5,533 research outputs found
Resettable Zero Knowledge in the Bare Public-Key Model under Standard Assumption
In this paper we resolve an open problem regarding resettable zero knowledge
in the bare public-key (BPK for short) model: Does there exist constant round
resettable zero knowledge argument with concurrent soundness for
in BPK model without assuming \emph{sub-exponential hardness}? We give a
positive answer to this question by presenting such a protocol for any language
in in the bare public-key model assuming only
collision-resistant hash functions against \emph{polynomial-time} adversaries.Comment: 19 pag
Concurrent Knowledge-Extraction in the Public-Key Model
Knowledge extraction is a fundamental notion, modelling machine possession of
values (witnesses) in a computational complexity sense. The notion provides an
essential tool for cryptographic protocol design and analysis, enabling one to
argue about the internal state of protocol players without ever looking at this
supposedly secret state. However, when transactions are concurrent (e.g., over
the Internet) with players possessing public-keys (as is common in
cryptography), assuring that entities ``know'' what they claim to know, where
adversaries may be well coordinated across different transactions, turns out to
be much more subtle and in need of re-examination. Here, we investigate how to
formally treat knowledge possession by parties (with registered public-keys)
interacting over the Internet. Stated more technically, we look into the
relative power of the notion of ``concurrent knowledge-extraction'' (CKE) in
the concurrent zero-knowledge (CZK) bare public-key (BPK) model.Comment: 38 pages, 4 figure
Concurrently Non-Malleable Zero Knowledge in the Authenticated Public-Key Model
We consider a type of zero-knowledge protocols that are of interest for their
practical applications within networks like the Internet: efficient
zero-knowledge arguments of knowledge that remain secure against concurrent
man-in-the-middle attacks. In an effort to reduce the setup assumptions
required for efficient zero-knowledge arguments of knowledge that remain secure
against concurrent man-in-the-middle attacks, we consider a model, which we
call the Authenticated Public-Key (APK) model. The APK model seems to
significantly reduce the setup assumptions made by the CRS model (as no trusted
party or honest execution of a centralized algorithm are required), and can be
seen as a slightly stronger variation of the Bare Public-Key (BPK) model from
\cite{CGGM,MR}, and a weaker variation of the registered public-key model used
in \cite{BCNP}. We then define and study man-in-the-middle attacks in the APK
model. Our main result is a constant-round concurrent non-malleable
zero-knowledge argument of knowledge for any polynomial-time relation
(associated to a language in ), under the (minimal) assumption of
the existence of a one-way function family. Furthermore,We show time-efficient
instantiations of our protocol based on known number-theoretic assumptions. We
also note a negative result with respect to further reducing the setup
assumptions of our protocol to those in the (unauthenticated) BPK model, by
showing that concurrently non-malleable zero-knowledge arguments of knowledge
in the BPK model are only possible for trivial languages
Quantum superiority for verifying NP-complete problems with linear optics
Demonstrating quantum superiority for some computational task will be a
milestone for quantum technologies and would show that computational advantages
are possible not only with a universal quantum computer but with simpler
physical devices. Linear optics is such a simpler but powerful platform where
classically-hard information processing tasks, such as Boson Sampling, can be
in principle implemented. In this work, we study a fundamentally different type
of computational task to achieve quantum superiority using linear optics,
namely the task of verifying NP-complete problems. We focus on a protocol by
Aaronson et al. (2008) that uses quantum proofs for verification. We show that
the proof states can be implemented in terms of a single photon in an equal
superposition over many optical modes. Similarly, the tests can be performed
using linear-optical transformations consisting of a few operations: a global
permutation of all modes, simple interferometers acting on at most four modes,
and measurement using single-photon detectors. We also show that the protocol
can tolerate experimental imperfections.Comment: 10 pages, 6 figures, minor corrections, results unchange
Exact Covers via Determinants
Given a k-uniform hypergraph on n vertices, partitioned in k equal parts such
that every hyperedge includes one vertex from each part, the k-dimensional
matching problem asks whether there is a disjoint collection of the hyperedges
which covers all vertices. We show it can be solved by a randomized polynomial
space algorithm in time O*(2^(n(k-2)/k)). The O*() notation hides factors
polynomial in n and k.
When we drop the partition constraint and permit arbitrary hyperedges of
cardinality k, we obtain the exact cover by k-sets problem. We show it can be
solved by a randomized polynomial space algorithm in time O*(c_k^n), where
c_3=1.496, c_4=1.642, c_5=1.721, and provide a general bound for larger k.
Both results substantially improve on the previous best algorithms for these
problems, especially for small k, and follow from the new observation that
Lovasz' perfect matching detection via determinants (1979) admits an embedding
in the recently proposed inclusion-exclusion counting scheme for set covers,
despite its inability to count the perfect matchings
Symmetric Determinantal Representation of Formulas and Weakly Skew Circuits
We deploy algebraic complexity theoretic techniques for constructing
symmetric determinantal representations of for00504925mulas and weakly skew
circuits. Our representations produce matrices of much smaller dimensions than
those given in the convex geometry literature when applied to polynomials
having a concise representation (as a sum of monomials, or more generally as an
arithmetic formula or a weakly skew circuit). These representations are valid
in any field of characteristic different from 2. In characteristic 2 we are led
to an almost complete solution to a question of B\"urgisser on the
VNP-completeness of the partial permanent. In particular, we show that the
partial permanent cannot be VNP-complete in a finite field of characteristic 2
unless the polynomial hierarchy collapses.Comment: To appear in the AMS Contemporary Mathematics volume on
Randomization, Relaxation, and Complexity in Polynomial Equation Solving,
edited by Gurvits, Pebay, Rojas and Thompso
- …