Also, there is an issue that beyond *computation* the naive *representation* for a Bayesian model on an event with n underlying variables takes 2^n numbers. But of course all the examples above are that sometimes in CS we find non naive representations (and indeed in the examples above I deliberately didn’t distinguish between computation and representation, or algorithms and data structures).

]]>Let’s hope I manage to do so :)

I am probably not going to discuss it in the language of lattices but talk about noisy linear equations, and would definitely not talk about worst-case to average-case reductions, but rather pick some natural sounding average-case assumption and start from there.

The main intuition I want to convey to students is to start by building a cryptosystem under the (false) assumption that you can’t do Gaussian elimination, and then use the property that Gaussian elimination is very brittle with respect to noise. This issue of noise in solving equations, and the difference between modular and real equations (where you can do least square minimization) should resonate with other topics the students might be interested in. I also want to talk about the relation with learning that is today a hot topic.

Already when talking about pseudorandom generators I will talk (as you do in your book) about LFSR and how you can try to make them secure by adding non-linearity, so in some sense this is not that far from lattice based cryptosystems.

Already in 2010 I taught at Princeton’s undergrad crypto (the approximate-gcd based variant of) Gentry’s original scheme (see http://www.cs.princeton.edu/courses/archive/spring10/cos433/ ) though arguably these were not the easiest lectures to follow in that class :) Luckily there have been considerable simplifications since then.

Even if their current constructions are not (yet?) ready for practical implementations, I still find FHE (and also obfuscation) to be useful pedagogical tools so the students can get some intuition as to what kind of tools one might hope for in crypto.

]]>I wanted to talk about new algorithms for massively parallel computation (aka MapReduce) with focus on both computation and communication (http://grigory.us/#mapreduce); lp-testing — a new model for noisy data analysis (http://grigory.us/#lp-testing) and developing targeted alternatives to bulk data collection (http://grigory.us/#pnas-privacy, I believe Steven might have mentioned this too).

As a big fan of both SODA and ITCS I think an interesting open problem is whether it might be possible to colocate ITCS and SODA in the future to remove the unnecessary logistical overhead of traveling between the two.

]]>A similar “anthropic” point of view explains the price of milk. Is the price of milk set according to the NE? No, but hiring a consultant to figure out how to improve its price would probably cost more than it’s worth.

]]>Let me mention something which has been bothering me with how the scaling result (for any vectors in general position in can there exists a linear map so that ), or at least its proof using convex programming, has been attributed to Barthe in recent TCS papers. For one thing, while Barthe analyzes the same convex program (it gives the constant factors in both BL and RBL), he does not prove the scaling result itself, as far as I can tell. He could have done that, and reduced his analysis to the “geometric” special case of BL and RBL, but his presentation is different. For another, a more general result about scaling PSD matrices (the result above is the special case for rank one matrices) was proved by Gurvits and Samorodnitsky in their work on approximating mixed discriminants and mixed volumes http://link.springer.com/article/10.1007%2Fs00454-001-0083-2. Their proof is exactly the one via convex programming attributed to Barthe (or rather its higher-rank generalization): look at section 3 of their paper. And the conference version of their paper is from STOC 2000, which is even before Forster’s paper, although Forster seems to not have been aware of it.

BTW I am calling this a scaling result, because it is analogous to, and in fact generalizes, non-negative matrix scaling (the problem of scaling the rows and columns of a non-negative matrix to make it doubly stochastic). How to do matrix scaling via convex programming was known already in the 90s.

]]>