entropy esnmanon for non iid sources
play

Entropy EsNmaNon for Non-IID Sources Kerry McKay kerry.mckay@nist.gov - PowerPoint PPT Presentation

Oct 17, 2022 •380 likes •627 views

Entropy EsNmaNon for Non-IID Sources Kerry McKay kerry.mckay@nist.gov Random Bit GeneraNon Workshop 2016 2012 Recap 2012 dra? of SP 800-90B included non-IID esNmators based on entropic staNsNcs TheoreNcal bounds on IID data The methods

  1. Entropy EsNmaNon for Non-IID Sources Kerry McKay kerry.mckay@nist.gov Random Bit GeneraNon Workshop 2016

  2. 2012 Recap • 2012 dra? of SP 800-90B included non-IID esNmators based on entropic staNsNcs TheoreNcal bounds on IID data – • The methods (tests) were Collision – ParNal collecNon (removed) – Compression (altered s.d. calculaNon) – Markov – Frequency (removed, use Most Common Value esNmate instead) – • For all, changed from 95% to 99% confidence interval in 2016 5/2/16 2

  3. Why Add More? • There were gaps in 2012 methods • We wanted to add esNmators that were designed for IID and non-IID data that wouldn’t unfairly lower entropy esNmates – ParNal collecNon was o?en cruel to non-binary sources • Two types added in 2016 dra? – Predictors – Tuple-based esNmates 5/2/16 3

  4. Predictability and Entropy What is the next output ? ? • Shannon first invesNgated the relaNonship between entropy and predictability in 1951 • Used the ability of humans to predict the next character in the text to esNmate the entropy per character 5/2/16 4

  5. Predictors • Predictors are a framework • APempt to mimic adversary that has access to outputs only • Predictor = model + predicNon funcNon • Given past observaNons, try to guess next output • If guess is correct, record 1; else, record 0 • Include last observaNon in the model 5/2/16 5

  6. Benefits • No need to violate assumpNons about source’s underlying probability distribuNon • Can account for changes over Nme • MulNple ways of esNmaNng entropy 5/2/16 6

  7. EsNmaNng Entropy • A?er N predicNons, have a sequence of 1’s and 0’s • Interpret sequence as result of N independent Bernoulli trials • We use two noNons of predictability to derive entropy esNmate from sequence Global predictability – Local predictability – 5/2/16 7

  8. Global Predictability • Considers how well a predictor is able to guess next output on average • P global = (# correct predicNons)/ N • P’ global is upper bound of 99% confidence interval on P global • PrePy straighMorward 5/2/16 8

  9. Local Predictability • Considers how well a predictor is able to guess next output based on longest run of correct predicNons • Useful if the entropy source falls into highly predictable state – What if the DRBG were seeded from a predictable stream of outputs? • We want to find probability of success for each trial, P local , that is consistent with our observaNons • Specifically, we want to find P local such that the probability that we observed the longest run of successes in N trials is 0.99 5/2/16 9

  10. Local Predictability (cont.) • Have an asymptoNc approximaNon that tells us the probability that there are no runs of length r in N trials, given P local • We turn this around by performing binary search on P local unNl result is sufficiently close to 0.99 Let r be length of longest run + 1 – Solve for P local – – Where • q is 1- P local • x is root of polynomial that can be approximated by iteraNng a recurrence relaNon Ref: Feller, W.: An IntroducNon to Probability Theory and its ApplicaNons, vol. 1, chap. 13. John Wiley and Sons, Inc. (1950) 5/2/16 10

  11. Predictor Min-Entropy EsNmate • The min-entropy esNmate for a predictor is –log 2 (max( P’ global , P local )) • We expect most min-entropy esNmates to be based on global predictability Local predictability is intended for severe failures – 5/2/16 11

