On the Complexity of Computing Two Nonlinearity Measures

We study the computational complexity of two Boolean nonlinearity measures: the nonlinearity and the multiplicative complexity. We show that if one-way functions exist, no algorithm can compute the multiplicative complexity in time $2^{O(n)}$ given the truth table of length $2^n$, in fact under the same assumption it is impossible to approximate the multiplicative complexity within a factor of $(2-\epsilon)^{n/2}$. When given a circuit, the problem of determining the multiplicative complexity is in the second level of the polynomial hierarchy. For nonlinearity, we show that it is #P hard to compute given a function represented by a circuit

The Frequent Items Problem in Online Streaming under Various Performance Measures

In this paper, we strengthen the competitive analysis results obtained for a fundamental online streaming problem, the Frequent Items Problem. Additionally, we contribute with a more detailed analysis of this problem, using alternative performance measures, supplementing the insight gained from competitive analysis. The results also contribute to the general study of performance measures for online algorithms. It has long been known that competitive analysis suffers from drawbacks in certain situations, and many alternative measures have been proposed. However, more systematic comparative studies of performance measures have been initiated recently, and we continue this work, using competitive analysis, relative interval analysis, and relative worst order analysis on the Frequent Items Problem.Comment: IMADA-preprint-c

Online Multi-Coloring with Advice

We consider the problem of online graph multi-coloring with advice. Multi-coloring is often used to model frequency allocation in cellular networks. We give several nearly tight upper and lower bounds for the most standard topologies of cellular networks, paths and hexagonal graphs. For the path, negative results trivially carry over to bipartite graphs, and our positive results are also valid for bipartite graphs. The advice given represents information that is likely to be available, studying for instance the data from earlier similar periods of time.Comment: IMADA-preprint-c

Constructive Relationships Between Algebraic Thickness and Normality

We study the relationship between two measures of Boolean functions; \emph{algebraic thickness} and \emph{normality}. For a function $f$, the algebraic thickness is a variant of the \emph{sparsity}, the number of nonzero coefficients in the unique GF(2) polynomial representing $f$, and the normality is the largest dimension of an affine subspace on which $f$ is constant. We show that for $0 < \epsilon<2$, any function with algebraic thickness $n^{3-\epsilon}$ is constant on some affine subspace of dimension $\Omega\left(n^{\frac{\epsilon}{2}}\right)$. Furthermore, we give an algorithm for finding such a subspace. We show that this is at most a factor of $\Theta(\sqrt{n})$ from the best guaranteed, and when restricted to the technique used, is at most a factor of $\Theta(\sqrt{\log n})$ from the best guaranteed. We also show that a concrete function, majority, has algebraic thickness $\Omega\left(2^{n^{1/6}}\right)$.Comment: Final version published in FCT'201

The Advice Complexity of a Class of Hard Online Problems

The advice complexity of an online problem is a measure of how much knowledge of the future an online algorithm needs in order to achieve a certain competitive ratio. Using advice complexity, we define the first online complexity class, AOC. The class includes independent set, vertex cover, dominating set, and several others as complete problems. AOC-complete problems are hard, since a single wrong answer by the online algorithm can have devastating consequences. For each of these problems, we show that $\log\left(1+(c-1)^{c-1}/c^{c}\right)n=\Theta (n/c)$ bits of advice are necessary and sufficient (up to an additive term of $O(\log n)$) to achieve a competitive ratio of $c$. The results are obtained by introducing a new string guessing problem related to those of Emek et al. (TCS 2011) and B\"ockenhauer et al. (TCS 2014). It turns out that this gives a powerful but easy-to-use method for providing both upper and lower bounds on the advice complexity of an entire class of online problems, the AOC-complete problems. Previous results of Halld\'orsson et al. (TCS 2002) on online independent set, in a related model, imply that the advice complexity of the problem is $\Theta (n/c)$. Our results improve on this by providing an exact formula for the higher-order term. For online disjoint path allocation, B\"ockenhauer et al. (ISAAC 2009) gave a lower bound of $\Omega (n/c)$ and an upper bound of $O((n\log c)/c)$ on the advice complexity. We improve on the upper bound by a factor of $\log c$. For the remaining problems, no bounds on their advice complexity were previously known.Comment: Full paper to appear in Theory of Computing Systems. A preliminary version appeared in STACS 201

