On Combinatorial vs Algebraic Computational Problems Boaz Barak – MSR New England Based on joint works with Benny Applebaum, Guy Kindler, David Steurer,

Slides:



Advertisements
Similar presentations
Asymptotically Optimal Communication for Torus- Based Cryptography David Woodruff MIT Joint work with Marten van Dijk Philips/MIT.
Advertisements

Public-Key Encryption from Different Assumptions Benny Applebaum Boaz Barak Avi Wigderson.
The Unique Games Conjecture and Graph Expansion School on Approximability, Bangalore, January 2011 Joint work with S Prasad Raghavendra Georgia Institute.
Boaz Barak – Microsoft Research Partially based on joint work with Jonathan Kelner (MIT) and David Steurer (Cornell) Sum of Squares Proofs and The Quest.
Time-Space Tradeoffs in Resolution: Superpolynomial Lower Bounds for Superlinear Space Chris Beck Princeton University Joint work with Paul Beame & Russell.
Course summary COS 433: Crptography -Spring 2010 Boaz Barak.
Dana Moshkovitz MIT Joint work with Subhash Khot, NYU 1.
FORMAL LANGUAGES, AUTOMATA AND COMPUTABILITY
NP-complete and NP-hard problems Transitivity of polynomial-time many-one reductions Concept of Completeness and hardness for a complexity class Definition.
Games, Proofs, Norms, and Algorithms Boaz Barak – Microsoft Research Based (mostly) on joint works with Jonathan Kelner and David Steurer.
Rounding Sum of Squares Relaxations Boaz Barak – Microsoft Research Joint work with Jonathan Kelner (MIT) and David Steurer (Cornell) workshop on semidefinite.
Boaz Barak – Microsoft Research Partially based on joint work with Jonathan Kelner (MIT) and David Steurer (Cornell) Sum of Squares Proofs and The Quest.
Inapproximability from different hardness assumptions Prahladh Harsha TIFR 2011 School on Approximability.
Phase Transitions of PP-Complete Satisfiability Problems D. Bailey, V. Dalmau, Ph.G. Kolaitis Computer Science Department UC Santa Cruz.
Approximation Algoirthms: Semidefinite Programming Lecture 19: Mar 22.
Semidefinite Programming
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
Oded Regev Tel-Aviv University On Lattices, Learning with Errors, Learning with Errors, Random Linear Codes, Random Linear Codes, and Cryptography and.
Analysis of Algorithms CS 477/677
1 Backdoors To Typical Case Complexity Ryan Williams Carnegie Mellon University Joint work with: Carla Gomes and Bart Selman Cornell University.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Anuj Dawar.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
1 Slides by Asaf Shapira & Michael Lewin & Boaz Klartag & Oded Schwartz. Adapted from things beyond us.
Hardness Results for Problems
Pablo A. Parrilo ETH Zürich Semialgebraic Relaxations and Semidefinite Programs Pablo A. Parrilo ETH Zürich control.ee.ethz.ch/~parrilo.
C HAPTER 13 Asymmetric Key Cryptography Slides adapted from "Foundations of Security: What Every Programmer Needs To Know" by Neil Daswani, Christoph Kern,
Dana Moshkovitz, MIT Joint work with Subhash Khot, NYU.
Chapter 12 Cryptography Explained. Search Problems Specified by an algorithm C Two inputs ◦ I is the instance. ◦ S is the solution. ◦ Must complete in.
Complexity Classes Kang Yu 1. NP NP : nondeterministic polynomial time NP-complete : 1.In NP (can be verified in polynomial time) 2.Every problem in NP.
Nattee Niparnan. Easy & Hard Problem What is “difficulty” of problem? Difficult for computer scientist to derive algorithm for the problem? Difficult.
Great Theoretical Ideas in Computer Science.
NP Complexity By Mussie Araya. What is NP Complexity? Formal Definition: NP is the set of decision problems solvable in polynomial time by a non- deterministic.
Short course on quantum computing Andris Ambainis University of Latvia.
Information Security -- Part II Public-Key Encryption and Hash Functions Frank Yeong-Sung Lin Information Management Department National Taiwan University.
Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.
EMIS 8373: Integer Programming NP-Complete Problems updated 21 April 2009.
Fast algorithm for the Shortest Vector Problem er (joint with Aggarwal, Dadush, and Stephens-Davidowitz) Oded Regev Courant Institute, NYU UC Irvine, Sloan.
PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
Umans Complexity Theory Lectures Lecture 1a: Problems and Languages.
NP-Complete Problems. Running Time v.s. Input Size Concern with problems whose complexity may be described by exponential functions. Tractable problems.
NP-COMPLETE PROBLEMS. Admin  Two more assignments…  No office hours on tomorrow.
Bayesianism, Convexity, and the quest towards Optimal Algorithms Boaz Barak Harvard UniversityMicrosoft Research.
Lattice-based cryptography and quantum Oded Regev Tel-Aviv University.
Unique Games Approximation Amit Weinstein Complexity Seminar, Fall 2006 Based on: “Near Optimal Algorithms for Unique Games" by M. Charikar, K. Makarychev,
Balance and Filtering in Structured Satisfiability Problems Henry Kautz University of Washington joint work with Yongshao Ruan (UW), Dimitris Achlioptas.
1 CPSC 320: Intermediate Algorithm Design and Analysis July 30, 2014.
Week 4 - Wednesday.  What did we talk about last time?  Finished DES  AES.
Chapter 11 Introduction to Computational Complexity Copyright © 2011 The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 1.
NP Completeness Piyush Kumar. Today Reductions Proving Lower Bounds revisited Decision and Optimization Problems SAT and 3-SAT P Vs NP Dealing with NP-Complete.
Why almost all satisfiable k - CNF formulas are easy? Danny Vilenchik Joint work with A. Coja-Oghlan and M. Krivelevich.
Boaz Barak (MSR New England) Fernando G.S.L. Brandão (Universidade Federal de Minas Gerais) Aram W. Harrow (University of Washington) Jonathan Kelner (MIT)
CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz.
Yuan Zhou Carnegie Mellon University Joint works with Boaz Barak, Fernando G.S.L. Brandão, Aram W. Harrow, Jonathan Kelner, Ryan O'Donnell and David Steurer.
Key Exchange in Systems VPN usually has two phases –Handshake protocol: key exchange between parties sets symmetric keys –Traffic protocol: communication.
Hard Problems Some problems are hard to solve.  No polynomial time algorithm is known.  E.g., NP-hard problems such as machine scheduling, bin packing,
Fernando G.S.L. Brandão MSR -> Caltech Faculty Summit 2016
P & NP.
Polynomial integrality gaps for
Introduction to Quantum Computing Lecture 1 of 2
Polynomial Norms Amir Ali Ahmadi (Princeton University) Georgina Hall
Sum of Squares, Planted Clique, and Pseudo-Calibration
Possibilities and Limitations in Computation
Background: Lattices and the Learning-with-Errors problem
Cryptography Lecture 24.
Introduction to PCP and Hardness of Approximation
NP-Complete Problems.
Lattices. Svp & cvp. lll algorithm. application in cryptography
On The Quantitative Hardness of the Closest Vector Problem
Presentation transcript:

