Optimality of Correlated Sampling Strategies
Mohammad Bavarian, Badih Ghazi, Elad Haramaty, Pritish Kamath, Ronald L. Rivest, Madhu Sudan
aa r X i v : . [ c s . CC ] D ec The Optimality of Correlated Sampling
Mohammad Bavarian ∗ Badih Ghazi † Elad Haramaty ‡ Pritish Kamath § Ronald L. Rivest ¶ Madhu Sudan k December 6, 2016
Abstract
In the correlated sampling problem, two players, say Alice and Bob, are given two distributions,say P and Q respectively, over the same universe and access to shared randomness. The two playersare required to output two elements, without any interaction, sampled according to their respectivedistributions, while trying to minimize the probability that their outputs disagree. A well-known pro-tocol due to Holenstein, with close variants (for similar problems) due to Broder, and to Kleinbergand Tardos, solves this task with disagreement probability at most δ/ (1 + δ ) , where δ is the total vari-ation distance between P and Q . This protocol has been used in several different contexts includingsketching algorithms, approximation algorithms based on rounding linear programming relaxations,the study of parallel repetition and cryptography.In this note, we give a surprisingly simple proof that this protocol is in fact tight. Specifically, forevery δ ∈ (0 , , we show that any correlated sampling scheme should have disagreement probabilityat least δ/ (1 + δ ) . This partially answers a recent question of Rivest.Our proof is based on studying a new problem we call constrained agreement . Here, Alice is givena subset A ⊆ [ n ] and is required to output an element i ∈ A , Bob is given a subset B ⊆ [ n ] and isrequired to output an element j ∈ B , and the goal is to minimize the probability that i = j . We provetight bounds on this question, which turn out to imply tight bounds for correlated sampling. Thoughwe settle basic questions about the two problems, our formulation also leads to several questions thatremain open. ∗ Department of Mathematics and Computer Science and Artificial Intelligence Laboratory, Massachusetts Institute of Tech-nology, Cambridge MA 02139. Supported in part by NSF Award CCF-1420692. [email protected] . † Computer Science and Artificial Intelligence Laboratory, Massachusetts Institute of Technology, Cambridge MA 02139.Supported in part by NSF CCF-1420956, NSF CCF-1420692 and CCF-1217423. [email protected] . ‡ Harvard John A. Paulson School of Engineering and Applied Sciences. Part of this work supported by NSF Award CCF-1565641. [email protected] . § Computer Science and Artificial Intelligence Laboratory, Massachusetts Institute of Technology, Cambridge MA 02139.Supported in part by NSF CCF-1420956 and NSF CCF-1420692. [email protected] . ¶ Institute Professor, MIT. This work supported by the Center for Science of Information (CSoI), an NSF Science and Tech-nology Center, under grant agreement CCF-0939370. k Harvard John A. Paulson School of Engineering and Applied Sciences. Part of this work supported by NSF Award CCF-1565641 and a Simons Investigator Award. [email protected] . Introduction
In this work, we study correlated sampling , a very basic task, variants of which have been consideredin the context of sketching algorithms [Bro97], approximation algorithms based on rounding linearprogramming relaxations [KT02, Cha02], the study of parallel repetition [Hol07, Rao11, BHH +
08] andvery recently cryptography [Riv16].This problem involves two players, Alice and Bob, attempting to come to agreement non-interactively.Alice and Bob are given distributions P and Q respectively over the same universe Ω . Without anyinteraction, Alice is required to output an element i ∼ P and Bob is required to output an element j ∼ Q , where the players have access to shared randomness. The goal is to minimize the disagreementprobability Pr[ i = j ] in terms of the total variation distance d TV ( P, Q ) (where the probability is overthe shared randomness). More formally we define correlated sampling strategies as follows. Definition 1.1 (Correlated Sampling Strategies) . Given a universe Ω and a randomness space R , a pair offunctions ( f, g ) , where f : ∆ Ω × R → Ω and g : ∆ Ω × R → Ω , is said to be a correlated sampling strategy with error ε : [0 , → [0 , , if for any distribution P, Q ∈ ∆ Ω , such that d TV ( P, Q ) = δ , it holds that, • [Correctness] { f ( P, r ) } r ∼R = P and { g ( Q, r ) } r ∼R = Q • [Error guarantee] Pr r ∼R [ f ( P, r ) = g ( Q, r )] ≤ ε ( δ ) Here, ∆ Ω is the set of all probability distributions on Ω . Also, we abuse notations slightly to let R denote asuitable distribution on the set R . Moreover, we will always assume that R is sufficiently