Chi-Jen Lu

A linear-time component-labeling algorithm using contour tracing technique

A new linear-time algorithm is presented in this paper that simultaneously labels connected components (to be referred to merely as components in this paper) and their contours in binary images. The main step of this algorithm is to use a contour tracing technique to detect the external contour and possible internal contours of each component, and also to identify and label the interior area of each component. Labeling is done in a single pass over the image, while contour points are revisited more than once, but no more than a constant number of times. Moreover, no re-labeling is required throughout the entire process, as it is required by other algorithms. Experimentation on various types of images (characters, half-tone pictures, photographs, newspaper, etc.) shows that our method outperforms methods that use the equivalence technique. Our algorithm not only labels components but also extracts component contours and sequential orders of contour points, which can be useful for many applications.

Encryption against Storage-Bounded Adversaries from On-Line Strong Extractors

AbstractWe study the problem of information-theoretically secure encryption in the bounded-storage model introduced by Maurer. The sole assumption of this model is a limited storage bound on an eavesdropper Eve, who is even allowed to be computationally unbounded. Suppose a sender Alice and a receiver Bob agreed on a short private key beforehand, and there is a long public random string accessible by all parties, say broadcast from a satellite or sent by Alice. Eve can only store some partial information of this long random string due to her limited storage. Alice and Bob read the public random string using the shared private key, and produce a one-time pad for encryption or decryption. In this setting, Aumann et al. proposed protocols with a nice property called everlasting security, which says that the security holds even if Eve later manages to obtain that private key. Ding and Rabin gave a better analysis showing that the same private key can be securely reused for an exponential number of times, against some adaptive attacks. We show that an encryption scheme with such nice properties can be derived immediately from any strong randomness extractor, a function which extracts randomness from a slightly random source, so that its output and its seed together are almost random. To have an efficient encryption scheme, one needs a strong extractor that can be evaluated in an on-line and efficient way. We give one such construction, which yields an encryption scheme that has the nice security properties as before but now can encrypt longer messages using shorter private keys.

Conditional Computational Entropy, or Toward Separating Pseudoentropy from Compressibility

We study conditional computational entropy: the amount of randomness a distribution appears to have to a computationally bounded observer who is given some correlated information. By considering conditional versions of HILL entropy (based on indistinguishability from truly random distributions) and Yao entropy (based on incompressibility), we obtain: a separation between conditional HILL and Yao entropies (which can be viewed as a separation between the traditional HILL and Yao entropies in the shared random string model, improving on Wees 2004 separation in the random oracle model); the first demonstration of a distribution from which extraction techniques based on Yao entropy produce more pseudorandom bits than appears possible by the traditional HILL-entropy-based techniques; a new, natural notion of unpredictability entropy, which implies conditional Yao entropy and thus allows for known extraction and hardcore bit results to be stated and used more generally.

Oblivious polynomial evaluation and oblivious neural learning

We study the problem of oblivious polynomial evaluation (OPE). There are two parties, Alice who has a polynomial P, and Bob who has an input x. The goal is for Bob to compute P(x) in such a way that Alice learns nothing about x and Bob learns only what can be inferred from P(x). Previously existing protocols were based on some newly-invented intractability assumptions that have not been well studied, so one may have doubts about the security of these protocols. In this paper, we propose OPE protocols which are only based on the standard primitive oblivious transfer, and still our protocols are more efficient in several natural cases. Our protocols can also be easily modified to handle multivariate polynomials and polynomials over floating-point numbers. As an application, we study the problem of oblivious neural learning, where one party has a neural network and the other, with some training set, wants to train the neural network in an oblivious way. We provide a protocol for this problem, which is based on our protocol for OPE.

Oblivious Polynomial Evaluation and Oblivious Neural Learning

We study the problem of Oblivious Polynomial Evaluation (OPE). There are two parties, Alice who has a polynomial P, and Bob who has an input x. The goal is for Bob to compute P(x) in such way that Alice learns nothing about x and Bob learns only what can be inferred from P(x). Previously existing protocols are based on some intractability assumptions that have not been well studied [15,14], and these protocols are only applicable for polynomials over finite fields. In this paper, we propose efficient OPE protocols which are based on Oblivious Transfer only. Unlike that of [15], slight modifications to our protocols immediately give protocols to handle multi-variate polynomials and polynomials over floating-point numbers. Many important real-world applications deal with floating-point numbers, instead of integers or arbitrary finite fields, and our protocols have the advantage of operating directly on floating-point numbers, instead of going through finite field simulation as that of [14]. As an example, we give a protocol for the problem of Oblivious Neural Learning, where one party has a neural network and the other, with some training set, wants to train the neural network in an oblivious way.

