747 research outputs found
PPP-Completeness with Connections to Cryptography
Polynomial Pigeonhole Principle (PPP) is an important subclass of TFNP with
profound connections to the complexity of the fundamental cryptographic
primitives: collision-resistant hash functions and one-way permutations. In
contrast to most of the other subclasses of TFNP, no complete problem is known
for PPP. Our work identifies the first PPP-complete problem without any circuit
or Turing Machine given explicitly in the input, and thus we answer a
longstanding open question from [Papadimitriou1994]. Specifically, we show that
constrained-SIS (cSIS), a generalized version of the well-known Short Integer
Solution problem (SIS) from lattice-based cryptography, is PPP-complete.
In order to give intuition behind our reduction for constrained-SIS, we
identify another PPP-complete problem with a circuit in the input but closely
related to lattice problems. We call this problem BLICHFELDT and it is the
computational problem associated with Blichfeldt's fundamental theorem in the
theory of lattices.
Building on the inherent connection of PPP with collision-resistant hash
functions, we use our completeness result to construct the first natural hash
function family that captures the hardness of all collision-resistant hash
functions in a worst-case sense, i.e. it is natural and universal in the
worst-case. The close resemblance of our hash function family with SIS, leads
us to the first candidate collision-resistant hash function that is both
natural and universal in an average-case sense.
Finally, our results enrich our understanding of the connections between PPP,
lattice problems and other concrete cryptographic assumptions, such as the
discrete logarithm problem over general groups
Self-stabilising Byzantine Clock Synchronisation is Almost as Easy as Consensus
We give fault-tolerant algorithms for establishing synchrony in distributed
systems in which each of the nodes has its own clock. Our algorithms
operate in a very strong fault model: we require self-stabilisation, i.e., the
initial state of the system may be arbitrary, and there can be up to
ongoing Byzantine faults, i.e., nodes that deviate from the protocol in an
arbitrary manner. Furthermore, we assume that the local clocks of the nodes may
progress at different speeds (clock drift) and communication has bounded delay.
In this model, we study the pulse synchronisation problem, where the task is to
guarantee that eventually all correct nodes generate well-separated local pulse
events (i.e., unlabelled logical clock ticks) in a synchronised manner.
Compared to prior work, we achieve exponential improvements in stabilisation
time and the number of communicated bits, and give the first sublinear-time
algorithm for the problem:
- In the deterministic setting, the state-of-the-art solutions stabilise in
time and have each node broadcast bits per time
unit. We exponentially reduce the number of bits broadcasted per time unit to
while retaining the same stabilisation time.
- In the randomised setting, the state-of-the-art solutions stabilise in time
and have each node broadcast bits per time unit. We
exponentially reduce the stabilisation time to while each node
broadcasts bits per time unit.
These results are obtained by means of a recursive approach reducing the
above task of self-stabilising pulse synchronisation in the bounded-delay model
to non-self-stabilising binary consensus in the synchronous model. In general,
our approach introduces at most logarithmic overheads in terms of stabilisation
time and broadcasted bits over the underlying consensus routine.Comment: 54 pages. To appear in JACM, preliminary version of this work has
appeared in DISC 201
Quantum resource estimates for computing elliptic curve discrete logarithms
We give precise quantum resource estimates for Shor's algorithm to compute
discrete logarithms on elliptic curves over prime fields. The estimates are
derived from a simulation of a Toffoli gate network for controlled elliptic
curve point addition, implemented within the framework of the quantum computing
software tool suite LIQ. We determine circuit implementations for
reversible modular arithmetic, including modular addition, multiplication and
inversion, as well as reversible elliptic curve point addition. We conclude
that elliptic curve discrete logarithms on an elliptic curve defined over an
-bit prime field can be computed on a quantum computer with at most qubits using a quantum circuit of at most Toffoli gates. We are able to classically simulate the
Toffoli networks corresponding to the controlled elliptic curve point addition
as the core piece of Shor's algorithm for the NIST standard curves P-192,
P-224, P-256, P-384 and P-521. Our approach allows gate-level comparisons to
recent resource estimates for Shor's factoring algorithm. The results also
support estimates given earlier by Proos and Zalka and indicate that, for
current parameters at comparable classical security levels, the number of
qubits required to tackle elliptic curves is less than for attacking RSA,
suggesting that indeed ECC is an easier target than RSA.Comment: 24 pages, 2 tables, 11 figures. v2: typos fixed and reference added.
ASIACRYPT 201
On the Equivalence among Problems of Bounded Width
In this paper, we introduce a methodology, called decomposition-based
reductions, for showing the equivalence among various problems of
bounded-width.
First, we show that the following are equivalent for any :
* SAT can be solved in time,
* 3-SAT can be solved in time,
* Max 2-SAT can be solved in time,
* Independent Set can be solved in time, and
* Independent Set can be solved in time, where
tw and cw are the tree-width and clique-width of the instance, respectively.
Then, we introduce a new parameterized complexity class EPNL, which includes
Set Cover and Directed Hamiltonicity, and show that SAT, 3-SAT, Max 2-SAT, and
Independent Set parameterized by path-width are EPNL-complete. This implies
that if one of these EPNL-complete problems can be solved in time,
then any problem in EPNL can be solved in time.Comment: accepted to ESA 201
Navigating Central Path with Electrical Flows: from Flows to Matchings, and Back
We present an -time algorithm for
the maximum s-t flow and the minimum s-t cut problems in directed graphs with
unit capacities. This is the first improvement over the sparse-graph case of
the long-standing time bound due to Even and
Tarjan [EvenT75]. By well-known reductions, this also establishes an
-time algorithm for the maximum-cardinality bipartite
matching problem. That, in turn, gives an improvement over the celebrated
celebrated time bound of Hopcroft and Karp [HK73] whenever the
input graph is sufficiently sparse
Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data
We provide formal definitions and efficient secure techniques for
- turning noisy information into keys usable for any cryptographic
application, and, in particular,
- reliably and securely authenticating biometric data.
Our techniques apply not just to biometric information, but to any keying
material that, unlike traditional cryptographic keys, is (1) not reproducible
precisely and (2) not distributed uniformly. We propose two primitives: a
"fuzzy extractor" reliably extracts nearly uniform randomness R from its input;
the extraction is error-tolerant in the sense that R will be the same even if
the input changes, as long as it remains reasonably close to the original.
Thus, R can be used as a key in a cryptographic application. A "secure sketch"
produces public information about its input w that does not reveal w, and yet
allows exact recovery of w given another value that is close to w. Thus, it can
be used to reliably reproduce error-prone biometric inputs without incurring
the security risk inherent in storing them.
We define the primitives to be both formally secure and versatile,
generalizing much prior work. In addition, we provide nearly optimal
constructions of both primitives for various measures of ``closeness'' of input
data, such as Hamming distance, edit distance, and set difference.Comment: 47 pp., 3 figures. Prelim. version in Eurocrypt 2004, Springer LNCS
3027, pp. 523-540. Differences from version 3: minor edits for grammar,
clarity, and typo
- …