{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

lect23 - 6.841 Advanced Complexity Theory May 7 2007...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
6.841 Advanced Complexity Theory May 7, 2007 Lecture 23 Lecturer: Madhu Sudan Scribe: Alex Andoni, Anastasios Sidiropoulos 1 Overview Topics for this lecture are: Continue the discussion on Average-Case analysis (as opposed to Worst Case); Present Impagliazzo’s five possible worldsl Administrativia: Project presentations are on Wed and Thu in 32-G531 and 32-G631 respectively; Email comments on PCP and Average-Case lectures by Tuesday. Fill out HKN Survey online. 2 Literature on Average-Case Complexity Some of important surveys on average case complexity (very far from being all of them) are, in approximate chronological order: Levin [1] formalized the idea that average case complexity is about problems plus a distribution over inputs (i.e., hardness depends on the the distribution). Impagliazzo [2] wrote a survey giving his “Personal View of Average-Case Complexity” describing 5 possible worlds (we live in exactly one of them; we just don’t know which one, yet). Goldreich wrote a survey, that made its way into his book [3]. Ajtai [4] gave a talk at ICM’02 on connections between Worst-Case complexity and Average-Case Complexity, specifically, in the context on lattice problems. Bogdanov and Trevisan [5] recently wrote a survey on “Average-Case Complexity”. In this lecture, we discuss Impagliazzo’s five possible worlds, as well as Ajtai’s lattice problems. 3 Impagliazzo’s five possible worlds Russell Impagliazzo wrote a survey on Average-Case Complexity [2] describing 5 possible worlds: we live in one of them, but do not yet know which one. The motivation for the classification is to relate cryptography to worst-case/average-case complexity. A question raised by Diffie-Hellmann was whether we can base cryptography on strong assumptions such as P = NP. Today we can’t, and there are roughly 3 questions that, at the moment, seem relatively independent: P = N P ; Existence of one-way functions (defined below). This implies some cryptography (Diffie-Hellmann’s protocol); 23-1
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Existence of Public Key CryptoSystems (PKCS) (best example of it is, of course, RSA). The only implications we know are that PKCS implies existence of one-way functions, which, in turn, imply P = N P . Where does the truth lie? Definition 1 A one-way function is a function f : { 0 , 1 } * → { 0 , 1 } * such that it is easy to compute but hard to invert on average, i.e.: Easy: Computing f ( x ) takes poly ( | x | ) time; Hard: Given a random x U n (uniform over { 0 , 1 } n ), it is hard to invert f ( x ) , that is for any poly-time probabilistic-time algorithm A , we have that Pr x U n [ A ( f ( x )) f - 1 ( f ( x
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}