large, and we willoften not mention R explicitly, when talking about correlated sampling strategies. It is also allowed to have asequence of strategies with increasing size of R , in which case, we want the above constraints to be satisfied inthe limit as |R| → ∞ . A priori it is unclear whether such a protocol can even exist, since the error ε is not allowed todepend on the universe Ω . Somewhat surprisingly, there exists a simple protocol whose disagreementprobability can be bounded by roughly twice the total variation distance (and in particular does notdegrade with the size of the universe). Variants of this protocol have been rediscovered multiple timesin the literature yielding the following theorem. Theorem 1.2 (Holenstein [Hol07]. See also Broder [Bro97], Kleinberg-Tardos [KT02]) . For any universe Ω , there exists a correlated sampling strategy with error ε : [0 , → [0 , such that, ∀ δ ∈ [0 , , ε ( δ ) ≤ · δ δ (1)Strictly speaking, the work of Broder [Bro97] does not consider the general correlated samplingproblem. Rather it gives a strategy (the “MinHash strategy”) which happens to solve the correlatedsampling problem under the condition that P and Q are flat distributions, i.e. they are uniform oversome subset of the domain. The above bound applies to the case where these sets have the same size.The technique can also be generalized to other distributions to get the bound above, and this gives aprotocol similar to that of Holenstein, though if P and Q are uniform over different sized subsets, theabove bound is weaker than that obtained from a direct application of Broder’s algorithm! Holenstein[Hol07] appears to be the first to formulate the problem for general distributions and give a solutionwith the bound claimed above.For sake of completeness, we give a description of Broder’s strategy as well as Holenstein’s strat-egy in Section 3. We point out that variants of the protocol in Theorem 1.2 (sometimes referred toas “consistent sampling” protocols) had been used in several applied works [M +
94, GP06, MMT10]before Holenstein’s paper.Given Theorem 1.2, a natural and basic question is whether the bound on the disagreement proba-bility can be improved. Indeed, this question was very recently raised by Rivest [Riv16] in the contextof symmetric encryption, and this was one of the motivations behind this work. We give a surpris-ingly simple proof that the bound in Theorem 1.2 is actually tight (for a coarse parameterization of theproblem).
Theorem 1.3 (Main Result) . For every δ ∈ (0 , and γ > , there exists a family of pairs of distributions ( P, Q ) satisfying d TV ( P, Q ) ≤ δ such that any correlated sampling strategy for this family has error at least · δ δ − γ . we will primarily consider only finite universes. ur proof of Theorem 1.3 is surprisingly simple and is based on studying the following constrainedagreement problem that we introduce and which is tightly related to correlated sampling. Alice isgiven a subset A ⊆ [ n ] and Bob is given a subset B ⊆ [ n ] , where the pair ( A, B ) is sampled from somedistribution D . Alice is required to output an element i ∈ A and Bob is required to output an element j ∈ B , such that the disagreement probability Pr ( A,B ) ∼ D [ i = j ] is minimized. Definition 1.4 (Constrained Agreement Strategies) . Given a universe
Ω = [ n ] and a distribution D over Ω × Ω (i.e. pairs of subsets of Ω ), a pair of functions ( f, g ) , where f : 2 Ω → Ω and g : 2 Ω → Ω , is said to be a constrained agreement strategy with error err D ( f, g ) = ε ∈ [0 , , if it holds that, • [Correctness] ∀ A ⊆ Ω , f ( A ) ∈ A and ∀ B ⊆ Ω , g ( B ) ∈ B • [Error guarantee] Pr ( A,B ) ∼D [ f ( A ) = g ( B )] ≤ ε We point out that since the constrained agreement problem is defined with respect to an inputdistribution D on pairs of sets, we can require, without loss of generality, that the strategies ( f, g ) bedeterministic in 1.4 (this follows from Yao’s minimax principle). We arrive at the constrained agree-ment problem as follows: First we consider the flat distribution case of 1.1 and relax the restrictionsof { f ( P, r ) } r ∼R = P and { g ( Q, r ) } r ∼R = Q , although, we still require that f ( P, r ) ∈ supp( P ) and g ( Q, r ) ∈ supp( Q ) for any r ∈ R . This makes it a constraint satisfaction problem and we consider adistributional version of the same.In order to prove Theorem 1.3, we show that in fact the correlated sampling strategy (a suitable de-randomization thereof) as in Theorem 1.2 is optimal for the constrained agreement problem whenever D is the distribution D p where every coordinate i ∈ [ n ] is independently included in each of A and B with probability p . Lemma 1.5.