Adding Isolated Vertices Makes some Online Algorithms Optimal

An unexpected difference between online and offline algorithms is observed. The natural greedy algorithms are shown to be worst case online optimal for Online Independent Set and Online Vertex Cover on graphs with 'enough' isolated vertices, Freckle Graphs. For Online Dominating Set, the greedy algorithm is shown to be worst case online optimal on graphs with at least one isolated vertex. These algorithms are not online optimal in general. The online optimality results for these greedy algorithms imply optimality according to various worst case performance measures, such as the competitive ratio. It is also shown that, despite this worst case optimality, there are Freckle graphs where the greedy independent set algorithm is objectively less good than another algorithm. It is shown that it is NP-hard to determine any of the following for a given graph: the online independence number, the online vertex cover number, and the online domination number.Comment: A footnote in the .tex file didn't show up in the last version. This was fixe

Online Dominating Set

This paper is devoted to the online dominating set problem and its variants on trees, bipartite, bounded-degree, planar, and general graphs, distinguishing between connected and not necessarily connected graphs. We believe this paper represents the first systematic study of the effect of two limitations of online algorithms: making irrevocable decisions while not knowing the future, and being incremental, i.e., having to maintain solutions to all prefixes of the input. This is quantified through competitive analyses of online algorithms against two optimal algorithms, both knowing the entire input, but only one having to be incremental. We also consider the competitive ratio of the weaker of the two optimal algorithms against the other. In most cases, we obtain tight bounds on the competitive ratios. Our results show that requiring the graphs to be presented in a connected fashion allows the online algorithms to obtain provably better solutions. Furthermore, we get detailed information regarding the significance of the necessary requirement that online algorithms be incremental. In some cases, having to be incremental fully accounts for the online algorithm\u27s disadvantage

Efficient noninteractive certification of RSA moduli and beyond

In many applications, it is important to verify that an RSA public key (N; e) speci es a permutation over the entire space ZN, in order to prevent attacks due to adversarially-generated public keys. We design and implement a simple and e cient noninteractive zero-knowledge protocol (in the random oracle model) for this task. Applications concerned about adversarial key generation can just append our proof to the RSA public key without any other modi cations to existing code or cryptographic libraries. Users need only perform a one-time veri cation of the proof to ensure that raising to the power e is a permutation of the integers modulo N. For typical parameter settings, the proof consists of nine integers modulo N; generating the proof and verifying it both require about nine modular exponentiations. We extend our results beyond RSA keys and also provide e cient noninteractive zero- knowledge proofs for other properties of N, which can be used to certify that N is suitable for the Paillier cryptosystem, is a product of two primes, or is a Blum integer. As compared to the recent work of Auerbach and Poettering (PKC 2018), who provide two-message protocols for similar languages, our protocols are more e cient and do not require interaction, which enables a broader class of applications.https://eprint.iacr.org/2018/057First author draf

Implementing Grover Oracles for Quantum Key Search on AES and LowMC

Grover's search algorithm gives a quantum attack against block ciphers by searching for a key that matches a small number of plaintext-ciphertext pairs. This attack uses $O(\sqrt{N})$ calls to the cipher to search a key space of size $N$. Previous work in the specific case of AES derived the full gate cost by analyzing quantum circuits for the cipher, but focused on minimizing the number of qubits. In contrast, we study the cost of quantum key search attacks under a depth restriction and introduce techniques that reduce the oracle depth, even if it requires more qubits. As cases in point, we design quantum circuits for the block ciphers AES and LowMC. Our circuits give a lower overall attack cost in both the gate count and depth-times-width cost models. In NIST's post-quantum cryptography standardization process, security categories are defined based on the concrete cost of quantum key search against AES. We present new, lower cost estimates for each category, so our work has immediate implications for the security assessment of post-quantum cryptography. As part of this work, we release Q# implementations of the full Grover oracle for AES-128, -192, -256 and for the three LowMC instantiations used in Picnic, including unit tests and code to reproduce our quantum resource estimates. To the best of our knowledge, these are the first two such full implementations and automatic resource estimations.Comment: 36 pages, 8 figures, 14 table