110 research outputs found
Pebbling Arguments for Tree Evaluation
The Tree Evaluation Problem was introduced by Cook et al. in 2010 as a
candidate for separating P from L and NL. The most general space lower bounds
known for the Tree Evaluation Problem require a semantic restriction on the
branching programs and use a connection to well-known pebble games to generate
a bottleneck argument. These bounds are met by corresponding upper bounds
generated by natural implementations of optimal pebbling algorithms. In this
paper we extend these ideas to a variety of restricted families of both
deterministic and non-deterministic branching programs, proving tight lower
bounds under these restricted models. We also survey and unify known lower
bounds in our "pebbling argument" framework
Pebbling and Branching Programs Solving the Tree Evaluation Problem
We study restricted computation models related to the Tree Evaluation
Problem}. The TEP was introduced in earlier work as a simple candidate for the
(*very*) long term goal of separating L and LogDCFL. The input to the problem
is a rooted, balanced binary tree of height h, whose internal nodes are labeled
with binary functions on [k] = {1,...,k} (each given simply as a list of k^2
elements of [k]), and whose leaves are labeled with elements of [k]. Each node
obtains a value in [k] equal to its binary function applied to the values of
its children, and the output is the value of the root. The first restricted
computation model, called Fractional Pebbling, is a generalization of the
black/white pebbling game on graphs, and arises in a natural way from the
search for good upper bounds on the size of nondeterministic branching programs
(BPs) solving the TEP - for any fixed h, if the binary tree of height h has
fractional pebbling cost at most p, then there are nondeterministic BPs of size
O(k^p) solving the height h TEP. We prove a lower bound on the fractional
pebbling cost of d-ary trees that is tight to within an additive constant for
each fixed d. The second restricted computation model we study is a semantic
restriction on (non)deterministic BPs solving the TEP - Thrifty BPs.
Deterministic (resp. nondeterministic) thrifty BPs suffice to implement the
best known algorithms for the TEP, based on black (resp. fractional) pebbling.
In earlier work, for each fixed h a lower bound on the size of deterministic
thrifty BPs was proved that is tight for sufficiently large k. We give an
alternative proof that achieves the same bound for all k. We show the same
bound still holds in a less-restricted model, and also that gradually weaker
lower bounds can be obtained for gradually weaker restrictions on the model.Comment: Written as one of the requirements for my MSc. 29 pages, 6 figure
Completeness Results for Parameterized Space Classes
The parameterized complexity of a problem is considered "settled" once it has
been shown to lie in FPT or to be complete for a class in the W-hierarchy or a
similar parameterized hierarchy. Several natural parameterized problems have,
however, resisted such a classification. At least in some cases, the reason is
that upper and lower bounds for their parameterized space complexity have
recently been obtained that rule out completeness results for parameterized
time classes. In this paper, we make progress in this direction by proving that
the associative generability problem and the longest common subsequence problem
are complete for parameterized space classes. These classes are defined in
terms of different forms of bounded nondeterminism and in terms of simultaneous
time--space bounds. As a technical tool we introduce a "union operation" that
translates between problems complete for classical complexity classes and for
W-classes.Comment: IPEC 201
IST Austria Thesis
Many security definitions come in two flavors: a stronger “adaptive” flavor, where the adversary can arbitrarily make various choices during the course of the attack, and a weaker “selective” flavor where the adversary must commit to some or all of their choices a-priori. For example, in the context of identity-based encryption, selective security requires the adversary to decide on the identity of the attacked party at the very beginning of the game whereas adaptive security allows the attacker to first see the master public key and some secret keys before making this choice. Often, it appears to be much easier to achieve selective security than it is to achieve adaptive security. A series of several recent works shows how to cleverly achieve adaptive security in several such scenarios including generalized selective decryption [Pan07][FJP15], constrained PRFs [FKPR14], and Yao’s garbled circuits [JW16]. Although the above works expressed vague intuition that they share a common technique, the connection was never made precise. In this work we present a new framework (published at Crypto ’17 [JKK+17a]) that connects all of these works and allows us to present them in a unified and simplified fashion. Having the framework in place, we show how to achieve adaptive security for proxy re-encryption schemes (published at PKC ’19 [FKKP19]) and provide the first adaptive security proofs for continuous group key agreement protocols (published at S&P ’21 [KPW+21]). Questioning optimality of our framework, we then show that currently used proof techniques cannot lead to significantly better security guarantees for "graph-building" games (published at TCC ’21 [KKPW21a]). These games cover generalized selective decryption, as well as the security of prominent constructions for constrained PRFs, continuous group key agreement, and proxy re-encryption. Finally, we revisit the adaptive security of Yao’s garbled circuits and extend the analysis of Jafargholi and Wichs in two directions: While they prove adaptive security only for a modified construction with increased online complexity, we provide the first positive results for the original construction by Yao (published at TCC ’21 [KKP21a]). On the negative side, we prove that the results of Jafargholi and Wichs are essentially optimal by showing that no black-box reduction can provide a significantly better security bound (published at Crypto ’21 [KKPW21c])
- …