For every p ∈ [0 , and the distribution D p on [ n ] × [ n ] , any constrained agreement strategy ( f, g ) makes error err D p ( f, g ) ≥ − p )2 − p . Organization of the paper.
In Section 1.1, we discuss some special cases of correlated samplingproblem. In Section 1.2, we give some open problems regarding these special cases. In Section 2, weprove 1.5 and use it to prove Theorem 1.3. In Section 3, we describe the correlated sampling protocolsof Broder and Holenstein, thereby proving Theorem 1.2.
Let
A, B ⊆ [ n ] be such that | A | = | B | , and consider the problem of correlated sampling with theuniform distributions P = U ( A ) and Q = U ( B ) . Then, the total variation distance between P and Q is given by d TV ( P, Q ) = 12 · k P − Q k = 12 · kU ( A ) − U ( B ) k = 1 − | A ∩ B || A | . Thus, the error probability of the correlated sampling strategy (in Theorem 1.2) is given by · d TV ( P, Q )1 + d TV ( P, Q ) = 1 − | A ∩ B || A ∪ B | (2)Rather surprisingly, in the particular case where | A ∩ B | = 1 and A ∪ B = [ n ] , Rivest [Riv16] recentlygave a protocol with smaller error probability than the one guaranteed by the correlated samplingprotocol of Theorem 1.2. Theorem 1.6 ([Riv16]) . In Definition 1.1, if
Ω = [ n ] , and the distributions P and Q are promised to be of thefollowing form, that there exist A, B ⊆ [ n ] such that | A | = | B | , | A ∩ B | = 1 , A ∪ B = [ n ] , and P = U ( A ) and Q = U ( B ) . Then, there is a correlated sampling strategy with error probability at most − / | A | . For completeness, we describe this strategy in Section 3.1. Note that for this setting of parameters, wehave that − | A | < − | A ∩ B || A ∪ B | = 1 − n , and hence Theorem 1.6 improves on the performance (eq. (2)) of the correlated sampling strategy ofTheorem 1.2. This naturally leads to the question: Can one similarly improve on the well-known orrelated sampling protocol for larger intersection sizes, for example, when | A ∩ B | is a constantfraction of | A | ? The proof of our main result (Theorem 1.3) answers this question negatively. Namely,it implies that the strategy in Theorem 1.2 is tight when | A ∩ B | = ε · | A | with ε ∈ (0 , being anabsolute constant.Note that in the extreme case where ε is very close to , Rivest’s protocol (Theorem 1.6) impliesthat Theorem 1.2 is not tight. What about the other extreme where ε is very close to ? We show thatin this case Theorem 1.2 is in fact tight. Theorem 1.7.
Let
A, B ⊆ [ n ] be such that A ∪ B = [ n ] and | A | = | B | = | A ∩ B | + 1 , and let P = U ( A ) and Q = U ( B ) . Then, the error probability of any correlated sampling strategy is at least − | A ∩ B | / | A ∪ B | . We prove Theorem 1.7 in Section 2.1.
