Inequalities between correlation measures Katalin Gyarmati Etvs - - PowerPoint PPT Presentation

Inequalities between correlation measures

Katalin Gyarmati Eötvös Loránd University Department of Algebra and Number Theory Budapest gykati@cs.elte.hu

Message of I. Bell:

• 1. A. B. C. D. E. F. G. H. I. J. K. L. M. N. P. Q. R. S. T. U. V. W. Y.

Z.

• 2. AA, B; AAA, C; AAAA, D; AAAAA, E; AAAAAA, F; AAAAAAA, G;

AAAAAAAA, H; AAAAAAAAA, I; AAAAAAAAAA, J.

• 3. AKALB; AKAKALC; AKAKAKALD. AKALB; BKALC; CKALD;
• DKALE. BKELG; GLEKB. FKDLJ; JLFKD.
• 4. CMALB; DMALC; IMGLB.
• 5. CKNLC; HKNLH. DMDLN; EMELN.
• 6. JLAN; JKALAA; JKBLAB; AAKALAB. JKJLBN; JKJKJLCN.

FNKGLFG.

• 7. BPCLF; EPBLJ; FPJLFN.
• 8. FQBLC; JQBLE; FNQFLJ.
• 9. CRBLI; BRELCB.
• 10. JPJLJRBLSLANN; JPJPJLJRCLTLANNN. JPSLT; JPTLJRD.
• 11. AQJLU; UQJLAQSLV.
• 12. ULWA; UPBLWB; AWDMALWDLDPU. VLWNA; VPCLWNC.

VQJLWNNA; VQSLWNNNA. JPEWFGHLEFWGH; SPEWFGHLEFGWH.

• 13. GIWIHYHN; TKCYT. ZYCWADAF.
• 14. DPZPWNNIBRCQC.

2 / 26

Erdős Conference in 1999

3 / 26

In 1997 (two years before the Erdős conference) Mauduit and Sárközy have just completed their most famous paper in applied mathematics. The motivation of their study was the Vernam cipher. Message : (a1, . . . , aN) ∈ {0, 1}N ⊕ key-stream : (e1, . . . , eN) ∈ {0, 1}N Encrypted message : (f1, . . . , fN) ∈ {0, 1}N. Rule of addition is the addition modulo 2: 0 ⊕ 0 = 0, 1 ⊕ 1 = 0, 0 ⊕ 1 = 1, 1 ⊕ 0 = 1. If the key-stream is random or pseudorandom binary sequence the Vernam-cipher is one the most secure encrypting algorithm.

4 / 26

Quantitative pseudorandom measures

In 1997 Mauduit and Sárközy introduced new pseudorandom measures in order to study the pseudorandom properties of finite binary sequences:

Definition

For a binary sequence EN = (e1, . . . , eN) ∈ {−1, +1}N of length N, the well-distribution measure of EN is defined as W (EN) = max

a,b,t

• t
• j=0

ea+jb

• ,

where the maximum is taken over all a, b, t such that a, b, t ∈ N and 1 ≤ a ≤ a + tb ≤ N. The well-distribution measure studies how close are the frequencies

• f the +1’s and −1’s in arithmetic progressions.

5 / 26

Typical values of pseudorandom measures

Often it is also necessary to study the connections between certain elements of the sequence. For example, if the subsequence (+1, +1) occurs much more frequently then the subsequence (−1, −1), then it may cause problems in the applications. In order to study connections of this type Mauduit and Sárközy introduced the correlation and normality measures:

Definition

For a binary sequence EN = (e1, . . . , eN) ∈ {−1, +1}N of length N, the correlation measure of order ℓ of EN is defined as Cℓ(EN) = max

M,D

• M
• n=1

en+d1 . . . en+dℓ

• ,

where the maximum is taken over all D = (d1, . . . , dℓ) and M such that 0 ≤ d1 < · · · < dℓ < M + dℓ ≤ N.

6 / 26

The combined (well-distribution-correlation) pseudorandom measure is a common generalization of the well-distribution and the correlation measures. This measure has an important role in the multidimensional extension of the theory of pseudorandomness.