  12. Example • Suppose that 14 of 20 guesses were correct – P global = 0.7 – P’ global = 0.7+2.576*sqrt(0.7*0.3/19) = 0.9708 • Suppose that the longest run of correct guesses is 6 – Binary search finds that P local = 0.3779 0.3779 1.0000 • P’ global > P local 0.9000 0.8000 0.7000 • Min-entropy esNmate is 0.6000 0.5000 –log 2 ( P’ global ) ≈ 0.0428 0.4000 0.3000 0.2000 0.1000 0.0000 0 0.2 0.4 0.6 0.8 1 1.2 5/2/16 12

  13. Ensemble Predictors • Several predictors can be combined into one – E.g., different parameters for model construcNon and/or predicNon funcNon Call each one a subpredictor – • Ensemble predictor keeps track of performances of each subpredictor in a scoreboard • Best performing subpredictor is used for the next predicNon • The final entropy esNmate is based on success of the ensemble predictor, not on the individual performance of the subpredictors 5/2/16 13

  14. 90B Predictors • In SP 800-90B strategy (take lowest esNmate), a predictor will only lower the awarded entropy esNmate if it is good at guessing the next output Bad models can’t significantly lower the esNmate – • Without source knowledge, difficult to make best predictor – We can make generic predictors that perform reasonably well 5/2/16 14

  15. 90B Predictors • SP 800-90B specifies four generic predictors: – MulN Most Common in Window PredicNon – Lag PredicNon – MulNMMC PredicNon – LZ78Y PredicNon • MulNMCW, Lag, and MulNMMC are ensemble predictors 5/2/16 15

  16. MulN Most Common in Window Predictor • Each subpredictor keeps window of previous w observaNons We use four window sizes w =63, 255, 1023, and 4095 – PredicNon is the most common value in the window – • Performs well in cases where there is a clear most common value, but the value may vary over Nme E.g., due to environmental condiNons such as operaNng temperature – 5/2/16 16

  17. Lag Predictor • Each subpredictor predicts value observed at a fixed lag, d – Example: if d =1, the subpredictor predicts the last observed value • 90B lag predictor contains 128 subpredictors for lags from 1 to 128 • Performs well on sources with strong periodic behavior, if d is related to period 5/2/16 17

  18. MulNMMC Predictor • MulNple Markov Model with CounNng • Each subpredictor constructs a Markov model from observed outputs – Records the observed frequencies of transiNons (rather than probabiliNes) – PredicNon follows most frequently observed transiNon from the previous d outputs • MulNMMC ensemble predictor uses 16 Markov models with order from 1 to 16 • Works well on sources where outputs are dependent on previous 16 or fewer outputs 5/2/16 18

  19. LZ78Y Predictor • Shares concepts with MulNMMC, but applied differently – Both look at previous outputs and build model with counts of next outputs – This is not an ensemble predictor – PredicNon favors longest string with highest count, not length that performed best in the past – Model (dicNonary) construcNon is bounded • Performs well on sources that would be efficiently compressed by LZ78- like compression algorithms 5/2/16 19

  20. Tuple-based EsNmates • Added two tuple-based esNmates that are based on tuples t-tuple esNmate – LRS esNmate – • These tuple esNmates aPempt to capture global properNes of output sequence 5/2/16 20

  21. t-Tuple EsNmate • EsNmate based on frequencies of tuples • t is largest value such that most common t -tuple appears at least 35 Nmes in sequence • For i from 1 to t , calculate proporNon of highest frequency of i- tuple to all i- tuples in sequence • P max for each i is i th root of proporNon • Entropy is calculated from highest P max 5/2/16 21

  22. LRS EsNmate • Longest repeated substring EsNmates collision entropy – – LRS concept also appears in IID tesNng, but does not award entropy esNmate • Find length of smallest repeated substring that occurs < 20 Nmes, u • Find length of longest repeated substring, v • For W from u to v , esNmate collision probability and max probability of output • Use highest max probability to derive min-entropy esNmate 5/2/16 22

