1,397 research outputs found
Simulating chemistry using quantum computers
The difficulty of simulating quantum systems, well-known to quantum chemists,
prompted the idea of quantum computation. One can avoid the steep scaling
associated with the exact simulation of increasingly large quantum systems on
conventional computers, by mapping the quantum system to another, more
controllable one. In this review, we discuss to what extent the ideas in
quantum computation, now a well-established field, have been applied to
chemical problems. We describe algorithms that achieve significant advantages
for the electronic-structure problem, the simulation of chemical dynamics,
protein folding, and other tasks. Although theory is still ahead of experiment,
we outline recent advances that have led to the first chemical calculations on
small quantum information processors.Comment: 27 pages. Submitted to Ann. Rev. Phys. Che
Still Wrong Use of Pairings in Cryptography
Several pairing-based cryptographic protocols are recently proposed with a
wide variety of new novel applications including the ones in emerging
technologies like cloud computing, internet of things (IoT), e-health systems
and wearable technologies. There have been however a wide range of incorrect
use of these primitives. The paper of Galbraith, Paterson, and Smart (2006)
pointed out most of the issues related to the incorrect use of pairing-based
cryptography. However, we noticed that some recently proposed applications
still do not use these primitives correctly. This leads to unrealizable,
insecure or too inefficient designs of pairing-based protocols. We observed
that one reason is not being aware of the recent advancements on solving the
discrete logarithm problems in some groups. The main purpose of this article is
to give an understandable, informative, and the most up-to-date criteria for
the correct use of pairing-based cryptography. We thereby deliberately avoid
most of the technical details and rather give special emphasis on the
importance of the correct use of bilinear maps by realizing secure
cryptographic protocols. We list a collection of some recent papers having
wrong security assumptions or realizability/efficiency issues. Finally, we give
a compact and an up-to-date recipe of the correct use of pairings.Comment: 25 page
On the Usefulness of Predicates
Motivated by the pervasiveness of strong inapproximability results for
Max-CSPs, we introduce a relaxed notion of an approximate solution of a
Max-CSP. In this relaxed version, loosely speaking, the algorithm is allowed to
replace the constraints of an instance by some other (possibly real-valued)
constraints, and then only needs to satisfy as many of the new constraints as
possible.
To be more precise, we introduce the following notion of a predicate
being \emph{useful} for a (real-valued) objective : given an almost
satisfiable Max- instance, there is an algorithm that beats a random
assignment on the corresponding Max- instance applied to the same sets of
literals. The standard notion of a nontrivial approximation algorithm for a
Max-CSP with predicate is exactly the same as saying that is useful for
itself.
We say that is useless if it is not useful for any . This turns out to
be equivalent to the following pseudo-randomness property: given an almost
satisfiable instance of Max- it is hard to find an assignment such that the
induced distribution on -bit strings defined by the instance is not
essentially uniform.
Under the Unique Games Conjecture, we give a complete and simple
characterization of useful Max-CSPs defined by a predicate: such a Max-CSP is
useless if and only if there is a pairwise independent distribution supported
on the satisfying assignments of the predicate. It is natural to also consider
the case when no negations are allowed in the CSP instance, and we derive a
similar complete characterization (under the UGC) there as well.
Finally, we also include some results and examples shedding additional light
on the approximability of certain Max-CSPs
Plumo: An Ultralight Blockchain Client
Syncing the latest state of a blockchain can be a resource-intensive task, driving (especially mobile) end users towards centralized services offering instant access. To expand full decentralized access to anyone with a mobile phone, we introduce a consensus-agnostic compiler for constructing ultralight clients, providing secure and highly efficient blockchain syncing via a sequence of SNARK-based state transition proofs, and prove its security formally. Instantiating this, we present Plumo, an ultralight client for the Celo blockchain capable of syncing the latest network state summary in just a few seconds even on a low-end mobile phone. In Plumo, each transition proof covers four months of blockchain history and can be produced for just $25 USD of compute. Plumo achieves this level of efficiency thanks to two new SNARK-friendly constructions, which may also be of independent interest: a new BLS-based offline aggregate multisignature scheme in which signers do not have to know the members of their multisignature group in advance, and a new composite algebraic-symmetric cryptographic hash function
Hardness of Computing Individual Bits for One-way Functions on Elliptic Curves
We prove that if one can predict any of the bits of the input to an elliptic curve based one-way function over a finite field, then we can invert the function. In particular, our result implies that if one can predict any of the bits of the input to a classical pairing-based one-way function with non-negligible advantage over a random guess then one can efficiently invert this function and thus, solve the Fixed Argument Pairing Inversion problem (FAPI-1/FAPI-2). The latter has implications on the security of various pairing-based schemes such as the identity-based encryption scheme of BonehāFranklin, Hessā identity-based signature scheme, as well as Jouxās three-party one-round key agreement protocol. Moreover, if one can solve FAPI-1 and FAPI-2 in polynomial time then one can solve the Computational Diffie--Hellman problem (CDH) in polynomial time. Our result implies that all the bits of the functions defined above are hard-to-compute assuming these functions are one-way. The argument is based on a list-decoding technique via discrete Fourier transforms due to Akavia--GoldwasserāSafra as well as an idea due to BonehāShparlinski
Why Philosophers Should Care About Computational Complexity
One might think that, once we know something is computable, how efficiently
it can be computed is a practical question with little further philosophical
importance. In this essay, I offer a detailed case that one would be wrong. In
particular, I argue that computational complexity theory---the field that
studies the resources (such as time, space, and randomness) needed to solve
computational problems---leads to new perspectives on the nature of
mathematical knowledge, the strong AI debate, computationalism, the problem of
logical omniscience, Hume's problem of induction, Goodman's grue riddle, the
foundations of quantum mechanics, economic rationality, closed timelike curves,
and several other topics of philosophical interest. I end by discussing aspects
of complexity theory itself that could benefit from philosophical analysis.Comment: 58 pages, to appear in "Computability: G\"odel, Turing, Church, and
beyond," MIT Press, 2012. Some minor clarifications and corrections; new
references adde
- ā¦