Definition

For a binary sequence EN = (e1, . . . , eN) ∈ {−1, +1}N of length N, the combined (well-distribution-correlation) measure of order ℓ of EN is defined as Qℓ(EN) = max

a,b,t,D

• t
• j=0

ea+jb+d1 . . . ea+jb+dℓ

• ,

where the maximum is taken over all a, b, t and D = (d1, . . . , dℓ) such that all the subscripts a + jb + di belong to {1, 2, . . . , N}.

7 / 26

Upper bounds for the pseudorandom measures

Cassaigne, Ferenczi, Mauduit, Rivat and Sárközy formulated the following principle: “The sequence EN is considered a “good” pseudorandom sequence if these measures W (EN) and Cℓ(EN) (at least for “small” ℓ) are “small”.” Indeed, the security of many cryptographic schemes is based on the property that the frequencies

• f the −1’s and +1’s are about the same in certain “regular”

subsequences of the used pseudorandom binary sequence EN ∈ {−1, +1}N.

8 / 26

Cassaigne, Mauduit and Sárközy proved that for the majority of the sequences EN ∈ {−1, +1}N the measures W (EN) and Cℓ(EN) are around N1/2 (up to some logarithmic factors):

Theorem

Suppose that we choose each EN ∈ {−1, +1}N with probability

1 2N .

Then for all ε > 0 there are numbers N0 = N0(ε) and δ = δ(ε) such that for N > N0 we have P

• W (EN) > δ

√ N

• > 1 − ε

and P

• W (EN) < 6
• N log N
• < ε.

Moreover for all ℓ ∈ N, ℓ ≥ 2 and ε > 0 there are numbers N′

0 = N′ 0(ε, ℓ) and δ = δ(ε, ℓ) such that for N > N′ 0 we have

P

• Cℓ(EN) > δ

√ N

• > 1 − ε

and P

• Cℓ(EN) < 5
• ℓN log N
• < ε.

Alon, Kohayakawa, Mauduit, Moreira and Rödl sharpened these results.

9 / 26

France, Nancy ∼ 2001

10 / 26

Marseille, somewhere, somewhen...

11 / 26

Marseille, somewhere, somewhen...

12 / 26

But the topic of my talk started in Bielefeld...

13 / 26

Minimal values of the pseudorandom measures

We remark that while it is important that for a binary sequence with strong pseudorandom properties these measures should be “small”, lower bounds are not required. In many applications it is enough to guarantee that W (EN) and Cℓ(EN) are o(N), but for the best constructions EN ∈ {−1, +1}N it is proved that W (EN) ≪ N1/2 log N, Cℓ(EN) ≪ N1/2 (log N)cℓ. The estimate of min

EN∈{−1,+1}N W (EN) is a classical problem. In 1964

Roth proved that min

EN∈{−1,+1}N W (EN) ≫ N1/4.

Upper bounds were given by Sárközy and Beck. Finally Matoušek and Spencer showed that min

EN∈{−1,+1}N W (EN) ≪ N1/4.

14 / 26

Alon, Kohayakawa, Mauduit, Moreira and Rödl proved

Theorem

If ℓ is even then min

EN∈{−1,+1}N Cℓ(EN) ≥

• 1

2 N ℓ + 1

• .

The proof of the theorem used deep linear algebraic tools.

15 / 26

Mauduit noticed that the minimum values of correlation of odd

• rder can be very small. Namely, for the sequence

EN = (−1, +1, −1, +1, . . . ) ∈ {−1, +1}N we have Cℓ(EN) = 1 for

• dd ℓ, since

en+1+d1 · · · en+1+dℓ = (−en+d1) · · · (−en+dℓ) = (−1)ℓen+d1 · · · en+dℓ. Thus

• M
• n=1

en+d1 · · · en+dℓ

• = |1 − 1 + 1 − 1 + . . .| =

1 if M is odd, if M is even. So Cℓ(EN) = 1 and thus min

EN∈{−1,+1}N Cℓ(EN) = 1 for odd ℓ.

16 / 26

Mauduit remarked that although for the sequence EN = (−1, +1, −1, +1, . . . ), C3(EN) is 1, the correlation measure

• f order 2 is large: C2(EN) = N − 2 .