  23. Summary • The non-IID path now includes generic predictors and tuple-based esNmates • Predictors mimic aPacker guessing the next output based on previous outputs and simple models • Tuple-based esNmates that capture global properNes • Complement entropic staNsNcs approach 5/2/16 23

Recommend

Entropy, Relative Entropy, Cross Entropy Entropy Entropy, H(x) is a measure of the uncertainty of

Entropy, Relative Entropy, Cross Entropy Entropy Entropy, H(x) is a measure of the uncertainty of

Entropy, Relative Entropy, Cross Entropy Entropy Entropy, H(x) is a measure of the uncertainty of a discrete random variable. Properties: H(x) &gt;= 0 Entropy Entropy Lesser the probability for an event, larger the entropy.

471 views • 21 slides
Entropy and The Second Law of Thermodynamics Entropy (S)

Entropy and The Second Law of Thermodynamics Entropy (S)

Entropy and The Second Law of Thermodynamics Entropy (S) Entropy is o8en related to disorder but not strictly correct Entropy is a measure

351 views • 8 slides
Formal Modeling in Cognitive Science Lecture 25: Entropy, Joint Entropy, Conditional Entropy 1

Formal Modeling in Cognitive Science Lecture 25: Entropy, Joint Entropy, Conditional Entropy 1

Entropy Entropy Formal Modeling in Cognitive Science Lecture 25: Entropy, Joint Entropy, Conditional Entropy 1 Entropy Entropy and Information Joint Entropy Frank Keller Conditional Entropy School of Informatics University of Edinburgh

81 views • 4 slides
Contour location via entropy reduction leveraging multiple information sources (Poster AB#99)

Contour location via entropy reduction leveraging multiple information sources (Poster AB#99)

Contour location via entropy reduction leveraging multiple information sources (Poster AB#99) Dr. Alexandre Marques (MIT) Dr. Remi Lam* (MIT) Prof. Karen Willcox (ICES, UT Austin) Supported by Air Force CoE on Multi-Fidelity

380 views • 16 slides
the entropy generation rates of physical sources of randomness Joseph D. Hart 1,2,* , Thomas E.

the entropy generation rates of physical sources of randomness Joseph D. Hart 1,2,* , Thomas E.

The im impact of dig igitization on the entropy generation rates of physical sources of randomness Joseph D. Hart 1,2,* , Thomas E. Murphy 2,3 , Rajarshi Roy 2,3,4 , Gerry Baumgartner 5 1 Dept. of Physics 2 Institute for Research in Electronics

918 views • 33 slides
Information Theory Lecture 2 Sources and entropy rate: CT4 Typical sequences: CT3

Information Theory Lecture 2 Sources and entropy rate: CT4 Typical sequences: CT3

Information Theory Lecture 2 Sources and entropy rate: CT4 Typical sequences: CT3 Introduction to lossless source coding: CT5.15 Mikael Skoglund, Information Theory 1/23 Information Sources source X n Source data : a speech

479 views • 12 slides
Entropy Coding Definition of Entropy Three Entropy coding techniques: (taken from the

Entropy Coding Definition of Entropy Three Entropy coding techniques: (taken from the

Outline Entropy Coding Definition of Entropy Three Entropy coding techniques: (taken from the Technion) Huffman coding Arithmetic coding Lempel-Ziv coding 2 Entropy Definitions Alphabet : A finite set containing at least

402 views • 10 slides
Road detection via entropy By Anna Zaidman 1 1 What is entropy? Entropy is a mathematically

Road detection via entropy By Anna Zaidman 1 1 What is entropy? Entropy is a mathematically

Road detection via entropy By Anna Zaidman 1 1 What is entropy? Entropy is a mathematically - defined thermodynamic quantity that helps to account for the flow of energy through a thermodynamic process. 2 What is

467 views • 13 slides
E N T R O P Y S T R U C T U R E Entropy versus resolution Tomasz Downarowicz MOTIVATION

