Finding the Median (Obliviously) with Bounded Space

We prove that any oblivious algorithm using space $S$ to find the median of a list of $n$ integers from $\{1,...,2n\}$ requires time $\Omega(n \log\log_S n)$. This bound also applies to the problem of determining whether the median is odd or even. It is nearly optimal since Chan, following Munro and Raman, has shown that there is a (randomized) selection algorithm using only $s$ registers, each of which can store an input value or $O(\log n)$-bit counter, that makes only $O(\log\log_s n)$ passes over the input. The bound also implies a size lower bound for read-once branching programs computing the low order bit of the median and implies the analog of $P \ne NP \cap coNP$ for length $o(n \log\log n)$ oblivious branching programs

On the Cognition of States of Affairs

The theory of speech acts put forward by Adolf Reinach in his "The A Priori Foundations of the Civil Law" of 1913 rests on a systematic account of the ontological structures associated with various different sorts of language use. One of the most original features of Reinach's account lies in hIs demonstration of how the ontological structure of, say, an action of promising or of commanding, may be modified in different ways, yielding different sorts of non-standard instances of the corresponding speech act varieties. The present paper is an attempt to apply this idea of standard and modified instances of ontological structures to the realm of judgement and cognition, and thereby to develop a Reinachian theory of how intentionality is mediated through language in acts of thinking and speaking

The Hilbertian Tensor Norm and Entangled Two-Prover Games

We study tensor norms over Banach spaces and their relations to quantum information theory, in particular their connection with two-prover games. We consider a version of the Hilbertian tensor norm $\gamma_2$ and its dual $\gamma_2^*$ that allow us to consider games with arbitrary output alphabet sizes. We establish direct-product theorems and prove a generalized Grothendieck inequality for these tensor norms. Furthermore, we investigate the connection between the Hilbertian tensor norm and the set of quantum probability distributions, and show two applications to quantum information theory: firstly, we give an alternative proof of the perfect parallel repetition theorem for entangled XOR games; and secondly, we prove a new upper bound on the ratio between the entangled and the classical value of two-prover games.Comment: 33 pages, some of the results have been obtained independently in arXiv:1007.3043v2, v2: an error in Theorem 4 has been corrected; Section 6 rewritten, v3: completely rewritten in order to improve readability; title changed; references added; published versio

Optimal networks for Quantum Metrology: semidefinite programs and product rules

We investigate the optimal estimation of a quantum process that can possibly consist of multiple time steps. The estimation is implemented by a quantum network that interacts with the process by sending an input and processing the output at each time step. We formulate the search of the optimal network as a semidefinite program and use duality theory to give an alternative expression for the maximum payoff achieved by estimation. Combining this formulation with a technique devised by Mittal and Szegedy we prove a general product rule for the joint estimation of independent processes, stating that the optimal joint estimation can achieved by estimating each process independently, whenever the figure of merit is of a product form. We illustrate the result in several examples and exhibit counterexamples showing that the optimal joint network may not be the product of the optimal individual networks if the processes are not independent or if the figure of merit is not of the product form. In particular, we show that entanglement can reduce by a factor K the variance in the estimation of the sum of K independent phase shifts.Comment: 19 pages, no figures, published versio

Multi-Input Functional Encryption with Unbounded-Message Security

Multi-input functional encryption (MIFE) was introduced by Goldwasser \emph{et al.} (EUROCRYPT 2014) as a compelling extension of functional encryption. In MIFE, a receiver is able to compute a joint function of multiple, independently encrypted plaintexts. Goldwasser \emph{et al.} (EUROCRYPT 2014) show various applications of MIFE to running SQL queries over encrypted databases, computing over encrypted data streams, etc. The previous constructions of MIFE due to Goldwasser \emph{et al.} (EUROCRYPT 2014) based on indistinguishability obfuscation had a major shortcoming: it could only support encrypting an \emph{a priori bounded} number of message. Once that bound is exceeded, security is no longer guaranteed to hold. In addition, it could only support \emph{selective-security}, meaning that the challenge messages and the set of ``corrupted\u27\u27 encryption keys had to be declared by the adversary up-front. In this work, we show how to remove these restrictions by relying instead on \emph{sub-exponentially secure} indistinguishability obfuscation. This is done by carefully adapting an alternative MIFE scheme of Goldwasser \emph{et al.} that previously overcame these shortcomings (except for selective security wrt.~the set of ``corrupted\u27\u27 encryption keys) by relying instead on differing-inputs obfuscation, which is now seen as an implausible assumption. Our techniques are rather generic, and we hope they are useful in converting other constructions using differing-inputs obfuscation to ones using sub-exponentially secure indistinguishability obfuscation instead

Amplifying the Security of Functional Encryption, Unconditionally

Security amplification is a fundamental problem in cryptography. In this work, we study security amplification for functional encryption (FE). We show two main results: 1) For any constant epsilon in (0,1), we can amplify any FE scheme for P/poly which is epsilon-secure against all polynomial sized adversaries to a fully secure FE scheme for P/poly, unconditionally. 2) For any constant epsilon in (0,1), we can amplify any FE scheme for P/poly which is epsilon-secure against subexponential sized adversaries to a fully subexponentially secure FE scheme for P/poly, unconditionally. Furthermore, both of our amplification results preserve compactness of the underlying FE scheme. Previously, amplification results for FE were only known assuming subexponentially secure LWE. Along the way, we introduce a new form of homomorphic secret sharing called set homomorphic secret sharing that may be of independent interest. Additionally, we introduce a new technique, which allows one to argue security amplification of nested primitives, and prove a general theorem that can be used to analyze the security amplification of parallel repetitions

On Tightly Secure Primitives in the Multi-Instance Setting

We initiate the study of general tight reductions in cryptography. There already exist a variety of works that offer tight reductions for a number of cryptographic tasks, ranging from encryption and signature schemes to proof systems. However, our work is the first to provide a universal definition of a tight reduction (for arbitrary primitives), along with several observations and results concerning primitives for which tight reductions have not been known. Technically, we start from the general notion of reductions due to Reingold, Trevisan, and Vadhan (TCC 2004), and equip it with a quantification of the respective reduction loss, and a canonical multi-instance extension to primitives. We then revisit several standard reductions whose tight security has not yet been considered. For instance, we revisit a generic construction of signature schemes from one-way functions, and show how to tighten the corresponding reduction by assuming collision-resistance from the used one-way function. We also obtain tightly secure pseudorandom generators (by using suitable rerandomisable hard-core predicates), and tightly secure lossy trapdoor functions