This preview shows pages 1–3. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
Unformatted text preview: 6.841 Advanced Complexity Theory May 7, 2007 Lecture 23 Lecturer: Madhu Sudan Scribe: Alex Andoni, Anastasios Sidiropoulos 1 Overview Topics for this lecture are: Continue the discussion on AverageCase analysis (as opposed to Worst Case); Present Impagliazzos five possible worldsl Administrativia: Project presentations are on Wed and Thu in 32G531 and 32G631 respectively; Email comments on PCP and AverageCase lectures by Tuesday. Fill out HKN Survey online. 2 Literature on AverageCase Complexity Some of important surveys on average case complexity (very far from being all of them) are, in approximate chronological order: Levin [1] formalized the idea that average case complexity is about problems plus a distribution over inputs (i.e., hardness depends on the the distribution). Impagliazzo [2] wrote a survey giving his Personal View of AverageCase Complexity describing 5 possible worlds (we live in exactly one of them; we just dont know which one, yet). Goldreich wrote a survey, that made its way into his book [3]. Ajtai [4] gave a talk at ICM02 on connections between WorstCase complexity and AverageCase Complexity, specifically, in the context on lattice problems. Bogdanov and Trevisan [5] recently wrote a survey on AverageCase Complexity. In this lecture, we discuss Impagliazzos five possible worlds, as well as Ajtais lattice problems. 3 Impagliazzos five possible worlds Russell Impagliazzo wrote a survey on AverageCase Complexity [2] describing 5 possible worlds: we live in one of them, but do not yet know which one. The motivation for the classification is to relate cryptography to worstcase/averagecase complexity. A question raised by DiffieHellmann was whether we can base cryptography on strong assumptions such as P 6 = NP. Today we cant, and there are roughly 3 questions that, at the moment, seem relatively independent: P 6 = N P ; Existence of oneway functions (defined below). This implies some cryptography (DiffieHellmanns protocol); 231 Existence of Public Key CryptoSystems (PKCS) (best example of it is, of course, RSA). The only implications we know are that PKCS implies existence of oneway functions, which, in turn, imply P 6 = N P . Where does the truth lie? Definition 1 A oneway function is a function f : { , 1 } * { , 1 } * such that it is easy to compute but hard to invert on average, i.e.: Easy: Computing f ( x ) takes poly (  x  ) time; Hard: Given a random x U n (uniform over { , 1 } n ), it is hard to invert f ( x ) , that is for any polytime probabilistictime algorithm...
View Full
Document
 Spring '09
 MadhuSudan

Click to edit the document details