E N T R O P Y S T R U C T U R E Entropy versus resolution Tomasz Downarowicz MOTIVATION

E N T R O P Y S T R U C T U R E Entropy versus resolution Tomasz Downarowicz MOTIVATION Entropy measures exponential complexity in a topological dynamical system: topological entropy very crude, entropy function on invariant

556 views • 23 slides
Chapter 2 Entropy, Relative Entropy, and Mutual Infor- mation Peng-Hua Wang Graduate Institute

Chapter 2 Entropy, Relative Entropy, and Mutual Infor- mation Peng-Hua Wang Graduate Institute

Chapter 2 Entropy, Relative Entropy, and Mutual Infor- mation Peng-Hua Wang Graduate Institute of Communication Engineering National Taipei University Chapter Outline Chap. 2 Entropy, Relative Entropy, and Mutual Information 2.1 Entropy 2.2

752 views • 51 slides
Huffman Encoding 13-Oct-11 Entropy Entropy is a measure of information content: the number of

Huffman Encoding 13-Oct-11 Entropy Entropy is a measure of information content: the number of

Huffman Encoding 13-Oct-11 Entropy Entropy is a measure of information content: the number of bits actually required to store data. Entropy is sometimes called a measure of surprise A highly predictable sequence contains little actual

293 views • 16 slides
ARE THE SHANNON ENTROPY AND RESIDUAL ENTROPY SYNONYMS? H = R 0 ? MARKO POPOVIC DEPARTMENT OF

ARE THE SHANNON ENTROPY AND RESIDUAL ENTROPY SYNONYMS? H = R 0 ? MARKO POPOVIC DEPARTMENT OF

ARE THE SHANNON ENTROPY AND RESIDUAL ENTROPY SYNONYMS? H = R 0 ? MARKO POPOVIC DEPARTMENT OF CHEMISTRY AND BIOCHEMISTRY, BYU, PROVO, UT 84602, POPOVIC.PASA@GMAIL.COM Thermodynamic entropy - S (J/K) At T=0K ideal crystal imperfect

560 views • 21 slides
Infotheory for Statistics and Learning Lecture 1 Entropy Relative entropy Mutual

Infotheory for Statistics and Learning Lecture 1 Entropy Relative entropy Mutual

Infotheory for Statistics and Learning Lecture 1 Entropy Relative entropy Mutual information f -divergence Mikael Skoglund 1/16 Entropy Over ( R , B ) , consider a discrete RV X with all probability in a countable set X B ,

538 views • 8 slides
Model Uncertainty and Robustness: Entropy Coherent and Entropy Convex Measures of Risk Roger J.

Model Uncertainty and Robustness: Entropy Coherent and Entropy Convex Measures of Risk Roger J.

Model Uncertainty and Robustness: Entropy Coherent and Entropy Convex Measures of Risk Roger J. A. Laeven Dept. of Econometrics and OR Tilburg University, CentER and Eurandom based on joint work with Mitja Stadje August 30, 2011 Entropy

442 views • 40 slides
Comparison Between Bayesian and Maximum Entropy Analysis of Flow Networks 1 Maximum Entropy

Comparison Between Bayesian and Maximum Entropy Analysis of Flow Networks 1 Maximum Entropy

Comparison Between Bayesian and Maximum Entropy Analysis of Flow Networks 1 Maximum Entropy The Maximum Entropy (MaxEnt) method is a methodology to assign or update probability distributions to describe systems which are not completely

202 views • 17 slides
Orc David Schleef Entropy Wave Inc (c) 2009 Entropy Wave Inc What is Orc A system for

Orc David Schleef Entropy Wave Inc (c) 2009 Entropy Wave Inc What is Orc A system for

Orc David Schleef Entropy Wave Inc (c) 2009 Entropy Wave Inc What is Orc A system for describing low-level computation on modern CPUs (c) 2009 Entropy Wave Inc Motivation (c) 2009 Entropy Wave Inc Motivation Want maintainable assembly