Improved Pseudorandom Generators for Combinatorial Rectangles

We construct a pseudorandom generator which uses bits and approximates the volume of any combinatorial rectangle in to within error. This improves on the previous construction using bits by Armoni, Saks, Wigderson, and Zhou [4]. For a subclass of rectangles with at most nontrivial dimensions and each dimension being an interval, we also give a pseudorandom generator using bits. This again improves the previous upper bound by Chari, Rohatgi, and Srinivasan [5].

Hyper-encryption against Space-Bounded Adversaries from On-Line Strong Extractors

We study the problem of information-theoretically secure encryption in the bounded-storage model introduced by Maurer [10]. The sole assumption of this model is a limited storage bound on an eavesdropper Eve, who is even allowed to be computationally unbounded. Suppose a sender Alice and a receiver Bob agreed on a short private key beforehand, and there is a long public random string accessible by all parties, say broadcast from a satellite or sent by Alice. Eve can only store some partial information of this long random string due to her limited storage. Alice and Bob read the public random string using the shared private key, and produce a one-time pad for encryption or decryption. In this setting, Aumann, Ding, and Rabin [2] proposed protocols with a nice property called everlasting security, which says that the security holds even if Eve later manages to obtain that private key. Ding and Rabin [5] gave a better analysis showing that the same private key can be securely reused for an exponential number of times, against some adaptive attacks.We study this problem from the approach of constructing randomness extractors ([13,11,16,15] and more), which seems to provide a more intuitive understanding together with some powerful tools. A strong extractor is a function which purifies randomness from a slightly random source using a short random seed as a catalyst, so that its output and its seed together look almost random. We show that any strong extractor immediately yields an encryption scheme with the nice security properties of [2,5]. To have an efficient encryption scheme, we need strong extractors which can be evaluated in an on-line and efficient way. We give one such construction. This yields an encryption scheme, which has the same nice security properties as before but now can encrypt longer messages using a shorter private key. In addition, our scheme works even when the long public random string is not perfectly random, as long as it contains enough amount of randomness.

On the parallel computation of the algebraic path problem

The algebraic path problem is a general description of a class of problems, including some important graph problems such as transitive closure, all pairs shortest paths, minimum spanning tree, etc. In this work, the algebraic path problem is solved on a processor array with a reconfigurable bus system. The proposed algorithms are based on repeated matrix multiplications. The multiplication of two n*n matrices takes O(log n) time in the worst case, but, for some special cases, O(1) time is possible. It is shown that three instances of the algebraic path problem, transitive closure, all pairs shortest paths, and minimum spanning tree, can be solved in O(log n) time, which is as fast as on the CRCW PRAM. >

Extracting randomness from multiple independent sources

We study the problem of deterministically extracting almost perfect random bits from multiple weakly random sources that are mutually independent. With two independent sources, we have an explicit extractor which can extract a number of random bits that matches the best construction currently known, via the generalized leftover hash lemma. We also extend our construction to extract randomness from more independent sources. One nice feature is that the extractor still works even with all but one source exposed. Finally, we apply our extractor for a cryptographic task in which a group of parties wants to agree on a secret key for group communication over an insecure channel, without using ideal local randomness.

Derandomizing Arthur--Merlin games under uniform assumptions

Abstract. We study how the nondeterminism versus determinism problem and the time versus space problem are related to the problem of derandomization. In particular, we show two ways of derandomizing the complexity class AM under uniform assumptions, which was only known previously under nonuniform assumptions. First, we prove that either AM = NP or it appears to any nondeterministic polynomial time adversary that NP is contained in deterministic subexponential time infinitely often. This implies that to any nondeterministic polynomial time adversary, the graph nonisomorphism problem appears to have subexponential-size proofs infinitely often, the first nontrivial derandomization of this problem without any assumption. Next, we show that either all of BPP = P, AM = NP, and