This preview shows pages 1–2. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
Unformatted text preview: Notes on Complexity Theory Last updated: October, 2011 Lecture 17 Jonathan Katz 1 Graph NonIsomorphism is in AM The proof system we showed earlier for graph nonisomorphism relied on the fact that the verifiers coins are kept hidden from the prover. Is this inherent? Somewhat surprisingly, we now show a publiccoin proof for graph nonisomorphism. Before doing so, we take a brief detour to discuss pairwiseindependent hash functions (which are useful in many other contexts as well). 1.1 PairwiseIndependent Hash Functions Fix some domain D and range R . Let H = { h k } k K be a family of functions, where each k K defines a function h k : D R . We say that H is 1 pairwise independent family if for all distinct x,x D and all (not necessarily distinct) y,y R we have Pr k K h k ( x ) = y V h k ( x ) = y / = 1 /  R  2 . Put differently, let D = { x 1 ,...,x } and consider the random variables Y i = h K ( x i ) (where K is uniform). If H is pairwise independent then each Y i is uniformly distributed, and moreover the random variables Y 1 ,...,Y are pairwise independent; i.e., for any i 6 = j the random variables Y i and Y j are independent. We show a simple construction of a pairwiseindependent family for D = R = F , where F is any finite field. Setting F = GF (2 n ), and viewing strings of length n as field elements, we obtain a construction with D = R = { , 1 } n . By truncating the output, we obtain a construction with D = { , 1 } n and R = { , 1 } for any n . By padding the input with 0s, we obtain a construction for any n . Fix D = R = F and let H = { h a,b } a,b F where h a,b ( x ) = ax + b . We claim that H is pairwise independent. Indeed, fix any distinct x,x F and any y,y F , and consider the probability (over choice of a,b ) that y = ax + b y = ax +...
View
Full
Document
 Fall '08
 staff

Click to edit the document details