611 views • 28 slides
1) Entropy = measure of randomness 2) Entropy = measure of compressibility More random = Less

1) Entropy = measure of randomness 2) Entropy = measure of compressibility More random = Less

Introduction to Information Retrieval Entropy: a basic introduction 1) Entropy = measure of randomness 2) Entropy = measure of compressibility More random = Less compressible High entropy = high randomness/low compressibility Low entropy =

236 views • 19 slides
Media Technology Prof. Dr.-Ing. Andreas Schrader Solution of Assignment 2 Solution 2.1 Entropy

Media Technology Prof. Dr.-Ing. Andreas Schrader Solution of Assignment 2 Solution 2.1 Entropy

Media Technology Prof. Dr.-Ing. Andreas Schrader Solution of Assignment 2 Solution 2.1 Entropy of a system in general defines the amount of order contained. For random sources it is a means for the uncertainty of the events generated as symbols

231 views • 4 slides
1 Plasma Entropy In ideal MHD, specific entropy is conserved along a flow path: where:

1 Plasma Entropy In ideal MHD, specific entropy is conserved along a flow path: where:

Plasma Entropy in the Magnetosphere Joachim Raeder 1 , Kai Germaschewski 1 , LiWei Lin 1 Space Science Center, University of New Hampshire, Durham, NH 03824, USA Congre ASTRONUM, Biarritz, France, July 2, 2013 Basic Structure of the

499 views • 11 slides
Sources Sources: Kinds of Sources Citizen witness Confidential informants Anonymous

Sources Sources: Kinds of Sources Citizen witness Confidential informants Anonymous

Search Warrants: Sources, Staleness, and Scope Jeff Welty UNC School of Government Sources Sources: Kinds of Sources Citizen witness Confidential informants Anonymous tipsters 1 Sources: Classification [I]n providing the tip

574 views • 9 slides
Computing and Communications 2. Information Theory -Entropy Ying Cui Department of Electronic

Computing and Communications 2. Information Theory -Entropy Ying Cui Department of Electronic

1896 1920 1987 2006 Computing and Communications 2. Information Theory -Entropy Ying Cui Department of Electronic Engineering Shanghai Jiao Tong University, China 2017, Autumn 1 Outline Entropy Joint entropy and conditional

778 views • 50 slides
Entropy and gravitational interaction c 1 Milutin Blagojevi c i Branislav Cvetkovi 1 Institut

Entropy and gravitational interaction c 1 Milutin Blagojevi c i Branislav Cvetkovi 1 Institut

Introduction Black hole entropy in MB model Black hole entropy in PGT Entropy of conformally flat black holes Conclusion Entropy and gravitational interaction c 1 Milutin Blagojevi c i Branislav Cvetkovi 1 Institut za fiziku, Beograd

331 views • 31 slides
SP 800-90B Overview* John Kelsey, NIST, May 2016 * Revised to correct some errors discovered

SP 800-90B Overview* John Kelsey, NIST, May 2016 * Revised to correct some errors discovered

SP 800-90B Overview* John Kelsey, NIST, May 2016 * Revised to correct some errors discovered after the presentation was given. Updated/new slides are starred. Preliminaries SP 800-90 Series, 90B, and RBGs Entropy Sources Min-Entropy

893 views • 43 slides
Maximum Entropy Beyond Fact to Explain Selecting Probability Maximum Entropy . . . Explaining a

Maximum Entropy Beyond Fact to Explain Selecting Probability Maximum Entropy . . . Explaining a

Need to Select a . . . Maximum Entropy . . . Simple Examples of . . . A Natural Question Maximum Entropy Beyond Fact to Explain Selecting Probability Maximum Entropy . . . Explaining a Value: . . . Distributions Explaining a . . . Need

446 views • 33 slides

More recommend