327 research outputs found
Small space analogues of Valiant\u27s classes and the limitations of skew formula
In the uniform circuit model of computation, the width of a boolean
circuit exactly characterises the ``space\u27\u27 complexity of the
computed function. Looking for a similar relationship in Valiant\u27s
algebraic model of computation, we propose width of an arithmetic
circuit as a possible measure of space. We introduce the class
VL as an algebraic variant of deterministic log-space L. In
the uniform setting, we show that our definition coincides with that
of VPSPACE at polynomial width.
Further, to define algebraic variants of non-deterministic
space-bounded classes, we introduce the notion of ``read-once\u27\u27
certificates for arithmetic circuits. We show that polynomial-size
algebraic branching programs can be expressed as a read-once
exponential sum over polynomials in VL, ie
.
We also show that , ie
VBPs are stable under read-once exponential sums. Further, we
show that read-once exponential sums over a restricted class of
constant-width arithmetic circuits are within VQP, and this is the
largest known such subclass of poly-log-width circuits with this
property.
We also study the power of skew formulas and show that exponential
sums of a skew formula cannot represent the determinant polynomial
Processing Succinct Matrices and Vectors
We study the complexity of algorithmic problems for matrices that are
represented by multi-terminal decision diagrams (MTDD). These are a variant of
ordered decision diagrams, where the terminal nodes are labeled with arbitrary
elements of a semiring (instead of 0 and 1). A simple example shows that the
product of two MTDD-represented matrices cannot be represented by an MTDD of
polynomial size. To overcome this deficiency, we extended MTDDs to MTDD_+ by
allowing componentwise symbolic addition of variables (of the same dimension)
in rules. It is shown that accessing an entry, equality checking, matrix
multiplication, and other basic matrix operations can be solved in polynomial
time for MTDD_+-represented matrices. On the other hand, testing whether the
determinant of a MTDD-represented matrix vanishes PSPACE$-complete, and the
same problem is NP-complete for MTDD_+-represented diagonal matrices. Computing
a specific entry in a product of MTDD-represented matrices is #P-complete.Comment: An extended abstract of this paper will appear in the Proceedings of
CSR 201
On Annihilators of Explicit Polynomial Maps
We study the algebraic complexity of annihilators of polynomials maps. In
particular, when a polynomial map is `encoded by' a small algebraic circuit, we
show that the coefficients of an annihilator of the map can be computed in
PSPACE. Even when the underlying field is that of reals or complex numbers, an
analogous statement is true. We achieve this by using the class VPSPACE that
coincides with computability of coefficients in PSPACE, over integers.
As a consequence, we derive the following two conditional results. First, we
show that a VP-explicit hitting set generator for all of VP would separate
either VP from VNP, or non-uniform P from PSPACE. Second, in relation to
algebraic natural proofs, we show that proving an algebraic natural proofs
barrier would imply either VP VNP or DSPACE()
P
Real Interactive Proofs for VPSPACE
We study interactive proofs in the framework of real number complexity as introduced by Blum, Shub, and Smale. The ultimate goal is to give a Shamir like characterization of the real counterpart IP_R of classical IP. Whereas classically Shamir\u27s result implies IP = PSPACE = PAT = PAR, in our framework a major difficulty arises from the fact that in contrast to Turing complexity theory the real number classes PAR_R and PAT_R differ and space resources considered alone are not meaningful. It is not obvious to see whether IP_R is characterized by one of them - and if so by which.
In recent work the present authors established an upper bound IP_R is a subset of MA(Exists)R, where MA(Exists)R is a complexity class satisfying PAR_R is a strict subset of MA(Exists)R, which is a subset of PAT_R and conjectured to be different from PAT_R. The goal of the present paper is to complement this result and to prove interesting lower bounds for IP_R. More precisely, we design interactive real protocols for a large class of functions introduced by Koiran and Perifel and denoted by UniformVSPACE^0. As consequence, we show PAR_R is a subset of IP_R, which in particular implies co-NP_R is a subset of IP_R, and P_R^{Res} is a subset of IP_R, where Res denotes certain multivariate Resultant polynomials.