Our work started with a conjecture due to Rivest [Riv16] which informally asserts that Broder’s Min-Hash strategy is optimal except in the case considered in Theorem 1.6. More formally,
Conjecture 1.8 (Rivest [Riv16]) . For every collection of positive integers n, a, b, ℓ with ℓ ≥ and n ≥ a + b − ℓ ,and for every pair of probabilistic strategies ( f, g ) that satisfy correctness as in 1.1, there exist A, B ⊆ [ n ] with | A | = a , | B | = b and | A ∩ B | = ℓ such that Pr[ f ( A ) = g ( B )] ≥ − ℓa + b − ℓ = 1 − | A ∩ B || A ∪ B | Our work does not resolve this conjecture for the general setting of n , a , b and ℓ . It suggests thisanswer may be asymptotically right as n → ∞ when a = αn , b = βn and ℓ = αβn , but does not evenresolve this setting. (Our set sizes are only approximately αn etc.)Even in the setting where the set sizes are allowed to vary slightly, our knowledge is somewhatincomplete. 1.5 shows optimality of the MinHash strategy when ( A, B ) ∼ D p . In this case, A and B are independent and p -biased each, so | A | ≈ p · n , | B | ≈ p · n and | A ∩ B | ≈ p · n . We point out thata simple reduction to 1.5 also implies the optimality of the well-known protocol in the case where A and B are “positively-correlated”. Specifically, consider the following distribution D p,δ on pairs ( A, B ) of subsets of [ n ] , where we first sample S ⊆ [ n ] which independently includes each elementof [ n ] with probability p/ (1 − δ ) , and then independently including every i ∈ S in each of A and B with probability − δ . In this case, | A | ≈ p · n , | B | ≈ p · n and | A ∩ B | ≈ (1 − δ ) · p · n . Even if wereveal S to both Alice and Bob, 1.5 implies a lower bound of · δ/ (1 + δ ) on the error probability,which is achieved by the MinHash strategy. It is not clear how to use a similar reduction to showoptimality in the case where A and B are “negatively-correlated”, i.e., when | A | ≈ p · n , | B | ≈ p · n and | A ∩ B | ≪ p · n .Finally the fact that Holenstein’s strategy for correlated sampling can be improved upon in thecase where P and Q are uniform distributions on different-sized subsets of the universe clearly showsthat strategy as in Theorem 1.2 is not “always optimal”. To study questions like this, one could restrictthe class of pairs ( P, Q ) and then give an optimal strategy for every P and every Q . It would beinteresting to study what would be the right measure that captures the minimal error probabilitygiven the adjacency relationship ( P, Q ) . We start by proving lower bounds on error probability in the constrained agreement problem.
Proof of 1.5.
Let p ∈ [0 , and consider the distribution D p on pairs ( A, B ) of subsets A, B ⊆ [ n ] wherefor each i ∈ [ n ] , we independently inlcude i in each of A and B with probability p . Let f be Alice’sstrategy which satisfies the property that f ( A ) ∈ A for every A ⊆ [ n ] . Similarly, let g be Bob’s strategywhich satisfies the property that g ( B ) ∈ B for every B ⊆ [ n ] .We will construct functions f ∗ and g ∗ such that err D p ( f, g ) ≥ err D p ( f ∗ , g ) ≥ err D p ( f ∗ , g ∗ ) ≥ − p )2 − p or every i ∈ [ n ] , we define β i , Pr B [ g ( B ) = i ] . Since under the distribution D p , the subsets A and B are independent, we have that when Bob’s strategy is fixed to g , the strategy of Alice that results inthe largest