This preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
Unformatted text preview: 6.841 Advanced Complexity Theory May 7, 2007 Lecture 23 Lecturer: Madhu Sudan Scribe: Alex Andoni, Anastasios Sidiropoulos 1 Overview Topics for this lecture are: • Continue the discussion on AverageCase analysis (as opposed to Worst Case); • Present Impagliazzo’s five possible worldsl Administrativia: • Project presentations are on Wed and Thu in 32G531 and 32G631 respectively; • Email comments on PCP and AverageCase lectures by Tuesday. • Fill out HKN Survey online. 2 Literature on AverageCase Complexity Some of important surveys on average case complexity (very far from being all of them) are, in approximate chronological order: • Levin [1] formalized the idea that average case complexity is about problems plus a distribution over inputs (i.e., hardness depends on the the distribution). • Impagliazzo [2] wrote a survey giving his “Personal View of AverageCase Complexity” describing 5 possible worlds (we live in exactly one of them; we just don’t know which one, yet). • Goldreich wrote a survey, that made its way into his book [3]. • Ajtai [4] gave a talk at ICM’02 on connections between WorstCase complexity and AverageCase Complexity, specifically, in the context on lattice problems. • Bogdanov and Trevisan [5] recently wrote a survey on “AverageCase Complexity”. In this lecture, we discuss Impagliazzo’s five possible worlds, as well as Ajtai’s lattice problems. 3 Impagliazzo’s five possible worlds Russell Impagliazzo wrote a survey on AverageCase Complexity [2] describing 5 possible worlds: we live in one of them, but do not yet know which one. The motivation for the classification is to relate cryptography to worstcase/averagecase complexity. A question raised by DiffieHellmann was whether we can base cryptography on strong assumptions such as P 6 = NP. Today we can’t, and there are roughly 3 questions that, at the moment, seem relatively independent: • P 6 = N P ; • Existence of oneway functions (defined below). This implies some cryptography (DiffieHellmann’s protocol); 231 • Existence of Public Key CryptoSystems (PKCS) (best example of it is, of course, RSA). The only implications we know are that PKCS implies existence of oneway functions, which, in turn, imply P 6 = N P . Where does the truth lie? Definition 1 A oneway function is a function f : { , 1 } * → { , 1 } * such that it is easy to compute but hard to invert on average, i.e.: Easy: Computing f ( x ) takes poly (  x  ) time; Hard: Given a random x ← U n (uniform over { , 1 } n ), it is hard to invert f ( x ) , that is for any polytime probabilistictime algorithm...
View
Full
Document
This note was uploaded on 04/02/2010 for the course CS 6.841 taught by Professor Madhusudan during the Spring '09 term at MIT.
 Spring '09
 MadhuSudan

Click to edit the document details