6.841 Advanced Complexity Theory
May 7, 2007
Lecture 23
Lecturer: Madhu Sudan
Scribe: Alex Andoni, Anastasios Sidiropoulos
1
Overview
Topics for this lecture are:
•
Continue the discussion on AverageCase analysis (as opposed to Worst Case);
•
Present Impagliazzo’s five possible worldsl
Administrativia:
•
Project presentations are on Wed and Thu in 32G531 and 32G631 respectively;
•
Email comments on PCP and AverageCase lectures by Tuesday.
•
Fill out HKN Survey online.
2
Literature on AverageCase Complexity
Some of important surveys on average case complexity (very far from being all of them) are, in approximate
chronological order:
•
Levin [1] formalized the idea that average case complexity is about problems
plus a distribution
over
inputs (i.e., hardness depends on the the distribution).
•
Impagliazzo [2] wrote a survey giving his “Personal View of AverageCase Complexity” describing 5
possible worlds (we live in exactly one of them; we just don’t know which one, yet).
•
Goldreich wrote a survey, that made its way into his book [3].
•
Ajtai [4] gave a talk at ICM’02 on connections between WorstCase complexity and AverageCase
Complexity, specifically, in the context on lattice problems.
•
Bogdanov and Trevisan [5] recently wrote a survey on “AverageCase Complexity”.
In this lecture, we discuss Impagliazzo’s five possible worlds, as well as Ajtai’s lattice problems.
3
Impagliazzo’s five possible worlds
Russell Impagliazzo wrote a survey on AverageCase Complexity [2] describing 5 possible worlds: we live in
one of them, but do not yet know which one.
The motivation for the classification is to relate cryptography to worstcase/averagecase complexity. A
question raised by DiffieHellmann was whether we can base cryptography on strong assumptions such as
P = NP. Today we can’t, and there are roughly 3 questions that, at the moment, seem relatively independent:
•
P = N
P
;
•
Existence of oneway functions (defined below).
This implies some cryptography (DiffieHellmann’s
protocol);
231
This preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
•
Existence of Public Key CryptoSystems (PKCS) (best example of it is, of course, RSA).
The only implications we know are that PKCS implies existence of oneway functions, which, in turn,
imply P = N
P
. Where does the truth lie?
Definition 1
A
oneway function
is a function
f
:
{
0
,
1
}
*
→ {
0
,
1
}
*
such that it is easy to compute but hard
to invert on average, i.e.:
Easy: Computing
f
(
x
)
takes
poly
(

x

)
time;
Hard: Given a random
x
←
U
n
(uniform over
{
0
,
1
}
n
), it is hard to invert
f
(
x
)
, that is for any polytime
probabilistictime algorithm
A
, we have that
Pr
x
←
U
n
[
A
(
f
(
x
))
∈
f

1
(
f
(
x
This is the end of the preview.
Sign up
to
access the rest of the document.
 Spring '09
 MadhuSudan
 Analysis of algorithms, Computational complexity theory, Professor Grouse

Click to edit the document details