agreement probability is given by ∀ A ⊆ [ n ] , f ∗ ( A ) = argmax i ∈ A β i Thus, for a permutation σ of [ n ] such that β σ − (1) ≥ β σ − (2) ≥ · · · ≥ β σ − ( n ) , we have, ∀ A ⊆ [ n ] , f ∗ ( A ) = argmin i ∈ A σ ( i ) . Now, for every i ∈ [ n ] , we define α i , Pr A [ f ∗ ( A ) = i ] . When Alice’s strategy is fixed to f ∗ , thestrategy of Bob that results in the largest agreement probability is given by ∀ B ⊆ [ n ] , g ∗ ( B ) = argmax i ∈ B α i We now claim that α σ − (1) ≥ α σ − (2) ≥ · · · ≥ α σ − ( n ) , and hence, ∀ B ⊆ [ n ] , g ∗ ( B ) = argmin i ∈ B σ ( i ) This follows easily because for each i ∈ [ n ] , we have that, α i = Pr A (cid:20) (cid:18) argmin ℓ ∈ A σ ( ℓ ) (cid:19) = i (cid:21) = (1 − p ) i − · p Thus, we conclude that Pr ( A,B ) ∼D p [ f ( A ) = g ( B )] ≤ Pr ( A,B ) ∼D p [ f ∗ ( A ) = g ( B )] ≤ Pr ( A,B ) ∼D p [ f ∗ ( A ) = g ∗ ( B )]= n X i =1 Pr ( A,B ) ∼D p [ f ∗ ( A ) = g ∗ ( B ) = i ]= n X i =1 Pr A [ f ∗ ( A ) = i ] · Pr B [ g ∗ ( B ) = i ]= n X i =1 (1 − p ) · ( i − · p ≤ p − p , where the second equality uses the fact that under D p , the subsets A and B are independent. Thus,we obtain that, err D p ( f, g ) ≥ − p − p = 2(1 − p )2 − p We are now ready to prove our main result which is a lower bound on the error in correlated sampling.
Proof of Theorem 1.3.
Let δ ∈ (0 , and γ > . Assume for the sake of contradiction that there is acorrelated sampling strategy ( f ∗ , g ∗ ) that, when run on distributions at total variation distance up to δ , has error probability at most · δ δ − γ . Fix δ ′ ∈ (0 , such that · δ δ − γ < · δ ′ δ ′ < · δ δ . (3)Note that Equation (3) implies that δ ′ < δ . Consider the distribution D p over pairs ( A, B ) of subsets A, B ⊆ [ n ] where each i ∈ [ n ] is independently included in each of A and B with probability p , − δ ′ . e then have that E [ | A | ] = E [ | B | ] = p · n , and E [ | A ∩ B | ] = p · n . Moreover, by the Chernoff bound,we have that Pr A [ || A | − p · n | > p · n . ] ≤ e − p · n . / , Pr B [ || B | − p · n | > p · n . ] ≤ e − p · n . / , and Pr A,B [ || A ∩ B | − p · n | > p · n . ] ≤ e − p · n . / . Hence, by the union bound and since p ≤ , we get that with probability at least − · e − p · n . / , wehave that || A | − p · n | ≤ pn . , || B | − p · n | ≤ pn . and || A ∩ B | − p · n | ≤ p n . . Consider nowthe distributions P = U ( A ) (on Alice’s side) and Q = U ( B ) (on Bob’s side). Then, with probability atleast − · e − p · n . / , it holds that, d TV ( P, Q ) = 1 − | A ∩ B | max {| A | , | B |}≤ − p + o n (1)= δ ′ + o n (1) < δ for sufficiently large n .Note that, Yao’s minimax principle implies that any correlated sampling strategy for ( P, Q ) pairs with P = U ( A ) and Q = U ( B ) yields a constrained agreement strategy ( f, g ) for the corresponding pairs ( A, B ) of subsets. Hence, 1.5 implies that ∀ f, g, Pr ( A,B ) ∼D [ f ( A ) = g ( B )] ≥ − p )2 − p = 2 · δ ′ δ ′ (4)where ( f, g ) is any correlated sampling strategies. On the other hand, the property of the assumedstrategy ( f ∗ , g ∗ ) implies that ∃ f, g, Pr ( A,B ) ∼D [ f ( A ) = g ( B )] ≤ · δ δ − γ + o n (1) . (5)Putting Equations (4) and (5) together contradicts Equation (3) for sufficiently large n . In this section, we describe the lower bound in Theorem 1.7, which is incomparable to Theorem 1.3.
Proof of Theorem 1.7.
