields. This naturally generalizes previous work on extraction from affine sources (which are degree 1 polynomials). A direct consequence is a deterministic extractor for distributi...

An (n, k)-bit-fixing source is a distribution X over {0, 1} n such that there is a subset of k variables in X1,..., Xn which are uniformly distributed and independent of each other, and the remaining n − k variables are fixed. A deterministic bit-fixing source extractor is a function E: {0, 1} n → {0, 1} m which on an arbitrary (n, k)-bit-fixing so...

An (n, k)-affine source over a finite field F is a random variable X = (X₁, ..., X_n) &epsi; F_n, which is uniformly distributed over an (unknown) k-dimensional affine subspace of F_n. We show how to (deterministically) extract practically all the randomness from affine sources, for any field of size larger...

An {n, k)-bit-fixing source is a distribution X over {0, 1}ⁿ such that there is a subset of k variables in X₁, ..., X_n which are uniformly distributed and independent of each other, and the remaining n - k variables are fixed. A deterministic bit-fixing source extractor is a function E : {0, l}ⁿ → {0, l}<...