21,625 research outputs found
Foundations, Properties, and Security Applications of Puzzles: A Survey
Cryptographic algorithms have been used not only to create robust ciphertexts
but also to generate cryptograms that, contrary to the classic goal of
cryptography, are meant to be broken. These cryptograms, generally called
puzzles, require the use of a certain amount of resources to be solved, hence
introducing a cost that is often regarded as a time delay---though it could
involve other metrics as well, such as bandwidth. These powerful features have
made puzzles the core of many security protocols, acquiring increasing
importance in the IT security landscape. The concept of a puzzle has
subsequently been extended to other types of schemes that do not use
cryptographic functions, such as CAPTCHAs, which are used to discriminate
humans from machines. Overall, puzzles have experienced a renewed interest with
the advent of Bitcoin, which uses a CPU-intensive puzzle as proof of work. In
this paper, we provide a comprehensive study of the most important puzzle
construction schemes available in the literature, categorizing them according
to several attributes, such as resource type, verification type, and
applications. We have redefined the term puzzle by collecting and integrating
the scattered notions used in different works, to cover all the existing
applications. Moreover, we provide an overview of the possible applications,
identifying key requirements and different design approaches. Finally, we
highlight the features and limitations of each approach, providing a useful
guide for the future development of new puzzle schemes.Comment: This article has been accepted for publication in ACM Computing
Survey
Robust Randomness Amplifiers: Upper and Lower Bounds
A recent sequence of works, initially motivated by the study of the nonlocal
properties of entanglement, demonstrate that a source of
information-theoretically certified randomness can be constructed based only on
two simple assumptions: the prior existence of a short random seed and the
ability to ensure that two black-box devices do not communicate (i.e. are
non-signaling). We call protocols achieving such certified amplification of a
short random seed randomness amplifiers.
We introduce a simple framework in which we initiate the systematic study of
the possibilities and limitations of randomness amplifiers. Our main results
include a new, improved analysis of a robust randomness amplifier with
exponential expansion, as well as the first upper bounds on the maximum
expansion achievable by a broad class of randomness amplifiers. In particular,
we show that non-adaptive randomness amplifiers that are robust to noise cannot
achieve more than doubly exponential expansion. Finally, we show that a wide
class of protocols based on the use of the CHSH game can only lead to (singly)
exponential expansion if adversarial devices are allowed the full power of
non-signaling strategies. Our upper bound results apply to all known
non-adaptive randomness amplifier constructions to date.Comment: 28 pages. Comments welcom
Efficient size estimation and impossibility of termination in uniform dense population protocols
We study uniform population protocols: networks of anonymous agents whose
pairwise interactions are chosen at random, where each agent uses an identical
transition algorithm that does not depend on the population size . Many
existing polylog time protocols for leader election and majority
computation are nonuniform: to operate correctly, they require all agents to be
initialized with an approximate estimate of (specifically, the exact value
). Our first main result is a uniform protocol for
calculating with high probability in time and
states ( bits of memory). The protocol is
converging but not terminating: it does not signal when the estimate is close
to the true value of . If it could be made terminating, this would
allow composition with protocols, such as those for leader election or
majority, that require a size estimate initially, to make them uniform (though
with a small probability of failure). We do show how our main protocol can be
indirectly composed with others in a simple and elegant way, based on the
leaderless phase clock, demonstrating that those protocols can in fact be made
uniform. However, our second main result implies that the protocol cannot be
made terminating, a consequence of a much stronger result: a uniform protocol
for any task requiring more than constant time cannot be terminating even with
probability bounded above 0, if infinitely many initial configurations are
dense: any state present initially occupies agents. (In particular,
no leader is allowed.) Crucially, the result holds no matter the memory or time
permitted. Finally, we show that with an initial leader, our size-estimation
protocol can be made terminating with high probability, with the same
asymptotic time and space bounds.Comment: Using leaderless phase cloc
Exponential Separation of Quantum Communication and Classical Information
We exhibit a Boolean function for which the quantum communication complexity
is exponentially larger than the classical information complexity. An
exponential separation in the other direction was already known from the work
of Kerenidis et. al. [SICOMP 44, pp. 1550-1572], hence our work implies that
these two complexity measures are incomparable. As classical information
complexity is an upper bound on quantum information complexity, which in turn
is equal to amortized quantum communication complexity, our work implies that a
tight direct sum result for distributional quantum communication complexity
cannot hold. The function we use to present such a separation is the Symmetric
k-ary Pointer Jumping function introduced by Rao and Sinha [ECCC TR15-057],
whose classical communication complexity is exponentially larger than its
classical information complexity. In this paper, we show that the quantum
communication complexity of this function is polynomially equivalent to its
classical communication complexity. The high-level idea behind our proof is
arguably the simplest so far for such an exponential separation between
information and communication, driven by a sequence of round-elimination
arguments, allowing us to simplify further the approach of Rao and Sinha.
As another application of the techniques that we develop, we give a simple
proof for an optimal trade-off between Alice's and Bob's communication while
computing the related Greater-Than function on n bits: say Bob communicates at
most b bits, then Alice must send n/exp(O(b)) bits to Bob. This holds even when
allowing pre-shared entanglement. We also present a classical protocol
achieving this bound.Comment: v1, 36 pages, 3 figure
Towards Tight Bounds for the Streaming Set Cover Problem
We consider the classic Set Cover problem in the data stream model. For
elements and sets () we give a -pass algorithm with a
strongly sub-linear space and logarithmic
approximation factor. This yields a significant improvement over the earlier
algorithm of Demaine et al. [DIMV14] that uses exponentially larger number of
passes. We complement this result by showing that the tradeoff between the
number of passes and space exhibited by our algorithm is tight, at least when
the approximation factor is equal to . Specifically, we show that any
algorithm that computes set cover exactly using passes
must use space in the regime of .
Furthermore, we consider the problem in the geometric setting where the
elements are points in and sets are either discs, axis-parallel
rectangles, or fat triangles in the plane, and show that our algorithm (with a
slight modification) uses the optimal space to find a
logarithmic approximation in passes.
Finally, we show that any randomized one-pass algorithm that distinguishes
between covers of size 2 and 3 must use a linear (i.e., ) amount of
space. This is the first result showing that a randomized, approximate
algorithm cannot achieve a space bound that is sublinear in the input size.
This indicates that using multiple passes might be necessary in order to
achieve sub-linear space bounds for this problem while guaranteeing small
approximation factors.Comment: A preliminary version of this paper is to appear in PODS 201
- …