Let
A, B ⊆ [ n ] be such that | A | = | B | = | A ∩ B | + 1 and let P = U ( A ) and Q = U ( B ) . Assume for the sake of contradiction that there is a correlated sampling strategy withdisagreement probability < − | A ∩ B | / | A ∪ B | = 2 /n . Let D be the uniform distribution over pairs ( A, B ) of subsets of [ n ] satisfying A ∪ B = [ n ] and | A | = | B | = | A ∩ B | + 1 . Then, there is a deterministicstrategy pair ( f, g ) solving constrained agreement over D with error probability Pr ( A,B ) ∼D [ f ( A ) = g ( B )] < n . (6)Let i def = argmax ℓ ∈ [ n ] (cid:12)(cid:12)(cid:12)(cid:12)(cid:26) A ∈ (cid:18) [ n ] n − (cid:19) : f ( A ) = ℓ (cid:27)(cid:12)(cid:12)(cid:12)(cid:12) be the element that is most frequently output by Alice’s strategy f , and denote its number of oc-curences by k def = (cid:12)(cid:12)(cid:12)(cid:12)(cid:26) A ∈ (cid:18) [ n ] n − (cid:19) : f ( A ) = i (cid:27)(cid:12)(cid:12)(cid:12)(cid:12) . We consider three different cases depending on the value of k : lgorithm 1: MinHash strategy [Bro97]
Alice’s input: A ⊆ [ n ] Bob’s input: B ⊆ [ n ] Shared randomness: a random permutation π : [ n ] → [ n ] Strategy: • f ( A, π ) = π ( i A ) , where i A is the smallest index such that π ( i A ) ∈ A . • g ( B, π ) = π ( i B ) , where i B is the smallest index such that π ( i B ) ∈ B . (i) If k ≤ n − , then consider any B ⊆ [ n ] with | B | = n − . For any value of f ( B ) ∈ B , theconditional error probability Pr[ f ( A ) = g ( B ) | B ] is at least / ( n − . Averaging over all such B ,we get a contradiction to Equation (6).(ii) If k = n − , let A = A be the two subsets of [ n ] with | A | = | A | = n − such that f ( A ) = i and f ( A ) = i . For any B ⊆ [ n ] with | B | = n − such that B = A and B = A , the conditionalerror probability Pr[ f ( A ) = g ( B ) | B ] is at least / ( n − . Note that there are n − such B ’s,and that either A or A is the set [ n ] \ { i } . If B = [ n ] \ { i } , then the conditional disagreementprobability Pr[ f ( A ) = g ( B ) | B ] is at least ( n − / ( n − . Averaging over all B , we get that Pr ( A,B ) ∼D [ f ( A ) = g ( B )] ≥ (cid:18) n − (cid:19) · (cid:18) n − n (cid:19) + (cid:18) n − n − (cid:19) · (cid:18) n (cid:19) ≥ n , where the last inequality holds for any n ≥ . This contradicts Equation (6).(iii) If k = n − , then the only subset A of [ n ] with | A | = n − and such that f ( A ) = i is A = [ n ] \ { i } . For any B = A , the conditional error probability Pr[ f ( A ) = g ( B ) | B ] is at least / ( n − . On the other hand, if B = A , then the conditional error probability is equal to .Averaging over all B , we get that Pr ( A,B ) ∼D [ f ( A ) = g ( B )] ≥ (cid:18) n − (cid:19) · (cid:18) n − n (cid:19) + 1 · (cid:18) n (cid:19) = 2 n , which contradicts Equation (6). (cid:3) In this section, we describe the correlated sampling strategy that proves Theorem 1.2. First, let’s con-sider the case of flat distributions where, the distributions P and Q are promised to be of the followingform, that there exist A, B ⊆ [ n ] such that P = U ( A ) and Q = U ( B ) over the universe [ n ] . In this case,it is easy to show that the protocol given in Algorithm 1 achieves an error probability of − | A ∩ B || A ∪ B | .Since π is a random permutation, it is clear that f ( A, π ) is uniformly distributed over A and g ( B, π ) isuniformly distributed over B . Let i be the smallest index such that π ( i ) ∈ A ∪ B . The probabilitythat π ( i ) ∈ A ∩ B is exactly | A ∩ B || A ∪ B | , and this happens precisely when f ( A, π ) = g ( B, π ) . Hence, we getthe claimed error probability.The strategy desired in Theorem 1.2 can now be obtained by a reduction to the case of flat distri-butions, and subsequently using the MinHash strategy. Proof of Theorem 1.2.
