Presentation is loading. Please wait.

Presentation is loading. Please wait.

Princeton University COS 433 Cryptography Fall 2005 Boaz Barak COS 433: Cryptography Princeton University Fall 2005 Boaz Barak Lecture 3: Computational.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Princeton University COS 433 Cryptography Fall 2005 Boaz Barak COS 433: Cryptography Princeton University Fall 2005 Boaz Barak Lecture 3: Computational."— Presentation transcript:

1 Princeton University COS 433 Cryptography Fall 2005 Boaz Barak COS 433: Cryptography Princeton University Fall 2005 Boaz Barak Lecture 3: Computational Hardness

2 2 “Impatient Cryptography” Last Lecture: Simple algorithm (~10 lines of C code) to break every encryption with key-length < message-length. Caveat: Takes roughly 2 key length steps to run. For 1KB key will take more than galaxy’s lifetime to finish. This holds even if we run in parallel one processor for each atom of the universe each running in light speed. Encryption that takes this long to break seems to provide “pretty good privacy”.

3 3 Measuring Computational Steps Church-Turing thesis: every physically feasible computation can be described roughly as follows memory in initial state s Step 1Step 2Step iStep i+1Final state t Captures every computer or other computing device ever built, including human brain. Bit in state i+1 depends on constant (e.g. 3) bits of state i. W.l.o.g, each bit depends on · 2 bits, using either Æ, Ç or : functions. We call this a t ¢ s –sized Boolean circuit.

4 4 Computational Hardness Fact 1: 8f:{0,1} n  {0,1} n, 9 n 2 2 n -sized Boolean circuit C s.t. C computes f. Def: Let f:{0,1} n  {0,1} m be a function. We say that f is (T,  )-hard if for every T-sized circuit C Pr x  { 0,1 } n [ C(x) = f(x) ] <  Thm: 8n, there exists a function f:{0,1} n  {0,1} n that is (2 n/10,2 -n/10 )-hard We know: If f:{0,1} n  {0,1} n then f can’t be (n 2 2 n,1)- hard and can’t be (T,0)-hard for any T (where T>n).

5 5 Asymptotic Hardness Def: A function h:N  N is super-polynomial if 8 polynomial q(¢), 9n s.t. h(n)>q(n). In other words h(n)=n  (1). Def: Let { f n } be family of functions, where f n :{0,1} n  {0,1} n. We say that { f n } is hard if 9 super-poly h(¢) s.t. for every n, f n is (h(n), 1/h(n) ) –hard. Examples: h(n) = 2 n, h(n)=n log n, h(n) = 2 n, h(n) = 1/3 1 n<10 6 2 n n¸10 6 Def: Let f:{0,1} n  {0,1} m be a function. We say that f is (T,  )-hard if for every T-sized circuit C Pr x  { 0,1 } n [ C(x) = f(x) ] <  We know: There exists a hard family of functions.

6 6 Asymptotic Easyness Def: Let { f n } be family of functions, where f n :{0,1} n  {0,1} m. We say that { f n } is in the class P/poly if 9 polynomial q(¢) and circuit family { C n } s.t. 8n |C n | · q(n) and We say that a circuit family {C n } is uniform if there’s a (constant-size) Turing machine that on input n,i outputs the i th gate of C n in · |C n | 2 steps. 8 x 2 {0,1} n, C(x) = f(x) If the family {C n } is uniform then { f n } is in the class P. Def: Let { f n } be family of functions, where f n :{0,1} n  {0,1} n. We say that { f n } is hard if 9 super-poly h(¢) s.t. for every n, f n is (h(n), 1/h(n) ) –hard.

7 7 World View P - easy for poly-size uniform circuits P /poly - easy for poly-size circuits All function families Mildly hard func. families Hard function families

8 8 Functions Known to be in P Arithmetic functions: f 1 (a,b) = a+b, f 2 (a,b) = a¢ b, etc.. (elementary school algorithms) Arithmetic mod n: f 1 (a,b,n) = a+b (mod n), f 2 (a,b,n) = a¢ b (mod n) GCD(a,b) = largest c s.t. c|a, c|b Inverse(a): If GCD(a,n)=1 find a -1 (mod n) EXP(a,b) = a b (mod n) Maximal Ind. Set: Given graph G(V,E), we say that Sµ V is independent if 8 u,v 2 S, (u,v)  E. Find S s.t. forall v  S, S[{ v } is not independent.

9 9 Functions Believed Outside of P/poly Factoring: f 1 (a) = prime factors of a (can be computed in time 2 |a|, even in 2 |a| ) 1/3 Maximum Ind. Set: Given graph G(V,E), find S of maximum size s.t. S independent (i.e., 8u,v2 S, (u,v)  E) Believed to be a hard function family 3SAT: Given 3CNF Boolean formula  on n variables, find (if exist) x 1,…,x n such that  (x 1,…,x n ) is true.  = (x 1 Ç : x 7 Ç x 9 ) Æ (: x 2 Ç x 9 Ç : x 12 ) Æ … Æ (x 1 Ç x 2 Ç x 100 ) For all these functions, it is easy to verify a given solution. Such functions are in the class NP If either max-ind-set or 3SAT is in P/poly then every problem in NP is in P/poly Such functions are called NP-complete