On Combinatorial vs Algebraic Computational Problems Boaz Barak – MSR New England Based on joint works with Benny Applebaum, Guy Kindler, David Steurer, and Avi Wigderson Erdős Centennial, Budapest, July 2013

Heuristic Classification of Computational Problems “Combinatorial” / “Unstructured” “Algebraic” / “structured” Boolean Satisfiability, Graph Coloring, Clique, Stable Set, … Integer Factoring, Primality Testing, Discrete Logarithm, Matrix Multiplication, … Simple algorithms (greedy, convex optimization, ….) Surprising algorithms (cancellations, manipulations,…) Useful for Private-Key Cryptography Useful for (private and) Public-Key Crypto

Heuristic Classification of Computational Problems “Combinatorial” / “Unstructured” “Algebraic” / “structured” Boolean Satisfiability, Graph Coloring, Clique, Stable Set, … Integer Factoring, Primality Testing, Discrete Logarithm, Matrix Multiplication, … Simple algorithms (greedy, convex optimization, ….) Surprising algorithms (cancellations, manipulations,…) Useful for Private-Key Cryptography Useful for (private and) Public-Key Crypto Unproven Thesis: Classification captures a real phenomena. For many “combinatorial” problems, “best” algorithm is one of few possibilities.

Research Questions Can we make this classification formal? Can we predict whether combinatorial problems are easy or hard? Is there a general way to figure out the optimal algorithm for a combinatorial problem? Could be particularly useful for average-case problems. Is algebraic structure necessary for exponential quantum speedup? What could we do with an 100 qubit quantum computer? Is algebraic structure necessary for public key cryptography? Can we build public key cryptosystems resilient to quantum attacks? Principled reasons to assume non-existence of surprising classical attacks?

