113 research outputs found
More on a problem of Zarankiewicz
We show tight necessary and sufficient conditions on the sizes of small bipartite graphs whose union is a larger bipartite graph that has no large bipartite independent set. Our main result is a common generalization of two classical results in graph theory: the theorem of Kovari, Sos and Turan on the minimum number of edges in a bipartite graph that has no large independent set, and the theorem of Hansel (also Katona and Szemeredi and Krichevskii) on the sum of the sizes of bipartite graphs that can be used to construct a graph (non-necessarily bipartite) that has no large independent set. Our results unify the underlying combinatorial principles developed in the proof of tight lower bounds for depth-two superconcentrators
Nullstellensatz Size-Degree Trade-offs from Reversible Pebbling
We establish an exactly tight relation between reversible pebblings of graphs
and Nullstellensatz refutations of pebbling formulas, showing that a graph
can be reversibly pebbled in time and space if and only if there is a
Nullstellensatz refutation of the pebbling formula over in size and
degree (independently of the field in which the Nullstellensatz refutation
is made). We use this correspondence to prove a number of strong size-degree
trade-offs for Nullstellensatz, which to the best of our knowledge are the
first such results for this proof system
Lower Bounds for Matrix Factorization
We study the problem of constructing explicit families of matrices which
cannot be expressed as a product of a few sparse matrices. In addition to being
a natural mathematical question on its own, this problem appears in various
incarnations in computer science; the most significant being in the context of
lower bounds for algebraic circuits which compute linear transformations,
matrix rigidity and data structure lower bounds.
We first show, for every constant , a deterministic construction in
subexponential time of a family of matrices which cannot
be expressed as a product where the total sparsity of
is less than . In other words, any depth-
linear circuit computing the linear transformation has size at
least . This improves upon the prior best lower bounds for
this problem, which are barely super-linear, and were obtained by a long line
of research based on the study of super-concentrators (albeit at the cost of a
blow up in the time required to construct these matrices).
We then outline an approach for proving improved lower bounds through a
certain derandomization problem, and use this approach to prove asymptotically
optimal quadratic lower bounds for natural special cases, which generalize many
of the common matrix decompositions
Approximating Cumulative Pebbling Cost Is Unique Games Hard
The cumulative pebbling complexity of a directed acyclic graph is defined
as , where the minimum is taken over all
legal (parallel) black pebblings of and denotes the number of
pebbles on the graph during round . Intuitively, captures
the amortized Space-Time complexity of pebbling copies of in parallel.
The cumulative pebbling complexity of a graph is of particular interest in
the field of cryptography as is tightly related to the
amortized Area-Time complexity of the Data-Independent Memory-Hard Function
(iMHF) [AS15] defined using a constant indegree directed acyclic
graph (DAG) and a random oracle . A secure iMHF should have
amortized Space-Time complexity as high as possible, e.g., to deter brute-force
password attacker who wants to find such that . Thus, to
analyze the (in)security of a candidate iMHF , it is crucial to
estimate the value but currently, upper and lower bounds for
leading iMHF candidates differ by several orders of magnitude. Blocki and Zhou
recently showed that it is -Hard to compute , but
their techniques do not even rule out an efficient
-approximation algorithm for any constant . We
show that for any constant , it is Unique Games hard to approximate
to within a factor of .
(See the paper for the full abstract.)Comment: 28 pages, updated figures and corrected typo
Understanding space in resolution: optimal lower bounds and exponential trade-offs
We continue the study of tradeoffs between space and length of
resolution proofs and focus on two new results:
begin{enumerate}
item
We show that length and space in resolution are uncorrelated. This
is proved by exhibiting families of CNF formulas of size that
have proofs of length but require space . Our
separation is the strongest possible since any proof of length
can always be transformed into a proof in space , and
improves previous work reported in [Nordstr"{o}m 2006, Nordstr"{o}m and
H{aa}stad 2008].
item We prove a number of trade-off results for space in the range
from constant to , most of them superpolynomial or even
exponential. This is a dramatic improvement over previous results in
[Ben-Sasson 2002, Hertel and Pitassi 2007, Nordstr"{o}m 2007].
end{enumerate}
The key to our results is the following, somewhat surprising, theorem:
Any CNF formula can be transformed by simple substitution
transformation into a new formula such that if has the right
properties, can be proven in resolution in essentially the same
length as but the minimal space needed for is lower-bounded
by the number of variables that have to be mentioned simultaneously in
any proof for . Applying this theorem to so-called pebbling
formulas defined in terms of pebble games over directed acyclic graphs
and analyzing black-white pebbling on these graphs yields our results
A New Connection Between Node and Edge Depth Robust Graphs
Given a directed acyclic graph (DAG) G = (V,E), we say that G is (e,d)-depth-robust (resp. (e,d)-edge-depth-robust) if for any set S ? V (resp. S ? E) of at most |S| ? e nodes (resp. edges) the graph G-S contains a directed path of length d. While edge-depth-robust graphs are potentially easier to construct many applications in cryptography require node depth-robust graphs with small indegree. We create a graph reduction that transforms an (e, d)-edge-depth-robust graph with m edges into a (e/2,d)-depth-robust graph with O(m) nodes and constant indegree. One immediate consequence of this result is the first construction of a provably ((n log log n)/log n, n/{(log n)^{1 + log log n}})-depth-robust graph with constant indegree, where previous constructions for e = (n log log n)/log n had d = O(n^{1-?}). Our reduction crucially relies on ST-Robust graphs, a new graph property we introduce which may be of independent interest. We say that a directed, acyclic graph with n inputs and n outputs is (k?, k?)-ST-Robust if we can remove any k? nodes and there exists a subgraph containing at least k? inputs and k? outputs such that each of the k? inputs is connected to all of the k? outputs. If the graph if (k?,n-k?)-ST-Robust for all k? ? n we say that the graph is maximally ST-robust. We show how to construct maximally ST-robust graphs with constant indegree and O(n) nodes. Given a family ? of ST-robust graphs and an arbitrary (e, d)-edge-depth-robust graph G we construct a new constant-indegree graph Reduce(G, ?) by replacing each node in G with an ST-robust graph from ?. We also show that ST-robust graphs can be used to construct (tight) proofs-of-space and (asymptotically) improved wide-block labeling functions
RiffleScrambler - a memory-hard password storing function
We introduce RiffleScrambler: a new family of directed acyclic graphs and a
corresponding data-independent memory hard function with password independent
memory access. We prove its memory hardness in the random oracle model.
RiffleScrambler is similar to Catena -- updates of hashes are determined by a
graph (bit-reversal or double-butterfly graph in Catena). The advantage of the
RiffleScrambler over Catena is that the underlying graphs are not predefined
but are generated per salt, as in Balloon Hashing. Such an approach leads to
higher immunity against practical parallel attacks. RiffleScrambler offers
better efficiency than Balloon Hashing since the in-degree of the underlying
graph is equal to 3 (and is much smaller than in Ballon Hashing). At the same
time, because the underlying graph is an instance of a Superconcentrator, our
construction achieves the same time-memory trade-offs.Comment: Accepted to ESORICS 201
- …