10 10 Proving NP - Completeness Maximum Ind. Set: Given graph G(V,E), find S of maximum size s.t. S independent (i.e., 8u,v2 S, (u,v)  E) 3SAT: Given 3CNF Boolean formula  on n variables, find (if exist) x 1,…,x n such that  (x 1,…,x n ) is true.  = (x 1 Ç : x 7 Ç x 9 ) Æ (: x 2 Ç x 9 Ç : x 12 ) Æ … Æ (x 1 Ç x 2 Ç x 100 ) If either max-ind-set or 3SAT is in P/poly then every problem in NP is in P/poly This is proven using a reduction. For example. Circuit to compute IND-SET Thm: Assume that 9 poly(n) circuit family for IND-SET. Then 9 poly(n) circuit family for 3SAT. Circuit to compute 3SAT GGSS  xx

11 11 World View P - easy for poly-size uniform circuits P /poly - easy for poly-size circuits All function families Mildly hard func. families Hard function families add, mult, GCD, EXP, maximal IS 3SAT, Ind-SET, NP-Complete Factoring

12 12 Randomization Possible objection to our model: Can circuits get more power by tossing coins? Input Random bits Probabilistic circuit Output In this context, answer is NO. Thm: If f:{0,1} n  {0,1} m is (T,  )-hard for standard (deterministic) circuits, then it is (T/10,  )-hard for probabilistic circuits.

Download ppt "Princeton University COS 433 Cryptography Fall 2005 Boaz Barak COS 433: Cryptography Princeton University Fall 2005 Boaz Barak Lecture 3: Computational."

Similar presentations

Extracting Randomness From Few Independent Sources Boaz Barak, IAS Russell Impagliazzo, UCSD Avi Wigderson, IAS.

Extracting Randomness From Few Independent Sources Boaz Barak, IAS Russell Impagliazzo, UCSD Avi Wigderson, IAS.
NP-Hard Nattee Niparnan.

NP-Hard Nattee Niparnan.
Polynomial-time reductions We have seen several reductions:

Polynomial-time reductions We have seen several reductions:
 2004 SDU Lecture17-P,NP, NPC.  2004 SDU 2 1.Decision problem and language decision problem decision problem and language 2.P and NP Definitions of.

 2004 SDU Lecture17-P,NP, NPC.  2004 SDU 2 1.Decision problem and language decision problem decision problem and language 2.P and NP Definitions of.
Department of Computer Science & Engineering

Department of Computer Science & Engineering
NP-complete and NP-hard problems Transitivity of polynomial-time many-one reductions Concept of Completeness and hardness for a complexity class Definition.

NP-complete and NP-hard problems Transitivity of polynomial-time many-one reductions Concept of Completeness and hardness for a complexity class Definition.
Theory of Computing Lecture 16 MAS 714 Hartmut Klauck.

Theory of Computing Lecture 16 MAS 714 Hartmut Klauck.
INHERENT LIMITATIONS OF COMPUTER PROGRAMS CSci 4011.

INHERENT LIMITATIONS OF COMPUTER PROGRAMS CSci 4011.
Umans Complexity Theory Lectures Lecture 2a: Reductions & Completeness.

Umans Complexity Theory Lectures Lecture 2a: Reductions & Completeness.
Notation Intro. Number Theory Online Cryptography Course Dan Boneh

Notation Intro. Number Theory Online Cryptography Course Dan Boneh
CSC5160 Topics in Algorithms Tutorial 2 Introduction to NP-Complete Problems Feb 8 2007 Jerry Le

CSC5160 Topics in Algorithms Tutorial 2 Introduction to NP-Complete Problems Feb Jerry Le
1 L is in NP means: There is a language L’ in P and a polynomial p so that L 1 · L 2 means: For some polynomial time computable map r : 8 x: x 2 L 1 iff.

1 L is in NP means: There is a language L’ in P and a polynomial p so that L 1 · L 2 means: For some polynomial time computable map r : 8 x: x 2 L 1 iff.
Advanced Topics in Algorithms and Data Structures

Advanced Topics in Algorithms and Data Structures
CS151 Complexity Theory Lecture 5 April 13, 2015.

CS151 Complexity Theory Lecture 5 April 13, 2015.
CS151 Complexity Theory Lecture 7 April 20, 2004.

CS151 Complexity Theory Lecture 7 April 20, 2004.
CS151 Complexity Theory Lecture 5 April 13, 2004.

CS151 Complexity Theory Lecture 5 April 13, 2004.
The Counting Class #P Slides by Vera Asodi & Tomer Naveh

The Counting Class #P Slides by Vera Asodi & Tomer Naveh
1 Polynomial Church-Turing thesis A decision problem can be solved in polynomial time by using a reasonable sequential model of computation if and only.

1 Polynomial Church-Turing thesis A decision problem can be solved in polynomial time by using a reasonable sequential model of computation if and only.
On Uniform Amplification of Hardness in NP Luca Trevisan STOC 05 Paper Review Present by Hai Xu.

On Uniform Amplification of Hardness in NP Luca Trevisan STOC 05 Paper Review Present by Hai Xu.
Arithmetic Hardness vs. Randomness Valentine Kabanets SFU.

Arithmetic Hardness vs. Randomness Valentine Kabanets SFU.

Similar presentations

Ads by Google