Presentation on theme: "NP-Complete Problems Coloring is complete In particular, we can reduce solving any search problem to finding a valid coloring for some collection of circles!"— Presentation transcript:
NP-Complete Problems Coloring is complete In particular, we can reduce solving any search problem to finding a valid coloring for some collection of circles! So, if we could solve Coloring quickly, then P = NP Thats why we believe Coloring cant be solved quickly by any computer. We call such problems NP-Complete.
NP-complete problems Coloring Traveling Salesman Problem Knapsack problem Partition Problem
Knapsack problem We are given a set of items each having an integer weight We are given an integer capacity for the knapsack We ask if we can exactly pack the knapsack using a subset of these items
Sample Knapsack problem Item weights 2,4,9,13,17,23,32,70,123,157 Capacity is 228 Packing Capacity is 226 Packing (there are none)
Partition problem We are given a set of items each having an integer weight We are asked if we can divide all the items into 2 groups with equal total weight Is this NP-complete?
Partition problem We are given a set of items each having an integer weight We are asked if we can divide all the items into 2 groups with equal total weight Like knapsack problem Capacity of knapsack is half the total weight
Sample Partition problem Item weights 2,4,9,13,17,23,32,70,123,157 Total weight is 450 Packing = 225 Packing = 225 Why is this different from the PCP?
Other Hard Problems? There are other problems besides NP-Complete Problems that we also believe are hard. Can we be sure? No. But people have been trying to solve certain mathematical problems for centuries. So it seems reasonable to assume that nobody will figure out how to solve them soon Then again, what about Fermats Last Theorem? … People continue to work on NP-completeness.
Wrap-up Weve seen problems that computers cant solve at all, and also problems that computers probably cant solve in our lifetimes. Too much bad news? Could it ever be useful to have hard problems? Yes! Cryptography
Security and Cryptography
Cryptography Why do we care so much about hard problems? Because sometimes we want to make things hard. Protecting Privacy, Authenticity Want to make it hard for adversaries to: Steal our credit cards Impersonate us Etc. Makes it possible for companies to protect intellectual property.
Cryptography Science of making things hard for adversaries = Cryptography Dates back to Julius Caesar Caesar cipher – shift each character by a few places "UHWXUA WR URPH" encodes RETURN TO ROME Used extensively during WW 2 (and every other war) Used to encode passwords Used to prevent copying of software and data (e.g. DVD).
Requirements of a cryptosystem Easy to encode messages Hard to decode messages
One Approach... Its so complicated! It must be secure! Cryptosystem XYZ (Patent Pending)
One Approach... Extra!: Cryptosystem XYZ Broken 2 Days After Release!
One Approach... Unfortunately, this approach is often used in real life. This is one of the reasons why you hear about so many security systems being broken! Examples:DVD encryption (DeCSS), Cell phones in Europe (GSM), encoding of fonts by Adobe, many many more
More sophisticated approach Use the theory of hard search problems and the notion of reducing one problem to another. Show that if you break this security system, you do so by solving some of the worlds greatest unsolved problems first!
Encryption The most basic problem in Cryptography is Encryption: Alice Bob Private Message m
Encryption The most basic problem in Cryptography is Encryption: Alice Bob Private Message m Eve the eavesdropper
Encryption The most basic problem in Cryptography is Encryption: Alice Bob Encrypted Message E(m) Eve the eavesdropper
Encryption Have to make it easy for Bob to recover m But hard for Eve to learn anything about m Alice Bob Encrypted Message E(m) Eve the eavesdropper
Public-Key Cryptography [Diffie-Hellman 1976] Bobs Public Key Bobs Secret Key Bob Everybody knows Bobs published Public Key. Only Bob knows his private key.
Public-Key Encryption Alice uses Bobs public key to encrypt m. Bob uses his private key to recover (decrypt) m. Relationship between public and private key is such that encryption with former enables decryption with latter Alice Bob Encrypted Message E(m)
Public-Key Encryption Alice and Eve both know Bobs public key. Eve must not be able to break the encryption even though she knows the public key. Discovering private key from public key must be VERY hard. Alice Bob Encrypted Message E(m) Eve the eavesdropper
Basic Math Review Lets recall some basic mathematics: A number p is called prime if its only factors are 1 and itself. Examples:
Basic Math Review Lets recall some basic mathematics: A number p is called prime if its only factors are 1 and itself. Examples: 2, 3, 5, 7, 11, 13, 17, 19, …
Basic Math Review Lets recall some basic mathematics: A number p is called prime if its only factors are 1 and itself. Examples: 2, 3, 5, 7, 11, 13, 17, 19, … There are many prime numbers. Fact: It is known how to check quickly if a number is prime or not. So, to find a big prime number, we can just keep generating large random numbers until we find a prime.
Basic Math Review Given two primes p and q, it is easy to multiply them together: N = pq But given N, how do you find p and q quickly? i.e. how do you factor N into primes? Easy for small numbers (e.g. 6 or 35). For centuries, mathematicians have been trying to find ways to factor large numbers quickly. No one knows how! Factoring a 10,000 digit N would take centuries on the fastest computer in existence!
How do we know factoring is hard? Problem has a long history Prizes are offered and have been for a long timePrizes are offered Factoring progress happens slowly
Basic Math & Crypto We want to make it so that for Eve the eavesdropper to break our system, she would have to factor a very large number. Well (almost) do that.
