Inequalities between correlation measures Katalin Gyarmati Etvs - PowerPoint PPT Presentation

Inequalities between correlation measures Katalin Gyarmati Eötvös Loránd University Department of Algebra and Number Theory Budapest gykati@cs.elte.hu

Message of I. Bell: 1. A. B. C. D. E. F. G. H. I. J. K. L. M. N. P. Q. R. S. T. U. V. W. Y. Z. 2. AA, B; AAA, C; AAAA, D; AAAAA, E; AAAAAA, F; AAAAAAA, G; AAAAAAAA, H; AAAAAAAAA, I; AAAAAAAAAA, J. 3. AKALB; AKAKALC; AKAKAKALD. AKALB; BKALC; CKALD; DKALE. BKELG; GLEKB. FKDLJ; JLFKD. 4. CMALB; DMALC; IMGLB. 5. CKNLC; HKNLH. DMDLN; EMELN. 6. JLAN; JKALAA; JKBLAB; AAKALAB. JKJLBN; JKJKJLCN. FNKGLFG. 7. BPCLF; EPBLJ; FPJLFN. 8. FQBLC; JQBLE; FNQFLJ. 9. CRBLI; BRELCB. 10. JPJLJRBLSLANN; JPJPJLJRCLTLANNN. JPSLT; JPTLJRD. 11. AQJLU; UQJLAQSLV. 12. ULWA; UPBLWB; AWDMALWDLDPU. VLWNA; VPCLWNC. VQJLWNNA; VQSLWNNNA. JPEWFGHLEFWGH; SPEWFGHLEFGWH. 13. GIWIHYHN; TKCYT. ZYCWADAF. 14. DPZPWNNIBRCQC. 2 / 26

Erdős Conference in 1999 3 / 26

In 1997 (two years before the Erdős conference) Mauduit and Sárközy have just completed their most famous paper in applied mathematics. The motivation of their study was the Vernam cipher. Message : ( a 1 , . . . , a N ) ∈ { 0 , 1 } N ⊕ key-stream : ( e 1 , . . . , e N ) ∈ { 0 , 1 } N Encrypted message : ( f 1 , . . . , f N ) ∈ { 0 , 1 } N . Rule of addition is the addition modulo 2: 0 ⊕ 0 = 0 , 1 ⊕ 1 = 0 , 0 ⊕ 1 = 1 , 1 ⊕ 0 = 1 . If the key-stream is random or pseudorandom binary sequence the Vernam-cipher is one the most secure encrypting algorithm. 4 / 26

Quantitative pseudorandom measures In 1997 Mauduit and Sárközy introduced new pseudorandom measures in order to study the pseudorandom properties of finite binary sequences: Definition For a binary sequence E N = ( e 1 , . . . , e N ) ∈ {− 1 , + 1 } N of length N, the well-distribution measure of E N is defined as � � t � � � � � W ( E N ) = max e a + jb , � � a , b , t � � j = 0 � � where the maximum is taken over all a , b , t such that a , b , t ∈ N and 1 ≤ a ≤ a + tb ≤ N. The well-distribution measure studies how close are the frequencies of the + 1’s and − 1’s in arithmetic progressions. 5 / 26

Typical values of pseudorandom measures Often it is also necessary to study the connections between certain elements of the sequence. For example, if the subsequence (+ 1 , + 1 ) occurs much more frequently then the subsequence ( − 1 , − 1 ) , then it may cause problems in the applications. In order to study connections of this type Mauduit and Sárközy introduced the correlation and normality measures: Definition For a binary sequence E N = ( e 1 , . . . , e N ) ∈ {− 1 , + 1 } N of length N, the correlation measure of order ℓ of E N is defined as � M � � � � C ℓ ( E N ) = max e n + d 1 . . . e n + d ℓ � , � � � � M , D � n = 1 where the maximum is taken over all D = ( d 1 , . . . , d ℓ ) and M such that 0 ≤ d 1 < · · · < d ℓ < M + d ℓ ≤ N. 6 / 26

The combined (well-distribution-correlation) pseudorandom measure is a common generalization of the well-distribution and the correlation measures. This measure has an important role in the multidimensional extension of the theory of pseudorandomness. Definition For a binary sequence E N = ( e 1 , . . . , e N ) ∈ {− 1 , + 1 } N of length N, the combined (well-distribution-correlation) measure of order ℓ of E N is defined as � � t � � � � � Q ℓ ( E N ) = max e a + jb + d 1 . . . e a + jb + d ℓ , � � a , b , t , D � � j = 0 � � where the maximum is taken over all a , b , t and D = ( d 1 , . . . , d ℓ ) such that all the subscripts a + jb + d i belong to { 1 , 2 , . . . , N } . 7 / 26

Upper bounds for the pseudorandom measures Cassaigne, Ferenczi, Mauduit, Rivat and Sárközy formulated the following principle: “The sequence E N is considered a “good” pseudorandom sequence if these measures W ( E N ) and C ℓ ( E N ) (at least for “small” ℓ ) are “small”.” Indeed, the security of many cryptographic schemes is based on the property that the frequencies of the − 1’s and + 1’s are about the same in certain “regular” subsequences of the used pseudorandom binary sequence E N ∈ {− 1 , + 1 } N . 8 / 26

