 All right, so our next talk is Secure Non-Interactive Simulation, Feasibility and Rate. This is by Hamid Reza Khorasgani, Hamanta Maji, and Hai Ingayan, and Hai will give the talk. So, yeah, go ahead. Hi, is your microphone on? Can you hear me? Yeah. Yeah. So I'm going to talk about Secure Non-Interactive Simulation, Feasibility and Rate, and this is a joint work with Hamid and Maji. So let me start with some motivation for studying Secure Non-Interactive Simulations. So a prominent paradigm in Secure Computations is a pre-processing model. And this model has produced some successful stories. In this model, there are two phases, the up-life phase and the online phase. The up-life phase attributes correlated private elements to parties. And this step is independent of the functions and also the input of the Secure Computation performing the online phase. On the other hand, the online phase is fast and can achieve information theoretic security. And this phase consumes correlations generated from the up-life phase to perform the derived Secure Computation tasks. However, there is a concern for this. So online protocol needs very well-structured correlations. And similarly, well-structured correlations is very aggressive. And if the online protocol is using some cheap correlations, like the noisy correlations, then the online protocol is usually not has enough, it is slow. So one idea, the solution is to transform cheap correlations into well-structured ones and non-interactively and efficiently. So motivated by this, we introduce a new model, we call it Secure Non-Interactive Simulation. So the objective is to simulate a sample of target distribution UV from an independent sample of some sort distribution xy. So in this one, Alice gets xn and Bob gets yn. Additionally, Alice also has access to private-runner-ness IA. Bob also has access to a private-runner-ness IB. And then Alice applies a reduction function on her samples and the private-runner-ness to obtain the input U-pram. Similarly, Bob applies a reduction function gn on his samples and the private-runner-ness IB to obtain an output V-pram. So the coordinates of these simulations, it will ensure that the joint distribution of the outputs, it goes to the target distribution. So in addition to the coordinates, we also require the security conditions. So we formulate these security conditions based on the universal composable security by Kennedy. So in this model, it is secured in Corrupt Alice. It's a distribution of Alice's sample condition on fixing the outputs. It's rapidly independent of the Bob outputs. In other words, the view of Alice can be simulated only from Alice's output. And similarly, it is secured in Corrupt Bob. It's a distribution of Bob's samples. Condition on fixing the outputs is rapidly independent of Alice's output. So these three conditions together define secure non-interactive simulations of UV from I-square. So to study the rate, we consider M independent samples of the target distribution UV. So the rate of these simulations is a maximum achievable rate, is a maximum achievable ratio M by N. So this similar looks very similar to some existing ones in information theory and cryptography. So let me mention some of them, yes. Secure non-interactive simulations in information theory take a lot of zero random correlation generators, which we introduced very recently. And second, secure simulations in cryptographic extensions of non-interactive simulations, which are a classical problem in information theory. So in non-interactive simulations, security is not a concern at all. And first of all, secure non-interactive simulations in generalizations of non-interactive correlation simulations to arbitrary targets. And finally, one can use a secure non-interactive simulations at a restriction of one-way secure computations to no interactions. So in one-way secure computations, only one participates and the other participates. So I will focus on two fundamental correlations. So the first one is the noise from the binary symmetric source. So for this source, Alice receives an uniform random bits, plus one and minus one. And here we use the multiplications, plus one means zero and minus one means one. And we probably one minus epsilon, Bob receives the same bits. And we probably epsilon Bob receives the Philippines. So I'm representing this correlation as BSS rho, where rho equal to one minus two epsilon. And the second correlations is a noise from binary eraser source. And again, Alice receives a uniform random bits, plus one and minus one. We probably one minus epsilon Bob receives the same bits. And we probably epsilon Bob receives the erase bit. So we use notation zero here for the eraser. And I represent these correlations as BSS rho, where rho equal to square root of one minus epsilon. And the reasons we choose the parameter rho, because rho corresponding to the maximum correlations of this source. And maximum correlations is a very prominent quantity in information theory. And we see later that this is also very convenient for our representation. So let me give you an example of insecure reduction. So the example in deductions from reduction of binary symmetric source from one sample of binary eraser. So Alice had an uniform random bit x, plus one or minus one. And Bob has y equal to the Alice bit with both the one minus epsilon. And otherwise it is zero. And so Alice's reduction function work as below is just output per random bit x. Bob output y is y e plus one or minus one. And otherwise it's output in uniform random bits. And you can see that this implements the output u prime and v prime implements an BSS with parameter rho prime, where rho prime equal to this quantity. So it is correct. And one can verify that it is secure