The Z2\mathbb{Z}_2-genus of Kuratowski minors

A drawing of a graph on a surface is independently even if every pair of nonadjacent edges in the drawing crosses an even number of times. The $\mathbb{Z}_2$-genus of a graph $G$ is the minimum $g$ such that $G$ has an independently even drawing on the orientable surface of genus $g$. An unpublished result by Robertson and Seymour implies that for every $t$, every graph of sufficiently large genus contains as a minor a projective $t\times t$ grid or one of the following so-called $t$-Kuratowski graphs: $K_{3,t}$, or $t$ copies of $K_5$ or $K_{3,3}$ sharing at most $2$ common vertices. We show that the $\mathbb{Z}_2$-genus of graphs in these families is unbounded in $t$; in fact, equal to their genus. Together, this implies that the genus of a graph is bounded from above by a function of its $\mathbb{Z}_2$-genus, solving a problem posed by Schaefer and \v{S}tefankovi\v{c}, and giving an approximate version of the Hanani-Tutte theorem on orientable surfaces. We also obtain an analogous result for Euler genus and Euler $\mathbb{Z}_2$-genus of graphs.Comment: 23 pages, 7 figures; a few references added and correcte

Subtractive Sets over Cyclotomic Rings:Limits of Schnorr-like Arguments over Lattices

We study when (dual) Vandermonde systems of the form ${V}_T^{{(\intercal)}} \cdot \vec{z} = s\cdot \vec{w}$ admit a solution $\vec{z}$ over a ring $\mathcal{R}$, where ${V}_T$ is the Vandermonde matrix defined by a set $T$ and where the slack $s$ is a measure of the quality of solutions. To this end, we propose the notion of $(s,t)$-subtractive sets over a ring $\mathcal{R}$, with the property that if $S$ is $(s,t)$-subtractive then the above (dual) Vandermonde systems defined by any $t$-subset $T \subseteq S$ are solvable over $\mathcal{R}$. The challenge is then to find large sets $S$ while minimising (the norm of) $s$ when given a ring $\mathcal{R}$. By constructing families of $(s,t)$-subtractive sets $S$ of size $n =$ poly over cyclotomic rings $\mathcal{R} = \mathbb{Z}[\zeta_{p^\ell}]$ for prime $p$, we construct Schnorr-like lattice-based proofs of knowledge for the SIS relation ${A} \cdot \vec{x} = s \cdot \vec{y} \bmod q$ with $O(1/n)$ knowledge error, and $s = 1$ in case $p =$ poly. Our technique slots naturally into the lattice Bulletproof framework from Crypto\u2720, producing lattice-based succinct arguments for NP with better parameters. We then give matching impossibility results constraining $n$ relative to $s$, which suggest that our Bulletproof-compatible protocols are optimal unless fundamentally new techniques are discovered. Noting that the knowledge error of lattice Bulletproofs is $\Omega(\log k/n)$ for witnesses in $\mathcal{R}^k$ and subtractive set size $n$, our result represents a barrier to practically efficient lattice-based succinct arguments in the Bulletproof framework. Beyond these main results, the concept of $(s,t)$-subtractive sets bridges group-based threshold cryptography to lattice settings, which we demonstrate by relating it to distributed pseudorandom functions

Black Box White Arrow

The present paper proposes a new and systematic approach to the so-called black box group methods in computational group theory. Instead of a single black box, we consider categories of black boxes and their morphisms. This makes new classes of black box problems accessible. For example, we can enrich black box groups by actions of outer automorphisms. As an example of application of this technique, we construct Frobenius maps on black box groups of untwisted Lie type in odd characteristic (Section 6) and inverse-transpose automorphisms on black box groups encrypting ${\rm (P)SL}_n(\mathbb{F}_q)$. One of the advantages of our approach is that it allows us to work in black box groups over finite fields of big characteristic. Another advantage is explanatory power of our methods; as an example, we explain Kantor's and Kassabov's construction of an involution in black box groups encrypting ${\rm SL}_2(2^n)$. Due to the nature of our work we also have to discuss a few methodological issues of the black box group theory. The paper is further development of our text "Fifty shades of black" [arXiv:1308.2487], and repeats parts of it, but under a weaker axioms for black box groups.Comment: arXiv admin note: substantial text overlap with arXiv:1308.248