4,860 research outputs found

    Two new results about quantum exact learning

    Get PDF
    We present two new results about exact learning by quantum computers. First, we show how to exactly learn a kk-Fourier-sparse nn-bit Boolean function from O(k1.5(logk)2)O(k^{1.5}(\log k)^2) uniform quantum examples for that function. This improves over the bound of Θ~(kn)\widetilde{\Theta}(kn) uniformly random classical examples (Haviv and Regev, CCC'15). Our main tool is an improvement of Chang's lemma for the special case of sparse functions. Second, we show that if a concept class C\mathcal{C} can be exactly learned using QQ quantum membership queries, then it can also be learned using O(Q2logQlogC)O\left(\frac{Q^2}{\log Q}\log|\mathcal{C}|\right) classical membership queries. This improves the previous-best simulation result (Servedio and Gortler, SICOMP'04) by a logQ\log Q-factor.Comment: v3: 21 pages. Small corrections and clarification

    PPP-Completeness with Connections to Cryptography

    Get PDF
    Polynomial Pigeonhole Principle (PPP) is an important subclass of TFNP with profound connections to the complexity of the fundamental cryptographic primitives: collision-resistant hash functions and one-way permutations. In contrast to most of the other subclasses of TFNP, no complete problem is known for PPP. Our work identifies the first PPP-complete problem without any circuit or Turing Machine given explicitly in the input, and thus we answer a longstanding open question from [Papadimitriou1994]. Specifically, we show that constrained-SIS (cSIS), a generalized version of the well-known Short Integer Solution problem (SIS) from lattice-based cryptography, is PPP-complete. In order to give intuition behind our reduction for constrained-SIS, we identify another PPP-complete problem with a circuit in the input but closely related to lattice problems. We call this problem BLICHFELDT and it is the computational problem associated with Blichfeldt's fundamental theorem in the theory of lattices. Building on the inherent connection of PPP with collision-resistant hash functions, we use our completeness result to construct the first natural hash function family that captures the hardness of all collision-resistant hash functions in a worst-case sense, i.e. it is natural and universal in the worst-case. The close resemblance of our hash function family with SIS, leads us to the first candidate collision-resistant hash function that is both natural and universal in an average-case sense. Finally, our results enrich our understanding of the connections between PPP, lattice problems and other concrete cryptographic assumptions, such as the discrete logarithm problem over general groups

    Intersecting Families of Permutations

    Full text link
    A set of permutations ISnI \subset S_n is said to be {\em k-intersecting} if any two permutations in II agree on at least kk points. We show that for any kNk \in \mathbb{N}, if nn is sufficiently large depending on kk, then the largest kk-intersecting subsets of SnS_n are cosets of stabilizers of kk points, proving a conjecture of Deza and Frankl. We also prove a similar result concerning kk-cross-intersecting subsets. Our proofs are based on eigenvalue techniques and the representation theory of the symmetric group.Comment: 'Erratum' section added. Yuval Filmus has recently pointed out that the 'Generalised Birkhoff theorem', Theorem 29, is false for k > 1, and so is Theorem 27 for k > 1. An alternative proof of the equality part of the Deza-Frankl conjecture is referenced, bypassing the need for Theorems 27 and 2

    A new class of codes for Boolean masking of cryptographic computations

    Full text link
    We introduce a new class of rate one-half binary codes: {\bf complementary information set codes.} A binary linear code of length 2n2n and dimension nn is called a complementary information set code (CIS code for short) if it has two disjoint information sets. This class of codes contains self-dual codes as a subclass. It is connected to graph correlation immune Boolean functions of use in the security of hardware implementations of cryptographic primitives. Such codes permit to improve the cost of masking cryptographic algorithms against side channel attacks. In this paper we investigate this new class of codes: we give optimal or best known CIS codes of length <132.<132. We derive general constructions based on cyclic codes and on double circulant codes. We derive a Varshamov-Gilbert bound for long CIS codes, and show that they can all be classified in small lengths 12\le 12 by the building up construction. Some nonlinear permutations are constructed by using Z4\Z_4-codes, based on the notion of dual distance of an unrestricted code.Comment: 19 pages. IEEE Trans. on Information Theory, to appea
    corecore