again, correct Alice. But this reduction is secure again, correct Bob. So the reason is that as a conditional distribution that you can see here is not independent from u prime. This is Alice's output. So next, let's take a look at secure reduction, where we can simulate one sample of BSS from two independent sample of binary symmetric source with mass symbol correction rho. So the reduction is very simple here. Both of these just output the products of their samples. This u prime equal to the product of the first sample times the second sample, and similarly for Bob. And for this, we can verify that it is a correct and secure course such as. So our questions from this model is that given a source and a target distribution, is that possible to simulate the target distributions from the source? So in other words, we are interested in whether it is feasible or not. And when it is feasible, we want to make it very efficient and we try to simulate as many samples as possible. So we're interested in what is the more efficient secure simulations. So we initiate the study of feasibility and great of secure non-interactive simulations. And in an independent work, Aguawa et al. introduce the same primitive. And they focus on studying the feasibility from arbitrary source and target distribution. And you will see this in the next talk. So let me summarize our results. Our first loss is a de-randomization. So basically, this is telling us that private randomness is a risk for secure simulation. And in fact, we have two different ways of de-randomize some reduction functions. The first one is for the PCBP results and the second form is studying the risk of secure reduction. So our first de-randomization results tell us that if there exists random microstructions, then there also exists deterministic constructions that use more number of samples but asymptotically the same. And with almost identical simulation error. However, this simulation is not enough to study the rate because it doesn't preserve the number of samples. It is more number of samples. So we also put that it is possible to de-randomize the constructions using the same number of samples but with slightly higher simulation error. So the constant here usually either half. So we can achieve square root of nu if the original random microstructions achieve simulation error nu. So our work focuses on secure simulations between binary symmetric sources and binary eraser sources. So first we show that it is impossible to simulate binary eraser source from a binary symmetric source of five percent. And next we consider the cell reductions between binary symmetric sources. And we show that it is feasible if the maximal correlation of the target distributions yield power of the maximal correlations of the source distribution. And in this context, when this happens, we show that the rate is less than or equal to one by two. And interestingly, we can prove very strong results. It tells us that a statistical constructions can be error corrected to a perfect constructions. So in fact, we show an academy of secure simulations. That is, either there exists a perfect constructions or any constructions have constant insecure. And finally, we also consider the cell simulations between binary eraser sources. This looks very similar to the simulation of binary symmetric sources. And basically, so this is similar, but here for the perfect constructions, we are able to show that only linear production functions work. And for the rest of the talk, I will be focusing on the technical ideas from our work. So to go about, let us take a look at the impossibility of binary eraser source from binary symmetric source. So first I want to note that the impossibility result from insecure simulations and one way secure computation naturally carry over to the secure simulations. And reverse hypercontactivity and Haris claim inequality as a two main technical tool to prove the impossibility results. So let me give you some intuition how to prove the impossibility results. So here, if we look at the target distributions, suppose that Alice outputs equal to plus one with some constant probability. And also that the box output equal to minus one with some constant probability. Then this technical tool tells us that these two events must happen simultaneously also with some constant probability. However, for the binary eraser source, this quantity is zero. So that's why it is impossible to simulate binary eraser source from binary symmetric source. So next, we take a look at the impossibility of binary symmetric source from binary eraser source. So here I want to note that this problem in the other models, the insecure simulations, and one way secure computations is still open for some reason of parameters. And these problems seem quite challenging in this setting. However, in our setting, with the security conditions, we are able to show that it is impossible. So let me give you some high level idea of how we prove that. So we prove it by contradictions. First, we fix some sources and the target distributions and suppose there exists a statistical distance as opposed to the statistical constructions. So our first step, we did undermine some reduction functions. So with that, we can say that the reduction function is deterministic. And then we out-surprise the security definitions. And to out-surprise this, we use the macro and the joint macro parameters of the source distributions. So from the series input, we can out-surprise to the following out-surprise constants. So I'm not going over the details of these constants. And from those constants, it implies an approximate eigenvector problem. So basically it's saying that some combined up to two macro operator applied on the function F should be