On the Complexity of Random Satisfiability Problems with Planted Solutions

The problem of identifying a planted assignment given a random $k$-SAT formula consistent with the assignment exhibits a large algorithmic gap: while the planted solution becomes unique and can be identified given a formula with $O(n\log n)$ clauses, there are distributions over clauses for which the best known efficient algorithms require $n^{k/2}$ clauses. We propose and study a unified model for planted $k$-SAT, which captures well-known special cases. An instance is described by a planted assignment $\sigma$ and a distribution on clauses with $k$ literals. We define its distribution complexity as the largest $r$ for which the distribution is not $r$-wise independent ($1 \le r \le k$ for any distribution with a planted assignment). Our main result is an unconditional lower bound, tight up to logarithmic factors, for statistical (query) algorithms [Kearns 1998, Feldman et. al 2012], matching known upper bounds, which, as we show, can be implemented using a statistical algorithm. Since known approaches for problems over distributions have statistical analogues (spectral, MCMC, gradient-based, convex optimization etc.), this lower bound provides a rigorous explanation of the observed algorithmic gap. The proof introduces a new general technique for the analysis of statistical query algorithms. It also points to a geometric paring phenomenon in the space of all planted assignments. We describe consequences of our lower bounds to Feige's refutation hypothesis [Feige 2002] and to lower bounds on general convex programs that solve planted $k$-SAT. Our bounds also extend to other planted $k$-CSP models, and, in particular, provide concrete evidence for the security of Goldreich's one-way function and the associated pseudorandom generator when used with a sufficiently hard predicate [Goldreich 2000].Comment: Extended abstract appeared in STOC 201

Identity-based cryptography from paillier cryptosystem.

Au Man Ho Allen.Thesis (M.Phil.)--Chinese University of Hong Kong, 2005.Includes bibliographical references (leaves 60-68).Abstracts in English and Chinese.Abstract --- p.iAcknowledgement --- p.iiiChapter 1 --- Introduction --- p.1Chapter 2 --- Preliminaries --- p.5Chapter 2.1 --- Complexity Theory --- p.5Chapter 2.2 --- Algebra and Number Theory --- p.7Chapter 2.2.1 --- Groups --- p.7Chapter 2.2.2 --- Additive Group Zn and Multiplicative Group Z*n --- p.8Chapter 2.2.3 --- The Integer Factorization Problem --- p.9Chapter 2.2.4 --- Quadratic Residuosity Problem --- p.11Chapter 2.2.5 --- Computing e-th Roots (The RSA Problem) --- p.13Chapter 2.2.6 --- Discrete Logarithm and Related Problems --- p.13Chapter 2.3 --- Public key Cryptography --- p.16Chapter 2.3.1 --- Encryption --- p.17Chapter 2.3.2 --- Digital Signature --- p.20Chapter 2.3.3 --- Identification Protocol --- p.22Chapter 2.3.4 --- Hash Function --- p.24Chapter 3 --- Paillier Cryptosystems --- p.26Chapter 3.1 --- Introduction --- p.26Chapter 3.2 --- The Paillier Cryptosystem --- p.27Chapter 4 --- Identity-based Cryptography --- p.30Chapter 4.1 --- Introduction --- p.31Chapter 4.2 --- Identity-based Encryption --- p.32Chapter 4.2.1 --- Notions of Security --- p.32Chapter 4.2.2 --- Related Results --- p.35Chapter 4.3 --- Identity-based Identification --- p.36Chapter 4.3.1 --- Security notions --- p.37Chapter 4.4 --- Identity-based Signature --- p.38Chapter 4.4.1 --- Security notions --- p.39Chapter 5 --- Identity-Based Cryptography from Paillier System --- p.41Chapter 5.1 --- Identity-based Identification schemes in Paillier setting --- p.42Chapter 5.1.1 --- Paillier-IBI --- p.42Chapter 5.1.2 --- CGGN-IBI --- p.43Chapter 5.1.3 --- GMMV-IBI --- p.44Chapter 5.1.4 --- KT-IBI --- p.45Chapter 5.1.5 --- Choice of g for Paillier-IBI --- p.46Chapter 5.2 --- Identity-based signatures from Paillier system . . --- p.47Chapter 5.3 --- Cocks ID-based Encryption in Paillier Setting . . --- p.48Chapter 6 --- Concluding Remarks --- p.51A Proof of Theorems --- p.53Chapter A.1 --- "Proof of Theorems 5.1, 5.2" --- p.53Chapter A.2 --- Proof Sketch of Remaining Theorems --- p.58Bibliography --- p.6

Delegating computation reliably : paradigms and constructions

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2009.Cataloged from PDF version of thesis.Includes bibliographical references (p. 285-297).In an emerging computing paradigm, computational capabilities, from processing power to storage capacities, are offered to users over communication networks as a service. This new paradigm holds enormous promise for increasing the utility of computationally weak devices. A natural approach is for weak devices to delegate expensive tasks, such as storing a large file or running a complex computation, to more powerful entities (say servers) connected to the same network. While the delegation approach seems promising, it raises an immediate concern: when and how can a weak device verify that a computational task was completed correctly? This practically motivated question touches on foundational questions in cryptography and complexity theory. The focus of this thesis is verifying the correctness of delegated computations. We construct efficient protocols (interactive proofs) for delegating computational tasks. In particular, we present: e A protocol for delegating any computation, where the work needed to verify the correctness of the output is linear in the input length, polynomial in the computation's depth, and only poly-logarithmic in the computation's size. The space needed for verification is only logarithmic in the computation size. Thus, for any computation of polynomial size and poly-logarithmic depth (the rich complexity class N/C), the work required to verify the correctness of the output is only quasi-linear in the input length. The work required to prove the output's correctness is only polynomial in the original computation's size. This protocol also has applications to constructing one-round arguments for delegating computation, and efficient zero-knowledge proofs. * A general transformation, reducing the parallel running time (or computation depth) of the verifier in protocols for delegating computation (interactive proofs) to be constant. Next, we explore the power of the delegation paradigm in settings where mutually distrustful parties interact. In particular, we consider the settings of checking the correctness of computer programs and of designing error-correcting codes. We show: * A new methodology for checking the correctness of programs (program checking), in which work is delegated from the program checker to the untrusted program being checked. Using this methodology we obtain program checkers for an entire complexity class (the class of N/C¹-computations that are WNC-hard), and for a slew of specific functions such as matrix multiplication, inversion, determinant and rank, as well as graph functions such as connectivity, perfect matching and bounded-degree graph isomorphism. * A methodology for designing error-correcting codes with efficient decoding procedures, in which work is delegated from the decoder to the encoder. We use this methodology to obtain constant-depth (AC⁰) locally decodable and locally-list decodable codes. We also show that the parameters of these codes are optimal (up to polynomial factors) for constant-depth decoding.by Guy N. Rothblum.Ph.D