Cassaigne, Mauduit and Sárközy proved that for the majority of the sequences E N ∈ {− 1 , + 1 } N the measures W ( E N ) and C ℓ ( E N ) are around N 1 / 2 (up to some logarithmic factors): Theorem Suppose that we choose each E N ∈ {− 1 , + 1 } N with probability 1 2 N . Then for all ε > 0 there are numbers N 0 = N 0 ( ε ) and δ = δ ( ε ) such that for N > N 0 we have √ � � � � � P W ( E N ) > δ N > 1 − ε and P W ( E N ) < 6 N log N < ε. Moreover for all ℓ ∈ N , ℓ ≥ 2 and ε > 0 there are numbers N ′ 0 = N ′ 0 ( ε, ℓ ) and δ = δ ( ε, ℓ ) such that for N > N ′ 0 we have √ � � � � � P C ℓ ( E N ) > δ N > 1 − ε and P C ℓ ( E N ) < 5 ℓ N log N < ε. Alon, Kohayakawa, Mauduit, Moreira and Rödl sharpened these results. 9 / 26

France, Nancy ∼ 2001 10 / 26

Marseille, somewhere, somewhen... 11 / 26

Marseille, somewhere, somewhen... 12 / 26

But the topic of my talk started in Bielefeld... 13 / 26

Minimal values of the pseudorandom measures We remark that while it is important that for a binary sequence with strong pseudorandom properties these measures should be “small”, lower bounds are not required. In many applications it is enough to guarantee that W ( E N ) and C ℓ ( E N ) are o ( N ) , but for the best constructions E N ∈ {− 1 , + 1 } N it is proved that W ( E N ) ≪ N 1 / 2 log N , C ℓ ( E N ) ≪ N 1 / 2 ( log N ) c ℓ . The estimate of E N ∈{− 1 , + 1 } N W ( E N ) is a classical problem. In 1964 min Roth proved that E N ∈{− 1 , + 1 } N W ( E N ) ≫ N 1 / 4 . min Upper bounds were given by Sárközy and Beck. Finally Matoušek and Spencer showed that E N ∈{− 1 , + 1 } N W ( E N ) ≪ N 1 / 4 . min 14 / 26

Alon, Kohayakawa, Mauduit, Moreira and Rödl proved Theorem If ℓ is even then � N � � 1 E N ∈{− 1 , + 1 } N C ℓ ( E N ) ≥ min . 2 ℓ + 1 The proof of the theorem used deep linear algebraic tools. 15 / 26

Mauduit noticed that the minimum values of correlation of odd order can be very small. Namely, for the sequence E N = ( − 1 , + 1 , − 1 , + 1 , . . . ) ∈ {− 1 , + 1 } N we have C ℓ ( E N ) = 1 for odd ℓ , since e n + 1 + d 1 · · · e n + 1 + d ℓ = ( − e n + d 1 ) · · · ( − e n + d ℓ ) = ( − 1 ) ℓ e n + d 1 · · · e n + d ℓ . Thus � 1 � M � if M is odd, � � � e n + d 1 · · · e n + d ℓ � = | 1 − 1 + 1 − 1 + . . . | = � � 0 if M is even. � � � n = 1 So C ℓ ( E N ) = 1 and thus E N ∈{− 1 , + 1 } N C ℓ ( E N ) = 1 for odd ℓ . min 16 / 26

Mauduit remarked that although for the sequence E N = ( − 1 , + 1 , − 1 , + 1 , . . . ) , C 3 ( E N ) is 1, the correlation measure of order 2 is large: C 2 ( E N ) = N − 2 . Related on his observation Mauduit formulated his famous conjectures: Conjecture 1. For N → ∞ , are there sequences E N such that √ C 2 ( E N ) = O ( N ) and C 3 ( E N ) = O ( 1 ) simultaneously? Mauduit asked another closely related question Conjecture 2. Is it true that for every E N ∈ {− 1 , + 1 } N we have C 2 ( E N ) C 3 ( E N ) ≫ N or at least C 2 ( E N ) C 3 ( E N ) ≫ N c with some 1 2 ≤ c ≤ 1? In Bielefeld when I saw these conjectures of Mauduit I decided to solve. At the end of the conference I settled both Problem 1 and Problem 2 in the weaker form with constant c = 2 / 3. 17 / 26

After solving conjectures of Mauduit I returned several times to Marseille.... It was not a bad place, anyway! 18 / 26

When I was a visiting researcher in Marseille or Mauduit visit us for a joint project in Budapest he asked me sometimes: Let’s try to solve the conjecture C 2 ( E N ) C 3 ( E N ) ≫ N c with exponent c = 1! (I solved only for c = 2 / 3.) None of us could improve the constant... 19 / 26

Finally, 3 years later, Venkat Anantharam solved it... He simplified further my original argument (which was also quite simple...) √ Moreover ha gave an alternative proof for C 2 k ( E N ) ≫ N , however with slightly weaker constant factor than Mauduit et al. ... Mauduit read immediately the paper of Anantharam.... 20 / 26

When we met next he told me the following: Your most general theorem states that if 2 k + 1 > 2 ℓ then C 2 ℓ ( E N ) 2 k + 1 + N 2 k − ℓ C 2 k + 1 ( E N ) 2 ≫ N 2 k − ℓ + 1 . But there is an unpleasant condition 2 k + 1 > 2 ℓ ! Let’s start to work and remove this condition from the theorem. 21 / 26

Then I read both papers, my old paper and Anantharam’s new paper and I thought Mauduit was wrong... This technical condition must stay in the theorem... Anyway, I had a new pet, and I was not very enthusiastic to work on this project. Mauduit seemed to accept that maybe it would be to difficult to remove this inequality from the theorem... Mauduit, Sárközy and I started to work on another topics... 22 / 26