TY - JOUR

T1 - Bloom filters in adversarial environments

AU - Naor, Moni

AU - Eylon, Yogev

N1 - Publisher Copyright:
© 2019 Association for Computing Machinery.

PY - 2019/5

Y1 - 2019/5

N2 - Many efficient data structures use randomness, allowing them to improve upon deterministic ones. Usually, their efficiency and correctness are analyzed using probabilistic tools under the assumption that the inputs and queries are independent of the internal randomness of the data structure. In this work, we consider data structures in a more robust model, which we call the adversarial model. Roughly speaking, this model allows an adversary to choose inputs and queries adaptively according to previous responses. Specifically, we consider a data structure known as a "Bloom filter" and prove a tight connection between Bloom filters in this model and cryptography. A Bloom filter represents a set S of elements approximately by using fewer bits than a precise representation. The price for succinctness is allowing for some errors: For any x ∈ S, it should always answer Yes, and for any x S it should answer Yes only with small probability. In the adversarial model, we consider both efficient adversaries (that run in polynomial time) and computationally unbounded adversaries that are only bounded in the number of queries they can make. For computationally bounded adversaries, we show that non-trivial (memory-wise) Bloom filters exist if and only if one-way functions exist. For unbounded adversaries, we show that there exists a Bloom filter for sets of size n and error ϵ that is secure against t queries and uses only O(n log 1 ϵ + t ) bits of memory. In comparison, n log 1 ϵ is the best possible under a non-adaptive adversary.

AB - Many efficient data structures use randomness, allowing them to improve upon deterministic ones. Usually, their efficiency and correctness are analyzed using probabilistic tools under the assumption that the inputs and queries are independent of the internal randomness of the data structure. In this work, we consider data structures in a more robust model, which we call the adversarial model. Roughly speaking, this model allows an adversary to choose inputs and queries adaptively according to previous responses. Specifically, we consider a data structure known as a "Bloom filter" and prove a tight connection between Bloom filters in this model and cryptography. A Bloom filter represents a set S of elements approximately by using fewer bits than a precise representation. The price for succinctness is allowing for some errors: For any x ∈ S, it should always answer Yes, and for any x S it should answer Yes only with small probability. In the adversarial model, we consider both efficient adversaries (that run in polynomial time) and computationally unbounded adversaries that are only bounded in the number of queries they can make. For computationally bounded adversaries, we show that non-trivial (memory-wise) Bloom filters exist if and only if one-way functions exist. For unbounded adversaries, we show that there exists a Bloom filter for sets of size n and error ϵ that is secure against t queries and uses only O(n log 1 ϵ + t ) bits of memory. In comparison, n log 1 ϵ is the best possible under a non-adaptive adversary.

KW - Adaptive inputs

KW - Bloom filter

KW - Pseudorandom functions

KW - Streaming algorithm

UR - http://www.scopus.com/inward/record.url?scp=85067263132&partnerID=8YFLogxK

U2 - 10.1145/3306193

DO - 10.1145/3306193

M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???

AN - SCOPUS:85067263132

SN - 1549-6325

VL - 15

JO - ACM Transactions on Algorithms

JF - ACM Transactions on Algorithms

IS - 3

M1 - 0080

ER -