The RSA Encryption Scheme [Rivest Shamir Adleman 1978] Bob picks two large primes p and q, and computes: N = pq Fact: Because Bob knows p and q, he can pick numbers e and d such that: For all m: ( m e ) d = m (Modulo N) Bob reveals e, N as his Public Key Bob retains d as his Private Key
The RSA Encryption Scheme Recall Fact: Because Bob knows p and q, he can pick numbers e and d such that: For all m: ( m e ) d = m (Modulo N) To Encrypt a message m, Alice uses Bobs public key (e, N) to compute the encrypted message: E(m) = m e (Modulo N)
The RSA Encryption Scheme Recall Fact: Because Bob knows p and q, he can pick numbers e and d such that: For all m: ( m e ) d = m (Modulo N) To Encrypt a message m, Alice uses Bobs public key (e, N) to compute the encrypted message: E(m) = m e (Modulo N) To Decrypt, Bob uses private key (d) to compute: m = (E(m)) d (Modulo N) = ( m e ) d (Modulo N)
The RSA Encryption Scheme To Encrypt a message m, Alice computes: E(m) = m e (Modulo N) The only known way to compute m from E(m) involves knowing d, which implies knowing p and q, which implies factoring N. For Eve to break this system, she would have to solve a long-standing open problem in Mathematics This is probably the most widely used Public-Key Encryption Scheme in the world. Look at Help on IE
Shifting Gears: Proofs… Bob wants to convince Alice of (prove to her) the validity of some statement (like I really am Bob!) But Bob doesnt want to reveal any of his secrets to Alice in the process… Alice Bob
Zero-Knowledge Proofs What is the least amount of information Bob can reveal, while still convincing Alice? Amazingly, it is possible for Bob to convince Alice of something without revealing any new information to Alice at all! How can that be?
Magic Tricks Magic tricks are like zero-knowledge proofs: Good magic tricks reveal nothing about how they work. What makes a magic trick good?
A Magic Trick Two balls: Purple and Red, otherwise identical Blindfolded Magician You give a random ball to magician
A Magic Trick (cont.) Magician tells you the color! Magician proves he can distinguish balls blindfolded. You learn nothing except this. Abracadabra, Goobedy goo! It is Red! Wow! Hes so cool!
A Magic Trick (cont.) You knew exactly what magician was going to do. And he did it, i.e. showed you he can do it! Since you knew to begin the magician was a magician and would get the right answer, you could not have learned anything new! Its Red! I knew he would say that.
Zero Knowledge What it means: Alice knows what is going to happen. She can produce the same answers herself: no need for magician CS-speak: Alice can simulate it herself! Abracadabra, Goobedy goo! It is Red! Simulation
Another Magic Trick Magician asks you to think of either Apple or Banana Magician then gives you a sealed box.
Mind Reading You tell Magician what you were thinking. I was thinking of a banana.
Banana Mind Reading (cont.) Magician tells you to open box, and read piece of paper in box. Magician proves he can predict what you will say. How did he do that!!
Mind Reading (cont.) Again, you knew what was going to happen. If you believed magician was indeed a magician, you learn nothing new Zero-Knowledge Magician just shows you that he can do it you can simulate it yourself I was thinking of a banana. Simulation Banana
Mind Reading (cont.) But why do you believe the magician is more special than you? Because Magician committed to his guess before you told him. Commitment is the key.
Cryptographic Commitment Public Key Encryption Scheme To commit to a string x, I send y = E(x). like putting it in the box To open the commitment (box), I use my secret key. Commitment is secret. And I cant change my mind about x once Ive sent the encryption.
ZK Proofs for NP- Complete Problems I tell you I have a solution to an NP- Complete problem, but I wont tell you what the solution is You can ask me questions, and my answers will reveal that I have a solution, but they wont reveal what the solution is
NP-Complete Problems Remember we can reduce any search problem to Coloring.
ZK Proof for Coloring Input: Collection of circles. Magician Claims to Know: Coloring using R, B, G Multi-step protocol. In each step: First, Magician picks random permutation : R,B,G R,B,G, and applies to coloring:
ZK Proof (cont.) Verifier (Alice) chooses a random pair of nodes to verify
ZK Proof (cont.) Magician decrypts those nodes and shows theyre colored in valid way
Can Simulate Magician Each Time Only difference is that a simulator wont know a valid coloring (NP-Complete problem)
Simulated ZK Proof Interaction
ZK Proof: Analysis Suppose Magician is an imposter: does not know a valid coloring. Then at least one pair of connected circles will have colors equal (color equality survives permutation). Alice catches Magician cheating with probability at least 1/n 2. Repeat protocol 100 n 2 times, Alice catches Magician cheating almost always!
ZK Proof: Analysis (cont.) Simulator/imposter can produce the same results each time (just needs to produce different colorings for the two edges) Since magician permutes randomly each time: Each result from simulator (or imposter) is in itself indistinguishable from what magician sends Verifier cannot put together graph from the pairs (cannot gain knowledge; so zero-knowledge)
ZK Proof: Analysis (cont.) Key difference between magician & imposter: Magician knows valid coloring, can commit to it, and wont be caught in pairwise game Simulator/imposter does not, and will ultimately be caught But commitments are secret, by security of encryption scheme. Simulator output and real life are indistinguishable to an eavesdropper, who cannot tell if magician is imposter or not
Wrap-up Today we saw some examples illustrating techniques from modern cryptography: Encryption Zero Knowledge Proofs