Why Extractors?Why Extractors?

… Extractors, and the closely related “Dispersers”, exhibit some of the most “random-like” properties of explicitly constructed combinatorial structures. In turn, extractors and dispersers have many applications in “removing randomness” in various settings, and in making randomized constructions explicit …

Santa Clause and his (Un)- Santa Clause and his (Un)- Biased ElvesBiased Elves

The Story of Randomized The Story of Randomized Computations and Weak Computations and Weak

Random SourcesRandom Sources

The Computational Tasks of Santa The Computational Tasks of Santa (and Atnas) Clause(and Atnas) Clause

Sampling, Simulations, Algorithms (e.g.

Approximated TSP).

• Distributed Computations

• Cryptography

Santa’s Source of RandomnessSanta’s Source of Randomness

A coin please …

But the North Pole is no Fairyland …But the North Pole is no Fairyland …

A coin please …

Hey Santa, you can use my cat !!

Thanks Erwin but I’ve grown attached to my elves …

Pure Randomness in Nature?Pure Randomness in Nature?

Deterministic ExtractionDeterministic Extraction

source of biased correlated bits almost uniform outputEXT

Assume b1 b2 … bi … are i.i.d. 0/1 variables and bi =1 with some probability p < 1 then translate

01 1

10 0

Other “easy” sources: markov chains [vN51,Eli72,Blu84], two independent sources [SV84,Vaz85,CG85] , bit-fixing sources [CGH+85,BBR85,BL85,LLS87,CDH+00], some efficiently samplable sources [TV00].

Can this Work for all Sources?Can this Work for all Sources?

If b1 b2 … bi … are 0/1 variables s.t. bi =1 with prob.

p = p(b1 b2 … bi-1)[½-, ½+]

cannot deterministically extract even a single bit !!

A single SV-Source is sufficient to simulate BPP

• Can use even weaker sources [ChorGo88, CohenWi89, …]

ExtractorsExtractors [[ , 93 , 93]]

• X has min-entropy k if x Pr[X = x] 2-k (i.e. no likely elements).

• Nonconstructive & optimal [NZ,RT]: extract all the

randomness (i.e. m k+d) using d log n truly random bits ( =.01)

EXT

Distribution on {0,1}n w/k “bits of randomness”

d truly random bits

m bits distance from uniform

Where Does the Seed Come From?Where Does the Seed Come From?

• If “truly” random bits exist but expensive ...

• Sometimes we can just enumerate over all 2d seeds:

Let A be some probabilistic procedure and e an element from the weak random source.

Run A(Ext(e,0…0)) , … , A(Ext(e,1…1))

“combine” the outputs (majority, median, best, …).

• In particular: can simulate BPP using a weak source [Zuc90].

Weak Sources in (Space Bounced) Weak Sources in (Space Bounced) ComputationsComputations

• Thm [NZ93] Let A be a (randomized) space S machine (i.e. A can be in 2s configurations).

If A uses poly(S) random bits it can be fully derandomized in space O(S).

• Basic idea: Let A read a random 2S bit string x. Since A remembers at most S bits, x still contains (roughly) S bits of entropy (independent of A’s state). Can recycle:

Gx,y x, Ext(x,y)

Applications of Extractors• Randomized algorithms w/ weak random sources.

• Pseudorandom generators [NZ93,RR99,STV99]

• Randomness efficient sampling and deterministic amplification [Zuc97]

• Hardness of approximation [Zuc96,Uma99]

• Exposure-resilient cryptography [CDHKS00]

• Superconcentrators, sorting & selecting in rounds, highly expanding graphs [WZ93]

• Leader election [Zuc96, RZ98], List decodable error correcting codes [TZ00], and more [Sip88,GZ97, …]

Constructions of Extractors• The “early days” [Zuc,NZ,WZ,GW,SZ,SSZ,NT,Zuc,TaS]

Mainly hashing and various sorts of compositions.

Some extractors:– [Zuc97] For k = (n) can extract m=(1-) k bits

using d =O ( log n/)– [NT98] For all k can get m=k and d = poly ( log n/)

Other results in the high min-entropy case [GW], low min-entropy case [GW,SZ], dispersers [SSZ,TaS]

Constructions of Extractors (cont.)• The “new age” [Tre99,RRVa,RRVb,ISW,RSW,RVW,

TUZ]

(Some) constructions of PRG from hard functions extractors

Ha yes ... and there is a very nice one based on the NW generators

Some more extractors [RSW]: for all k,

m= (k) and d = log n polyloglog n or

m=k/log k and d = O(log n)

Dispersers [Sipser 88]Dispersers [Sipser 88]

N=2n M =2m

D

=2d

|(S)| >

(1-) M

S, |S|

=K=2k

Difference from Expanders:

• Typically M << N (farewell constant degree).• Expansion to almost the entire right hand side.

Extractors imply DispersersExtractors imply Dispersers

N=2n ={0,1}nM =2m ={0,1}m

• In fact we have the stronger property that S,

|S|=K=2k and T,

x

Ext(x,0…0)

Ext(x,1…1)

S T

NT

KDTSE ||),(

A Construction in Search of Many A Construction in Search of Many Applications [WZ]Applications [WZ]

N

• If G is a disperser (with < 1/2) then X, Y s.t. |X|=|Y|=K have at least one common neighbors.

NM

Y

X

G G

• Using similar ideas, [WZ93] get Superconcentrators, highly expanding graphs, and much more

Depth 2 SuperconcentratorsDepth 2 SuperconcentratorsN

X, Y, t s.t. |X|=|Y|=t there exists t vertex-disjoint paths between X and Y.

• [WZ] A construction with N log2N edges.• [RT] More carefully gives N log2N/loglog N edges. And

this is essentially the only possible construction.

N

Y

X

Some Conclusions• Need randomness to extract randomness.

• Weak random sources appear naturally in computations.

• Expanders, Extractors and Dispersers are closely related combinatorial objects.

• Extractors are fascinating and very useful objects. Go home and build your own extractor …

Weak Sources in ComputationsWeak Sources in Computations

• Space bounded computations:

A Space S (i.e. 2s configuration)

input

random string

(read once)

(read only)