233-234233-234 Sedgewick & Wayne (2004); Chazelle (2005) Sedgewick & Wayne (2004); Chazelle (2005)

Slides:



Advertisements
Similar presentations
Strict Polynomial-Time in Simulation and Extraction Boaz Barak & Yehuda Lindell.
Advertisements

Efficient Zero-Knowledge Proof Systems Jens Groth University College London.
Reducibility Class of problems A can be reduced to the class of problems B Take any instance of problem A Show how you can construct an instance of problem.
What is Intractable? Some problems seem too hard to solve efficiently. Question 1: Does an efficient algorithm exist?  An O(a ) algorithm, where a > 1,
Theory of Computing Lecture 16 MAS 714 Hartmut Klauck.
Dana Moshkovitz. Back to NP L  NP iff members have short, efficiently checkable, certificates of membership. Is  satisfiable?  x 1 = truex 11 = true.
Probabilistically Checkable Proofs Madhu Sudan MIT CSAIL 09/23/20091Probabilistic Checking of Proofs TexPoint fonts used in EMF. Read the TexPoint manual.
Zero-Knowledge Proofs J.W. Pope M.S. – Mathematics May 2004.
PCPs and Inapproximability Introduction. My T. Thai 2 Why Approximation Algorithms  Problems that we cannot find an optimal solution.
Complexity 18-1 Complexity Andrei Bulatov Probabilistic Algorithms.
Computability and Complexity 13-1 Computability and Complexity Andrei Bulatov The Class NP.
1 Slides by Roel Apfelbaum & Eti Ezra. Enhanced by Amit Kagan. Adapted from Oded Goldreich’s course lecture notes.
1 Adapted from Oded Goldreich’s course lecture notes.
Data-Powered Algorithms - I Bernard Chazelle Princeton University Bernard Chazelle Princeton University.
CSE 326: Data Structures NP Completeness Ben Lerner Summer 2007.
Zero-Knowledge Proof System Slides by Ouzy Hadad, Yair Gazelle & Gil Ben-Artzi Adapted from Ely Porat course lecture notes.
Digital Envelopes, Zero Knowledge, and other wonders of modern cryptography (How computational complexity enables digital security & privacy) Guy Rothblum.
Computational Complexity, Physical Mapping III + Perl CIS 667 March 4, 2004.
Introduction to Modern Cryptography, Lecture 7/6/07 Zero Knowledge and Applications.
CSE 421 Algorithms Richard Anderson Lecture 27 NP Completeness.
CS151 Complexity Theory Lecture 13 May 11, CS151 Lecture 132 Outline Natural complete problems for PH and PSPACE proof systems interactive proofs.
Sedgewick & Wayne (2004); Chazelle (2005) Sedgewick & Wayne (2004); Chazelle (2005)
Zero Knowledge Proofs. Interactive proof An Interactive Proof System for a language L is a two-party game between a verifier and a prover that interact.
CS151 Complexity Theory Lecture 15 May 18, CS151 Lecture 152 Outline IP = PSPACE Arthur-Merlin games –classes MA, AM Optimization, Approximation,
The Power of Randomness in Computation 呂及人中研院資訊所.
Lecture 20: April 12 Introduction to Randomized Algorithms and the Probabilistic Method.
Introduction to Modern Cryptography, Lecture 9 More about Digital Signatures and Identification.
Quadratic Residuosity and Two Distinct Prime Factor ZK Protocols By Stephen Hall.
Randomness – A computational complexity view Avi Wigderson Institute for Advanced Study.
Of 28 Probabilistically Checkable Proofs Madhu Sudan Microsoft Research June 11, 2015TIFR: Probabilistically Checkable Proofs1.
CSCI 3130: Formal languages and automata theory Andrej Bogdanov The Chinese University of Hong Kong Interaction,
The Power and Weakness of Randomness (when you are short on time) Avi Wigderson School of Mathematics Institute for Advanced Study.
CS151 Complexity Theory Lecture 13 May 11, Outline proof systems interactive proofs and their power Arthur-Merlin games.
EMIS 8373: Integer Programming NP-Complete Problems updated 21 April 2009.
Presented by: Suparita Parakarn Kinzang Wangdi Research Report Presentation Computer Network Security.
CSCI 3160 Design and Analysis of Algorithms Tutorial 10 Chengyu Lin.
Interactive proof systems Section 10.4 Giorgi Japaridze Theory of Computability.
Zero-knowledge proof protocols 1 CHAPTER 12: Zero-knowledge proof protocols One of the most important, and at the same time very counterintuitive, primitives.
Umans Complexity Theory Lectures Lecture 1a: Problems and Languages.
CSC 3130: Automata theory and formal languages Andrej Bogdanov The Chinese University of Hong Kong Interaction,
Limits to Computation How do you analyze a new algorithm? –Put it in the form of existing algorithms that you know the analysis. –For example, given 2.
Computability Heap exercise. The class P. The class NP. Verifiers. Homework: Review RELPRIME proof. Find examples of problems in NP.
CSCI-256 Data Structures & Algorithm Analysis Lecture Note: Some slides by Kevin Wayne. Copyright © 2005 Pearson-Addison Wesley. All rights reserved. 29.
CSCI 3130: Formal languages and automata theory Andrej Bogdanov The Chinese University of Hong Kong Interaction,
CSCI 2670 Introduction to Theory of Computing November 17, 2005.
CS6045: Advanced Algorithms NP Completeness. NP-Completeness Some problems are intractable: as they grow large, we are unable to solve them in reasonable.
Chapter 11 Introduction to Computational Complexity Copyright © 2011 The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 1.
NPC.
Complexity 24-1 Complexity Andrei Bulatov Interactive Proofs.
NP ⊆ PCP(n 3, 1) Theory of Computation. NP ⊆ PCP(n 3,1) What is that? NP ⊆ PCP(n 3,1) What is that?
Zero-Knowledge Proofs Ben Hosp. Classical Proofs A proof is an argument for the truth or correctness of an assertion. A classical proof is an unambiguous.
CS 154 Formal Languages and Computability May 10 Class Meeting Department of Computer Science San Jose State University Spring 2016 Instructor: Ron Mak.
The NP class. NP-completeness Lecture2. The NP-class The NP class is a class that contains all the problems that can be decided by a Non-Deterministic.
David Evans CS588: Security and Privacy University of Virginia Computer Science Lecture 15: From Here to Oblivion.
CSE 332: NP Completeness, Part II Richard Anderson Spring 2016.
Zero Knowledge r Two parties:  All powerful prover P  Polynomially bounded verifier V r P wants to prove a statement to V with the following properties:
Feige-Fiat-Shamir Zero Knowledge Proof Based on difficulty of computing square roots mod a composite n Given two large primes p, q and n=p * q, computing.
Complexity Classes.
Topic 36: Zero-Knowledge Proofs
Property Testing (a.k.a. Sublinear Algorithms )
Probabilistic Algorithms
Introduction to Randomized Algorithms and the Probabilistic Method
Zero Knowledge Anupam Datta CMU Fall 2017
Lecture 22 Complexity and Reductions
CSCI 2670 Introduction to Theory of Computing
Interactive Proofs Adapted from Oded Goldreich’s course lecture notes.
Interactive Proofs Adapted from Oded Goldreich’s course lecture notes.
Interactive Proofs Adapted from Oded Goldreich’s course lecture notes.
Lecture 22 Complexity and Reductions
Interactive Proofs Adapted from Oded Goldreich’s course lecture notes.
Presentation transcript:

Sedgewick & Wayne (2004); Chazelle (2005) Sedgewick & Wayne (2004); Chazelle (2005)

Linear-reduces: Cost of reduction is proportional to size of input

 Traveling Salesman Problem

Best known algorithm takes exponential time!

P NP Problems that can be solved in polynomial time Problems that have polynomial time proofs If input size = N, then time is O(N ) c Suffices to look at Yes/No problems

3-Coloring Not known to be in P

3-Coloring But is in NP

A polynomial time proof of 3-Coloring

Don’t all problems have polynomial time proofs? Piano mover’s problem Winning strategies

P NP Problems that can be solved in polynomial time Problems that have polynomial time proofs (Note that P is symmetric with yes/no but NP is not) COMPOSITE is in NP (easy); so is PRIME (hard)

 P = NP ?

P NP Problems that can be solved in polynomial time Problems that have polynomial time proofs NP-Complete: Any problem A in NP such that any problem in NP polynomial-reduces to it Over 10,000 known NP-complete problems !

FACTORING Given graph G, can it be colored red, white, blue? Given n-bit integer x and k, does x have a factor 1<x<k ? 3-COLOR FACTORING and 3-COLOR are in NP 3-COLOR is NP-complete  3-color efficiently and destroy ALL e-commerce!

Zero Knowledge Can I convince you I have a proof without revealing anything about it?

3-Coloring

Prover interacts with Verifier

3-Coloring Prover hides coloring

3-Coloring Verifier checks an edge at random

3-Coloring Verifier spots a lie with probability 1/E

3-Coloring Verifier repeats 100E times

If Verifier spots no lies, she concludes the graph is 3-colorable Prover fools Verifier with negligible probability

Is it Zero-Knowledge? Verifier can color most of the graph!

Not Zero-Knowledge! Why do we require the Verifier to check randomly?

Repeat 100 E times: 1. Prover: shuffle colors 2. Verifier: Check any edge

Random permutation Shuffle colors: what’s that? (6 possibilities)

Step 1: Prover shuffles coloring

Step 2: Prover hides coloring

Step 3: Verifier checks an edge

Step 1: Prover shuffles coloring

Step 2: Prover hides coloring

Step 3: Verifier checks an edge, etc

Why is it zero-knowledge? No matter what the Verifier does, she only sees a random pair of colors So, she can simulate the whole protocol by herself – no need for the prover.

Every problem in NP has a zero-knowledge proof

PCP Can I convince you I have a proof of Riemann’s hypothesis by letting you look at only 2 lines picked at random? (probabilistically checkable proofs) Yes, with probability of error 1/google

My proof of RH Slightly longer proof of RH compiler

Check two lines If OK, accept proof, else reject The probability of accepting bad proof or rejecting correct proof is <

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.