close to a scaling of the function F. So intuitively, F should be an approximate eigenvector of the macro operator T-tivor. And then interestingly, we observe that when we apply the two macro operator together, it is equal to the Konami vector noise operator with parameter both square. So we use a Fourier analysis to show that the rho prime square e of power of rho square. So in other words, the maximal combination of the packet distributions e of power of the mass, e of power of the mass immigration of the source. And furthermore, we can show that the spatial width of the reduction function F is mostly concentrated on dv-gay terms. So with the concentrations on low-dv terms, we can apply a powerful tune from a harmonic analysis, that is, with the Hunter theorem. And we can conclude that the reduction function F will be close to some constant Hunter Boolean function H. So H here depends only on constant number of input variables. And it is independent of the number of samples F. And finally, we use the random prediction techniques to prove that the simulation errors elicit a constant. And here is a high-level template to prove the results. So first, we de-randomize, and then we out-surprise the security. And from the out-surprise-ations, we get an approximate eigenvector problem. And from that, we show a Fourier concentrations. And for applying the Hunter theorem, we can do the dimension reductions. And next, we take a look at the feasibility of binary symmetric source from another binary symmetric source. So intuitively, we follow that template with the show here. So we are able to show that the massing of the target distributions must be a power of the massing of the source. And it also is the case that the spectrum of reduction function F concentrated on some dv k. And we also show that both reduction function F and g should close to a constant Hunter Boolean functions. So it depends on only constant number of input variables. So let me give you an example. I just see. So I just see it before. So linear reductions F and g here, we can simulate one sample of BSS row from two sample of BSS row. And this is a linear constructions. And all the Fourier weights of this function concentrated on dv2. Because here, your linear term is a product of two variable x1 and x2. But interestingly, for this, there also exists nonlinear reduction functions. And this is a nonlinear reduction functions. I'm not going over the detail of these constructions. But you can observe that these constructions also have the Fourier spectrum concentrated on dv2. Because all the terms here have dv2. It's a product of the two variable. And observe that this construction will force samples of BSS row to simulate one sample here. So we need four samples here. For linear reductions, we use only two samples. So a natural question to ask is that a nonlinear reduction function always works than the linear reductions. And interestingly, if we look at some simulation of two independent sample of BSS row graph, then in fact, using two different nonlinear reduction functions, this one and this one, then we can also achieve, we can simulate two independent sample of binary symmetric source. So at a summary here, the block linear reductions achieve the red half. But nonlinear reduction also achieve the red half. So here, it is natural to ask another question. Can nonlinear reduction surpass the red half? So in fact, we prove that for perfect constructions, the red can be at most half. So it means that nonlinear reduction functions can be at most at most at the linear reduction function for the simulation of binary symmetric source. So I went over the detail of our life here. But for the statistical simulations, this problem remains open. And we have the following conjecture. It related to harmonic analysis. And here, I want to emphasize that if we can prove this conjecture, then it shall prove the red from a statistical simulation of BSS from BSS. So let me briefly go over the conjecture here. So we want to say that if we have three functions that are all homosilias, and any pair of wires, it is also a homosilias Boolean function. Then it must be the guy that that product is also homosilias. So if we can prove this, we can prove a local to global structure. And this will help us to prove the red result for statistical gains. And finally, we also found an interesting connection between CQ simulations and distant invariant codes. So of course, C, a distant invariant is a number of code rules as written i from a fixed code for C. It is independent of the code for C. So intuitively, if you look at the red commemorator of C plus with any code word in C, it is the same. So we show this connection to the CQ simulations of binary symmetric source. So we saw that if there is a CQ simulations of BSS from another BSS, even if the two reduction functions are identical. And so distant enumerators of any code word but in the P image of the reduction function F are identical. So at a summary, we introduced a new model, a CQ non-interactive simulations, and we initiated the study of feasibility and rate of this model. And we gave a complete characterization of feasibility and rate among binary symmetric sources and binary erasers sources, except for the statistical rate of binary symmetric sources. And we proved very strong forms of statistical to perfect reductions. And finally, we saw a connection of CQ simulations among binary symmetric samples with homogenous Boolean functions and distant infinite codes. And thank you for your attention. All right. Thanks, hi. So we're running a little bit over time. So I think maybe if anyone has questions, I'd encourage you to sign on to Zoom and ask hi in chat. And we'll set up for the next speaker. Thank you. Thanks. Thanks.