Moni Naor

Bio: Moni Naor is an academic researcher from Weizmann Institute of Science. The author has contributed to research in topics: Encryption & Cryptography. The author has an hindex of 102, co-authored 338 publications receiving 47090 citations. Previous affiliations of Moni Naor include IBM & Stanford University.

Adversarial laws of large numbers and optimal regret in online classification

Abstract: Laws of large numbers guarantee that given a large enough sample from some population, the measure of any fixed sub-population is well-estimated by its frequency in the sample. We study laws of large numbers in sampling processes that can affect the environment they are acting upon and interact with it. Specifically, we consider the sequential sampling model proposed by Ben-Eliezer and Yogev (2020), and characterize the classes which admit a uniform law of large numbers in this model: these are exactly the classes that are online learnable. Our characterization may be interpreted as an online analogue to the equivalence between learnability and uniform convergence in statistical (PAC) learning. The sample-complexity bounds we obtain are tight for many parameter regimes, and as an application, we determine the optimal regret bounds in online learning, stated in terms of Littlestone’s dimension, thus resolving the main open question from Ben-David, Pal, and Shalev-Shwartz (2009), which was also posed by Rakhlin, Sridharan, and Tewari (2015).

How to Share a Secret, Infinitely.

Abstract: Secret sharing schemes allow a dealer to distribute a secret piece of information among several parties such that only qualified subsets of parties can reconstruct the secret. The collection of qualified subsets is called an access structure . The best known example is the $k$ -threshold access structure, where the qualified subsets are those of size at least $k$ . When $k=2$ and there are $n$ parties, there are schemes for sharing an $\ell $ -bit secret in which the share size of each party is roughly $\max \{\ell ,\log n\}$ bits, and this is tight even for secrets of 1 b. In these schemes, the number of parties $n$ must be given in advance to the dealer. In this paper, we consider the case where the set of parties is not known in advance and could potentially be infinite. Our goal is to give the ${t} {^{\mathrm{ th}}}$ party arriving the smallest possible share as a function of $t$ . Our main result is such a scheme for the $k$ -threshold access structure and 1-bit secrets where the share size of party $t$ is $(k-1)\cdot \log t + \mathsf {poly}(k)\cdot o(\log t)$ . For $k=2$ we observe an equivalence to prefix codes and present matching upper and lower bounds of the form $\log t + \log \log t + \log \log \log t + O(1)$ . Finally, we show that for any access structure there exists such a secret sharing scheme with shares of size $2^{t-1}$ .

Three results on interactive communication

Abstract: X and Y are random variables. Person P/sub x/ knows X, Person P/sub y/ knows Y, and both know the underlying probability distribution of the random pair (X, Y). Using a predetermined protocol, they exchange messages over a binary, error-free, channel in order for P/sub y/ to learn X. P/sub x/ may or may not learn Y. C/sub m/ is the number of information bits that must be transmitted (by both persons) in the worst case if only m messages are allowed. C/sub infinity / is the corresponding number of bits when there is no restriction on the number of messages exchanged. We consider three aspects of this problem. C/sub 4/. It is known that one-message communication may require exponentially more bits than the minimum possible: for some random pairs, C/sub 1/=2/sup C infinity -1/. Yet just two messages suffice to reduce communication to almost the minimum: for all random pairs, C/sub 2/ or=(2- in )C/sub infinity />or=c. Asymptotically, this is the largest possible discrepancy. Amortized complexity. The amortized complexity of (X,Y) is the limit, as k grows, of the number of bits required in the worst case for L independent repetitions of (X, Y), normalized by k. We show that the four-message amortized complexity of all random pairs is exactly log mu . Hence, when a random pair is repeated many times, no bits can be saved if P/sub x/ knows Y in advance. >

Coin-flipping games immune against linear-sized coalitions

Abstract: It is proved that for every c<1 there are perfect-information coin-flipping and leader-election games on n players in which no coalition of cn players can influence the outcome with probability greater than some universal constant times c. It is shown that a random protocol of a certain length has this property, and an explicit construction is given as well.

From unpredictability to indistinguishability : A simple construction of pseudo-random functions from MACs

Abstract: This paper studies the relationship between unpredictable functions (which formalize the concept of a MAC) and pseudo-random functions. We show an efficient transformation of the former to the latter using a unique application of the Goldreich-Levin hard-core bit (taking the inner-product with a random vector r): While in most applications of the GL-bit the random vector r may be public, in our setting this is not the case. The transformation is only secure when r is secret and treated as part of the key. In addition, we consider weaker notions of unpredictability and their relationship to the corresponding notions of pseudo-randomness. Using these weaker notions we formulate the exact requirements of standard protocols for private-key encryption, authentication and identification. In particular, this implies a simple construction of a private-key encryption scheme from the standard challenge-response identification scheme.

I and i

Abstract: There is, I think, something ethereal about i —the square root of minus one. I remember first hearing about it at school. It seemed an odd beast at that time—an intruder hovering on the edge of reality. Usually familiarity dulls this sense of the bizarre, but in the case of i it was the reverse: over the years the sense of its surreal nature intensified. It seemed that it was impossible to write mathematics that described the real world in …

Handbook of Applied Cryptography

Abstract: From the Publisher: A valuable reference for the novice as well as for the expert who needs a wider scope of coverage within the area of cryptography, this book provides easy and rapid access of information and includes more than 200 algorithms and protocols; more than 200 tables and figures; more than 1,000 numbered definitions, facts, examples, notes, and remarks; and over 1,250 significant references, including brief comments on each paper.

Systems and Methods for Secure Transaction Management and Electronic Rights Protection

Abstract: PROBLEM TO BE SOLVED: To solve the problem, wherein it is impossible for an electronic content information provider to provide commercially secure and effective method, for a configurable general-purpose electronic commercial transaction/distribution control system. SOLUTION: In this system, having at least one protected processing environment for safely controlling at least one portion of decoding of digital information, a secure content distribution method comprises a process for encapsulating digital information in one or more digital containers; a process for encrypting at least a portion of digital information; a process for associating at least partially secure control information for managing interactions with encrypted digital information and/or digital container; a process for delivering one or more digital containers to a digital information user; and a process for using a protected processing environment, for safely controlling at least a portion of the decoding of the digital information. COPYRIGHT: (C)2006,JPO&NCIPI

Random graphs

Abstract: We will review some of the major results in random graphs and some of the more challenging open problems. We will cover algorithmic and structural questions. We will touch on newer models, including those related to the WWW.

Identity-Based Encryption from the Weil Pairing

Abstract: We propose a fully functional identity-based encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational Diffie-Hellman problem. Our system is based on the Weil pairing. We give precise definitions for secure identity based encryption schemes and give several applications for such systems.