This Talk Can we make this classification formal? Can we predict whether combinatorial problems are easy or hard? Is there a general way to figure out the optimal algorithm for a combinatorial problem? Could be particularly useful for average-case problems. Is algebraic structure necessary for exponential quantum speedup? What could we do with an 100 qubit quantum computer? Is algebraic structure necessary for public key cryptography? Can we build public key cryptosystems resilient to quantum attacks? Principled reasons to assume non-existence of surprising classical attacks? Phase transition between “combinatorial” and “algebraic” regimes “meta-conjecture” on optimal algorithm for random constraint satisfaction problems. [B-Kindler-Steurer ‘13] Construction of public key encryption from random CSPs, expansion problems on graphs. [Applebaum-B-Wigderson ‘10]

Part I: Average-Case Complexity of Combinatorial Problems Canonical way of showing hardness: web of reductions Almost no reductions for average-case complexity. Main Issue: Reductions don’t maintain natural input distributions. As a result, in average-case complexity we have a collection of problems with very few relations known between them (Integer Factoring, Random k-SAT, Planted Clique, Learning Parity with Noise, …) A solverB solver

Alternative Approach to Showing Hardness Instead of conjecturing one problem hard and reducing many problems to it… Main Challenge: Can we find such conjecture that is both true and useful? What evidence can support such a conjecture? Attempt [B-Kindler-Steurer’13] : The basic semi-definite program is optimal for random constraint satisfaction problems. Next: Precise formulation Applications Evidence Natural convex optimization See also [Raghavendra ‘08]

Optimal Algorithm for Random CSP’s Prototypical combinatorial problem:

Optimal Algorithm for Random CSP’s Prototypical combinatorial problem:

Predicate 3XOR 3SAT MAX-CUT

Predicate 3XOR 3SAT MAX-CUT

Applications: Hardness of approx for Expanding Label Cover, Densest Subgraph, characterization of “approximation resistant” predicates. Evidence: Coincides with Feige’s Hypothesis for 3-ary predicates. Sometimes proven that potentially stronger algorithms (SDP hierarchies) do not outperform Basic CSP. Some hardness of approximation “predictions” verified. [Chan ‘13]

Part II: Structure and Public Key Crypto Public Key Cryptography (Diffie-Hellman ‘76): Two parties can communicate confidentially without a shared secret key All widely deployed variants based on Integer Factoring or related problems (RSA, discrete log, elliptic curve dlog, etc..). Significant structure: Quantum polynomial time algorithm [Shor ‘94]. Can we be sure the current classical algorithms are optimal? e.g., halving the exponent for factoring will square the key size for RSA and will increase running time to the 4 th to 6 th power.

Is Structure needed for Public Key Crypto? Current best (only?) public-key alternative: Lattice-based crypto. Useful for public key crypto Hardness of lattice problems for given approximation factor* Polynomial time Is there “combinatorial”/”unstructured” public-key crypto? “structured”? Perhaps give more confidence that known attacks are optimal?

Public-Key Crypto from Random 3SAT Theorem 1 [Applebaum-B-Wigderson ’10] : Can build public-key crypto from (problem related to) random 3SAT Hard? “unstructured”? Useful for PKC Polynomial time “structured”? Hardness of random 3SAT for given number of clauses* Not a satisfactory answer….

Public-Key Crypto from Random 3SAT Theorem 1 [Applebaum-B-Wigderson ’10] : Can build public-key crypto from (problem related to) random 3SAT Hardness of random 3SAT for given number of clauses* Hard? “unstructured”? Useful for PKCPolynomial time “structured”? Not a satisfactory answer….

Hard? “unstructured”? Useful for PKC Polynomial time “structured”? Theorem 2 [Applebaum-B-Wigderson ’10] : Can build PKC from (problem related to) random 3SAT in “unstructured regime” and random “unbalanced expansion” problem. …but structure and critical parameters are yet to be fully understood. Not (yet?) a satisfactory answer….

(Some of the many) Open Questions Justify/refute intuition that some classes of problems have single optimal algorithm. Find more “meta-conjectures” on optimal algorithms. Vefirify/refute hardness-of-approx predictions of [BKS] hypothesis. More candidate public key cryptosystems.... and better ways to classify their “structure”. Relations between structure and quantum speedup....candidate hard distributions for combinatorial problems with quantum speedup?... in particular for under-constrained CSP’s (see [Achlioptas Coja-Oghlan ‘12] )

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.