Computational Concentration of Measure: Optimal Bounds, Reductions, and More

Etesami, Omid; Mahloujifar, Saeed; Mahmoody, Mohammad

doi:10.1137/1.9781611975994.21

Cited by 12 publications

(8 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There are also previous theoretical works studying instance-targeted poisoning attacks that only use clean labels [Mahloujifar and Mahmoody, 2017, Etesami et al, 2020. The work of Shafahi et al [2018] studied such attacks from a more practical and empirical perspective.…”

Section: Related Workmentioning

confidence: 99%

Learning and Certification under Instance-targeted Poisoning

Gao¹,

Karbasi²,

Mahmoody

2021

Preprint

Self Cite

View full text Add to dashboard Cite

In this paper, we study PAC learnability and certification under instance-targeted poisoning attacks, where the adversary may change a fraction of the training set with the goal of fooling the learner at a specific target instance. Our first contribution is to formalize the problem in various settings, and explicitly discussing subtle aspects such as learner's randomness and whether (or not) adversary's attack can depend on it. We show that when the budget of the adversary scales sublinearly with the sample complexity, PAC learnability and certification are achievable. In contrast, when the adversary's budget grows linearly with the sample complexity, the adversary can potentially drive up the expected 0-1 loss to one. We further extend our results to distribution-specific PAC learning in the same attack model and show that proper learning with certification is possible for learning half spaces under Gaussian distribution. Finally, we empirically study the robustness of K nearest neighbour, logistic regression, multi-layer perceptron, and convolutional neural network on real data sets, and test them against targeted-poisoning attacks. Our experimental results show that many models, especially state-of-the-art neural networks, are indeed vulnerable to these strong attacks. Interestingly, we observe that methods with high standard accuracy might be more vulnerable to instance-targeted poisoning attacks.

show abstract

Section: Related Workmentioning

confidence: 99%

Learning and Certification under Instance-targeted Poisoning

Gao¹,

Karbasi²,

Mahmoody

2021

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…Tauman Kalai, Komargodski, and Raz [24] fully answered the single-turn case by proving that no singleturn protocol is resilient to Ω( √ n) adaptive corruptions. Lastly, Etesami, Mahloujifar, and Mahmoody [13] presented an efficient and optimal strongly adaptive attack on protocols of certain properties (e.g., public coins). On a related note, Kalai and Komargodski [18] showed that for any ℓ-party n-round coin-flipping protocol there exists a related ℓ-party n-round protocol of the same communication pattern, output distribution and security guarantees, but of message length polylog(ℓ, n).…”

Section: Full-information Coin Flipmentioning

confidence: 99%

“…However, the above o(1) stands for 1/ loglog(ℓ), and it remains an intriguing question whether it can be pushed to 2 −polylog(ℓ) as can be achieved, for instance, when attacking the ℓ-party majority protocol. Such attacks are known for uniform single-bit single-turn protocols (a secondary result of [24]) and for strongly adaptive attackers against single-turn protocols [13].…”

Section: Open Questionsmentioning

confidence: 99%

A Tight Lower Bound on Adaptively Secure Full-Information Coin Flip

Haitner¹,

Karidi-Heller²

2020

Preprint

View full text Add to dashboard Cite

In a distributed coin-flipping protocol, Blum [ACM Transactions on Computer Systems '83], the parties try to output a common (close to) uniform bit, even when some adversarially chosen parties try to bias the common output. In an adaptively secure full-information coin flip, Ben-Or and Linial [FOCS '85], the parties communicate over a broadcast channel and a computationally unbounded adversary can choose which parties to corrupt during the protocol execution. Ben-Or and Linial proved that the ℓ-party majority protocol is resilient to o( √ ℓ) corruptions (ignoring log factors), and conjectured this is a tight upper bound for any ℓ-party protocol (of any round complexity). Their conjecture was proved to be correct for single-turn (each party sends a single message) single-bit (a message is one bit) protocols, Lichtenstein, Linial, and Saks [Combinatorica '89], symmetric protocols Goldwasser, Kalai, and Park [ICALP '15], and recently for (arbitrary message length) single-turn protocols Tauman Kalai, Komargodski, and Raz [DISC '18]. Yet, the question for many-turn (even single-bit) protocols was left completely open.In this work we close the above gap, proving that no ℓ-party protocol (of any round complexity) is resilient to O( √ ℓ) (adaptive) corruptions.

show abstract

“…These hardness of computation results for the coin-tossing functionality extend to other general functionalities as well. Furthermore, the research outcomes for this functionality has direct consequences on diverse topics in mathematics and computer science—for example, extremal graph theory [ 3 , 4 , 5 ], extracting randomness from imperfect sources [ 6 , 7 , 8 , 9 ], cryptography [ 10 , 11 , 12 , 13 , 14 , 15 , 16 ], game theory [ 17 , 18 ], circuit representation [ 19 , 20 , 21 ], distributed protocols [ 22 , 23 , 24 ], and poisoning and evasion attacks on learning algorithms [ 25 , 26 , 27 , 28 ].…”

Section: Introductionmentioning

confidence: 99%

Computational Hardness of Collective Coin-Tossing Protocols

Maji

2020

Entropy

View full text Add to dashboard Cite

Ben-Or and Linial, in a seminal work, introduced the full information model to study collective coin-tossing protocols. Collective coin-tossing is an elegant functionality providing uncluttered access to the primary bottlenecks to achieve security in a specific adversarial model. Additionally, the research outcomes for this versatile functionality has direct consequences on diverse topics in mathematics and computer science. This survey summarizes the current state-of-the-art of coin-tossing protocols in the full information model and recent advances in this field. In particular, it elaborates on a new proof technique that identifies the minimum insecurity incurred by any coin-tossing protocol and, simultaneously, constructs the coin-tossing protocol achieving that insecurity bound. The combinatorial perspective into this new proof-technique yields new coin-tossing protocols that are more secure than well-known existing coin-tossing protocols, leading to new isoperimetric inequalities over product spaces. Furthermore, this proof-technique’s algebraic reimagination resolves several long-standing fundamental hardness-of-computation problems in cryptography. This survey presents one representative application of each of these two perspectives.

show abstract

Computational Concentration of Measure: Optimal Bounds, Reductions, and More

Cited by 12 publications

References 16 publications

Learning and Certification under Instance-targeted Poisoning

Learning and Certification under Instance-targeted Poisoning

A Tight Lower Bound on Adaptively Secure Full-Information Coin Flip

Computational Hardness of Collective Coin-Tossing Protocols

Contact Info

Product

Resources

About