Statistical Difference Beyond the Polarizing Regime

The polarization lemma for statistical distance (\({\text {SD}}\)), due to Sahai and Vadhan (JACM, 2003), is an efficient transformation taking as input a pair of circuits \((C_0,C_1)\) and an integer k and outputting a new pair of circuits \((D_0,D_1)\) such that if \({\text {SD}}(C_0,C_1) \ge \alpha \) then \({\text {SD}}(D_0,D_1) \ge 1-2^{-k}\) and if \({\text {SD}}(C_0,C_1) \le \beta \) then \({\text {SD}}(D_0,D_1) \le 2^{-k}\). The polarization lemma is known to hold for any constant values \(\beta < \alpha ^2\), but extending the lemma to the regime in which \(\alpha ^2 \le \beta < \alpha \) has remained elusive. The focus of this work is in studying the latter regime of parameters. Our main results are: 1. Polarization lemmas for different notions of distance, such as Triangular Discrimination (\({{\,\mathrm{TD}\,}}\)) and Jensen-Shannon Divergence (\({{\,\mathrm{JS}\,}}\)), which enable polarization for some problems where the statistical distance satisfies \( \alpha ^2< \beta < \alpha \). We also derive a polarization lemma for statistical distance with any inverse-polynomially small gap between \( \alpha ^2 \) and \( \beta \) (rather than a constant). 2. The average-case hardness of the statistical difference problem (i.e., determining whether the statistical distance between two given circuits is at least \(\alpha \) or at most \(\beta \)), for any values of \(\beta < \alpha \), implies the existence of one-way functions. Such a result was previously only known for \(\beta < \alpha ^2\). 3. A (direct) constant-round interactive proof for estimating the statistical distance between any two distributions (up to any inverse polynomial error) given circuits that generate them. Proofs of closely related statements have appeared in the literature but we give a new proof which we find to be cleaner and more direct.

[1]  Rafail Ostrovsky,et al.  One-way functions are essential for non-trivial zero-knowledge , 1993, [1993] The 2nd Israel Symposium on Theory and Computing Systems.

[2]  Avi Wigderson,et al.  On interactive proofs with a laconic prover , 2001, computational complexity.

[3]  Shachar Lovett,et al.  On the Impossibility of Entropy Reversal, and Its Application to Zero-Knowledge Proofs , 2016, TCC.

[4]  Zvika Brakerski,et al.  On Statistically Secure Obfuscation with Approximate Correctness , 2016, IACR Cryptol. ePrint Arch..

[5]  Moni Naor,et al.  Collision Resistant Hashing for Paranoids: Dealing with Multiple Collisions , 2018, IACR Cryptol. ePrint Arch..

[6]  SahaiAmit,et al.  A complete problem for statistical zero knowledge , 2003 .

[7]  Salil P. Vadhan,et al.  An Equivalence Between Zero Knowledge and Commitments , 2008, TCC.

[8]  Ron Rothblum,et al.  Multi Collision Resistant Hash Functions and their Applications , 2018, Electron. Colloquium Comput. Complex..

[9]  Rafail Ostrovsky,et al.  One-way functions, hard on average problems, and statistical zero-knowledge proofs , 1991, [1991] Proceedings of the Sixth Annual Structure in Complexity Theory Conference.

[10]  Oded Goldreich,et al.  On the complexity of computational problems regarding distributions (a survey) , 2011, Electron. Colloquium Comput. Complex..

[11]  Flemming Topsøe,et al.  Some inequalities for information divergence and related measures of discrimination , 2000, IEEE Trans. Inf. Theory.

[12]  Thomas Holenstein,et al.  One-Way Secret-Key Agreement and Applications to Circuit Polarization and Immunization of Public-Key Encryption , 2005, CRYPTO.

[13]  Kathleen M. Hannafin,et al.  The Effect of Computerized Tests on the Performance and Attitudes of College Students , 1989 .

[14]  Amit Sahai,et al.  Honest-verifier statistical zero-knowledge equals general statistical zero-knowledge , 1998, STOC '98.