Given a universe Ω , define a new universe Ω ′ = Ω × Γ , where Γ = { , γ, γ, · · · , } for a sufficiently small value of γ > . Thus, | Ω ′ | = γ ·| Ω | . Suppose we are given distributions P and Q such that d TV ( P, Q ) = δ . Define A = { ( ω, p ) ∈ Ω × Γ : p < P ( ω ) } and B = { ( ω, q ) ∈ Ω × Γ : q < Q ( ω ) } . lgorithm 2: Holenstein’s strategy [Hol07]
Alice’s input: P ∈ ∆ Ω Bob’s input: Q ∈ ∆ Ω Pre-processing:
Let Ω ′ = Ω × Γ , where Γ = { , γ, γ, · · · , } (for suitable γ > ) Shared randomness: r ∼ R as required by the MinHash strategy on Ω ′ Strategy: • Let A = { ( ω, p ) ∈ Ω × Γ : p < P ( ω ) } and B = { ( ω, q ) ∈ Ω × Γ : q < Q ( ω ) } . • Alice and Bob use MinHash strategy (Algorithm 1) with inputs A , B on universe Ω ′ to obtain ( ω A , p A ) and ( ω B , p B ) respectively. • Alice outputs ω A . • Bob outputs ω B . Holenstein’s strategy can now be simply described as follows: Alice and Bob use the MinHashstrategy on inputs A and B over the universe Ω ′ , to obtain elements ( ω A , p A ) and ( ω B , p B ) respec-tively, and they simply output ω A and ω B respectively. This strategy is summarized in Algorithm 2.It can easily seen that, | A | = P ω ∈ Ω j P ( ω ) γ k and hence, X ω ∈ Ω (cid:18) P ( ω ) γ − (cid:19) ≤ | A | ≤ X ω ∈ Ω P ( ω ) γ And hence, γ − | Ω | ≤ | A | , | B | ≤ γ Similarly, | A ∩ B | = P ω ∈ Ω min nj P ( ω ) γ k , j Q ( ω ) γ ko and | A ∪ B | = P ω ∈ Ω max nj P ( ω ) γ k , j Q ( ω ) γ ko andhence, − δγ − | Ω | ≤ | A ∩ B | ≤ − δγ δγ − | Ω | ≤ | A ∪ B | ≤ δγ The probability that Alice outputs ω A is j P ( ωA ) γ k | A | , which is bounded as, P ( ω A ) − γ ≤ j P ( ω A ) γ k | A | ≤ P ( ω A )1 − γ · | Ω | Thus, it follows that as γ → , Alice’s output is distributed according to P , and similarly Bob’s outputis distributed according to Q . Moreover, we have that, Pr[ ω A = ω B ] = 1 − | A ∩ B || A ∪ B | ≤ − − δ − γ · | Ω | δ = 2 δ + γ · | Ω | δ → δ δ This gives us the desired error probability. (cid:3)
In this section, we describe the correlated sampling strategy of [Riv16] that proves Theorem 1.6. To doso, we will need the well-known Hall’s Theorem.
Theorem 3.1 (Hall; [vLW01]) . Consider a bipartite graph G on vertex sets L and R . Then, there is a matchingthat entirely covers L if and only if for every subset S ⊆ L , we have that | S | ≤ | N G ( S ) | , where N G ( S ) denotesthe set of all neighbors of elements of S in G . lgorithm 3: Rivest’s strategy [Riv16]
Alice’s input: A ⊆ [ n ] Bob’s input: B ⊆ [ n ] Promise: | A | = | B | = k , | A ∩ B | = 1 and A ∪ B = [ n ] Pre-processing:
Let G be the bipartite graph on vertices (cid:0) [ n ] k (cid:1) × (cid:0) [ n ] k (cid:1) , with an edge between vertices A and B if | A ∩ B | = 1 . Decompose the edges of G into k disjoint matchings M , · · · , M k . Shared randomness:
Index r ∈ [ k ] Strategy: • Let ( A, B ′ ) and ( A ′ , B ) be edges present in M r . • Alice outputs the unique element in A ∩ B ′ . • Bob outputs the unique element in A ′ ∩ B . Proof of Theorem 1.6.