Related on his observation Mauduit formulated his famous conjectures: Conjecture 1. For N → ∞, are there sequences EN such that C2(EN) = O( √ N) and C3(EN) = O(1) simultaneously? Mauduit asked another closely related question Conjecture 2. Is it true that for every EN ∈ {−1, +1}N we have C2(EN)C3(EN) ≫ N

• r at least

C2(EN)C3(EN) ≫ Nc with some 1

2 ≤ c ≤ 1?

In Bielefeld when I saw these conjectures of Mauduit I decided to

• solve. At the end of the conference I settled both Problem 1 and

Problem 2 in the weaker form with constant c = 2/3.

17 / 26

After solving conjectures of Mauduit I returned several times to Marseille.... It was not a bad place, anyway!

18 / 26

When I was a visiting researcher in Marseille or Mauduit visit us for a joint project in Budapest he asked me sometimes: Let’s try to solve the conjecture C2(EN)C3(EN) ≫ Nc with exponent c = 1! (I solved only for c = 2/3.) None of us could improve the constant...

19 / 26

Finally, 3 years later, Venkat Anantharam solved it... He simplified further my original argument (which was also quite simple...) Moreover ha gave an alternative proof for C2k(EN) ≫ √ N, however with slightly weaker constant factor than Mauduit et al. ... Mauduit read immediately the paper of Anantharam....

20 / 26

When we met next he told me the following: Your most general theorem states that if 2k + 1 > 2ℓ then C2ℓ(EN)2k+1 + N2k−ℓC2k+1(EN)2 ≫ N2k−ℓ+1. But there is an unpleasant condition 2k + 1 > 2ℓ ! Let’s start to work and remove this condition from the theorem.

21 / 26

Then I read both papers, my old paper and Anantharam’s new paper and I thought Mauduit was wrong... This technical condition must stay in the theorem... Anyway, I had a new pet, and I was not very enthusiastic to work on this project. Mauduit seemed to accept that maybe it would be to difficult to remove this inequality from the theorem... Mauduit, Sárközy and I started to work on another topics...

22 / 26

Around 2011, once Mauduit (unexpectedly) returned to this question... I read again the papers, and I realized he had been right... By the methods of the precious proofs it is possible to compare correlation measures of arbitrary odd and even orders. With Mauduit we proved the following sharp result:

Theorem

There is a constant ck,ℓ depending only on k and ℓ such that if C2k+1(EN) < ck,ℓN1/2, then C2k+1(EN)2ℓC2ℓ(EN)2k+1 ≫ N2k+1, where the implied constant factor depends only on k and ℓ.

23 / 26

I thought this theorem completely solved the problem of even and

• dd order correlations.

New ideas came and Mauduit, Sárközy, Rivat, Hubert, Dartyge and I continued our joint projects on the theory of pseudorandomness... The last 24 years several mathematician joined to the work started by Mauduit and Sárközy in 1996. Last year around this time of the year or one month earlier we were together here in the Uniform Distribution Conference.

24 / 26

Présent, Passé, Avenir Un instant, au passé, mon œil vague s’adresse. Le présent le poursuit. Il ne peut se poser Sur de vieux souvenirs. Non, il ne peut oser. Le présent qui revient le tourmente sans cesse. Le présent, le présent. . . toujours me tient en laisse. Partout il me coudoie! Je le vois aiguiser Ses épines, hélas. . . promptes à m’inciser. Il m’ôte tout espoir. Il me met en détresse. Mais malgré la torture, il ne peut me ravir.

• Tout s’accomplit comme il est écrit – l’avenir!

L’avenir m’aidera sur mon chemin d’épines. En l’avenir se glorifie l’être souffrant. Me montrant le chemin, c’est toi qui m’illumines, Avenir! Tous les deux, nous irons de l’avant. (Attila József) 15 avril 1921. n

25 / 26

Future? One or two weeks ago I had an idea to study concrete applications

• f pseudorandom binary sequences.

Like computing integrals using random elements from the interval [0, 1]. E.g. what happens if we would like to compute the value of a very simple function (like x → x2) based on Legendre-sequences? How small will be the error term? I thought I would tell the idea to András, Joël and Christian. But where is Christian?

26 / 26