Our proof techniques are guided by the question in how far Shamir\u27s classical proof can be used as well in the real number setting. Towards this aim results by Koiran and Perifel on UniformVSPACE^0 are extremely helpful
On a New, Efficient Framework for Falsifiable Non-interactive Zero-Knowledge Arguments
Et kunnskapslÞst bevis er en protokoll mellom en bevisfÞrer og en attestant. BevisfÞreren har som mÄl Ä overbevise attestanten om at visse utsagn er korrekte, som besittelse av kortnummeret til et gyldig kredittkort, uten Ä avslÞre noen private opplysninger, som for eksempel kortnummeret selv. I mange anvendelser er det Þnskelig Ä bruke IIK-bevis (Ikke-interaktive kunnskapslÞse bevis), der bevisfÞreren produserer kun en enkelt melding som kan bekreftes av mange attestanter.
En ulempe er at sikre IIK-bevis for ikke-trivielle sprÄk kun kan eksistere ved tilstedevÊrelsen av en pÄlitelig tredjepart som beregner en felles referansestreng som blir gjort tilgjengelig for bÄde bevisfÞreren og attestanten. NÄr ingen slik part eksisterer liter man av og til pÄ ikke-interaktiv vitne-uskillbarhet, en svakere form for personvern. Studiet av effektive og sikre IIK-bevis er en kritisk del av kryptografi som har blomstret opp i det siste grunnet anvendelser i blokkjeder.
I den fÞrste artikkelen konstruerer vi et nytt IIK-bevis for sprÄkene som bestÄr av alle felles nullpunkter for en endelig mengde polynomer over en endelig kropp. Vi demonstrerer nytteverdien av beviset ved flerfoldige eksempler pÄ anvendelser. SÊrlig verdt Ä merke seg er at det er mulig Ä gÄ nesten automatisk fra en beskrivelse av et sprÄk pÄ et hÞyt nivÄ til definisjonen av IIK-beviset, som minsker behovet for dedikert kryptografisk ekspertise. I den andre artikkelen konstruerer vi et IIV-bevis ved Ä bruke en ny kompilator. Vi utforsker begrepet Kunnskapslydighet (et sterkere sikkerhetsbegrep enn lydighet) for noen konstruksjoner av IIK-bevis. I den tredje artikkelen utvider vi arbeidet fra den fÞrste artikkelen ved Ä konstruere et nytt IIK-bevis for mengde-medlemskap som lar oss bevise at et element ligger, eller ikke ligger, i den gitte mengden.
Flere nye konstruksjoner har bedre effektivitet sammenlignet med allerede kjente konstruksjoner.A zero-knowledge proof is a protocol between a prover, and a verifier. The prover aims to convince the verifier of the truth of some statement, such as possessing credentials for a valid credit card, without revealing any private information, such as the credentials themselves. In many applications, it is desirable to use NIZKs (Non-Interactive Zero Knowledge) proofs, where the prover sends outputs only a single message that can be verified by many verifiers.
As a drawback, secure NIZKs for non-trivial languages can only exist in the presence of a trusted third party that computes a common reference string and makes it available to both the prover and verifier. When no such party exists, one sometimes relies on non interactive witness indistinguishability (NIWI), a weaker notion of privacy. The study of efficient and secure NIZKs is a crucial part of cryptography that has been thriving recently due to blockchain applications.
In the first paper, we construct a new NIZK for the language of common zeros of a finite set of polynomials over a finite field. We demonstrate its usefulness by giving a large number of example applications. Notably, it is possible to go from a high-level language description to the definition of the NIZK almost automatically, lessening the need for dedicated cryptographic expertise. In the second paper, we construct a NIWI using a new compiler. We explore the notion of Knowledge Soundness (a security notion stronger than soundness) of some NIZK constructions. In the third paper, we extended the first paperâs work by constructing a new set (non-)membership NIZK that allows us to prove that an element belongs or does not belong to the given set.
Many new constructions have better efficiency compared to already-known constructions.Doktorgradsavhandlin
- âŠ