Alice and Bob have subsets
A, B ⊆ [ n ] respectively such that | A | = | B | = k , | A ∩ B | = 1 and A ∪ B = [ n ] . This forces n = 2 k − . Consider the bipartite graph G on vertices (cid:0) [ n ] k (cid:1) × (cid:0) [ n ] k (cid:1) , with an edge between vertices A and B if | A ∩ B | = 1 . It is easy to see that G is k -regular.Iteratively using Hall’s theorem (Theorem 3.1), we get that the edges of G can be written as a disjointunion of k matchings. Let’s denote these as M , M , · · · , M k .The strategy of Alice and Bob is as follows: Use the shared randomness to sample a random index r ∈ [ k ] and consider the matching M r . If ( A, B ′ ) is the edge present in M r , then Alice outputs theunique element in A ∩ B ′ . Similarly, if ( A ′ , B ) is the edge present in M r , then Bob outputs the uniqueelement in A ′ ∩ B . This protocol is summarized in Algorithm 3.It is easy to see that both Alice and Bob are outputting uniformly random elements in A and B respectively. Moreover, the probability that they output the same element, is exactly /k , which is theprobability of choosing the unique matching M r which contains the edge ( A, B ) (i.e. enforcing A = A ′ and B = B ′ ). (cid:3) References [BHH +
08] Boaz Barak, Moritz Hardt, Ishay Haviv, Anup Rao, Oded Regev, and David Steurer.Rounding parallel repetitions of unique games. In
Foundations of Computer Science, 2008.FOCS’08. IEEE 49th Annual IEEE Symposium on , pages 374–383. IEEE, 2008. 2[Bro97] Andrei Z Broder. On the resemblance and containment of documents. In
Compression andComplexity of Sequences 1997. Proceedings , pages 21–29. IEEE, 1997. 2, 7[Cha02] Moses S Charikar. Similarity estimation techniques from rounding algorithms. In
Proceed-ings of the thiry-fourth annual ACM symposium on Theory of computing , pages 380–388. ACM,2002. 2[GP06] Sreenivas Gollapudi and Rina Panigrahy. A dictionary for approximate string search andlongest prefix search. In
Proceedings of the 15th ACM international conference on Informationand knowledge management , pages 768–775. ACM, 2006. 2[Hol07] Thomas Holenstein. Parallel repetition: simplifications and the no-signaling case. In
Pro-ceedings of the thirty-ninth annual ACM symposium on Theory of computing , pages 411–419.ACM, 2007. 2, 8[KT02] Jon Kleinberg and Eva Tardos. Approximation algorithms for classification problems withpairwise relationships: Metric labeling and markov random fields.
Journal of the ACM(JACM) , 49(5):616–639, 2002. 2[M +
94] Udi Manber et al. Finding similar files in a large file system. In
Usenix Winter , volume 94,pages 1–10, 1994. 2[MMT10] Mark Manasse, Frank McSherry, and Kunal Talwar. Consistent weighted sampling.
Un-published technical report) http://research. microsoft. com/en-us/people/manasse , 2010. 2 Rao11] Anup Rao. Parallel repetition in projection games and a concentration bound.
SIAMJournal on Computing , 40(6):1871–1891, 2011. 2[Riv16] Ronald L. Rivest. Symmetric encryption via keyrings and ecc. http://arcticcrypt.b.uib.no/files/2016/07/Slides-Rivest.pdf , 2016. 2,3, 4, 8, 9[vLW01] Jacobus Hendricus van Lint and Richard Michael Wilson.
A course in combinatorics . Cam-bridge university press, 2001. 8. Cam-bridge university press, 2001. 8