[15]  Stathis Zachos,et al.  Does co-NP Have Short Interactive Proofs? , 1987, Inf. Process. Lett..

[16]  Moni Naor,et al.  Learning to impersonate , 2006, ICML.

[17]  Ilan Komargodski,et al.  On Distributional Collision Resistant Hashing , 2018, IACR Cryptol. ePrint Arch..

[18]  Johan Håstad,et al.  Statistical Zero-Knowledge Languages can be Recognized in Two Rounds , 1991, J. Comput. Syst. Sci..

[19]  Salil P. Vadhan A study of statistical zero-knowledge proofs (information security and cryptography) , 2018 .

[20]  Shafi Goldwasser,et al.  Private coins versus public coins in interactive proof systems , 1986, STOC '86.

[21]  Lance Fortnow,et al.  The Complexity of Perfect Zero-Knowledge , 1987, Proceeding Structure in Complexity Theory.

[22]  Jiapeng Zhang,et al.  A Tight Lower Bound for Entropy Flattening , 2018, Computational Complexity Conference.

[23]  Oded Goldreich,et al.  A Note on Computational Indistinguishability , 1990, Inf. Process. Lett..

[24]  Nir Bitansky,et al.  Structure vs. Hardness Through the Obfuscation Lens , 2017, CRYPTO.

[25]  Elchanan Mossel,et al.  The Computational Complexity of Estimating MCMC Convergence Time , 2011, APPROX-RANDOM.

[26]  Oded Goldreich,et al.  On basing one-way functions on NP-hardness , 2006, STOC '06.

[27]  Oded Goldreich,et al.  On Completeness and Soundness in Interactive Proof Systems , 1989, Adv. Comput. Res..

[28]  Michael Ben-Or,et al.  Trading Help for Interaction in Statistical Zero-Knowledge Proofs , 2003, Journal of Cryptology.

[29]  Amir Yehudayoff,et al.  Pointer chasing via triangular discrimination , 2020, Combinatorics, Probability and Computing.

[30]  Moni Naor,et al.  White-Box vs. Black-Box Complexity of Search Problems: Ramsey and Graph Property Testing , 2017, 2017 IEEE 58th Annual Symposium on Foundations of Computer Science (FOCS).

[31]  Amit Sahai,et al.  Can Statistical Zero Knowledge Be Made Non-interactive? or On the Relationship of SZK and NISZK , 1998, CRYPTO.

[32]  Andrej Bogdanov,et al.  Limits of Provable Security for Homomorphic Encryption , 2013, CRYPTO.

[33]  Russell Impagliazzo,et al.  One-way functions are essential for complexity based cryptography , 1989, 30th Annual Symposium on Foundations of Computer Science.

[34]  Iordanis Kerenidis,et al.  Interactive and Noninteractive Zero Knowledge are Equivalent in the Help Model , 2008, TCC.

[35]  Prashant Nalini Vasudevan,et al.  Conditional Disclosure of Secrets: Amplification, Closure, Amortization, Lower-Bounds, and Separations , 2017, CRYPTO.

[36]  Moni Naor,et al.  Immunizing Encryption Schemes from Decryption Errors , 2004, EUROCRYPT.

[37]  Oded Goldreich,et al.  Comparing entropies in statistical zero knowledge with applications to the structure of SZK , 1999, Proceedings. Fourteenth Annual IEEE Conference on Computational Complexity (Formerly: Structure in Complexity Theory Conference) (Cat.No.99CB36317).

[38]  Adam Bouland,et al.  On the Power of Statistical Zero Knowledge , 2020, SIAM J. Comput..

[39]  Oded Goldreich,et al.  Introduction to Property Testing , 2017 .

[40]  Andrej Bogdanov,et al.  On Basing Size-Verifiable One-Way Functions on NP-Hardness , 2015, TCC.

[41]  L. L. Cam,et al.  Asymptotic Methods In Statistical Decision Theory , 1986 .

[42]  Yael Tauman Kalai,et al.  Multi-collision resistance: a paradigm for keyless hash functions , 2018, IACR Cryptol. ePrint Arch..