Non-deterministic Boolean Proof Nets

16 pagesInternational audienceWe introduce Non-deterministic Boolean proof nets to study the correspondence with Boolean circuits, a parallel model of computation. We extend the cut elimination of Non-deterministic Multiplicative Linear logic to a parallel procedure in proof nets. With the restriction of proof nets to Boolean types, we prove that the cut-elimination procedure corresponds to Non-deterministic Boolean circuit evaluation and reciprocally. We obtain implicit characterization of the complexity classes NP and NC (the efficiently parallelizable functions)

Proofs of Space: When Space Is of the Essence

Proofs of computational effort were devised to control denial of service attacks. Dwork and Naor (CRYPTO ’92), for example, proposed to use such proofs to discourage spam. The idea is to couple each email message with a proof of work that demonstrates the sender performed some computational task. A proof of work can be either CPU-bound or memory-bound. In a CPU-bound proof, the prover must compute a CPU-intensive function that is easy to check by the verifier. A memory-bound proof, instead, forces the prover to access the main memory several times, effectively replacing CPU cycles with memory accesses. In this paper we put forward a new concept dubbed proof of space. To compute such a proof, the prover must use a specified amount of space, i.e., we are not interested in the number of accesses to the main memory (as in memory-bound proof of work) but rather on the amount of actual memory the prover must employ to compute the proof. We give a complete and detailed algorithmic description of our model. We develop a comprehensive theoretical analysis which uses combinatorial tools from Complexity Theory (such as pebbling games) which are essential in studying space lower bounds

On the complexity of parallel hardness amplification for one-way functions

Abstract. We prove complexity lower bounds for the tasks of hardness amplification of one-way functions and construction of pseudo-random generators from one-way functions, which are realized non-adaptively in black-box ways. First, we consider the task of converting a one-way function f: {0, 1} n → {0, 1} m into a harder one-way function ¯ f: {0, 1} ¯n → {0, 1} ¯m, with ¯n, ¯m ≤ poly(n), in a black-box way. The hardness is measured as the fraction of inputs any polynomial-size circuit must fail to invert. We show that to use a constant-depth circuit to amplify hardness beyond a polynomial factor, its size must exceed 2 poly(n) , and to amplify hardness beyond a 2 o(n) factor, its size must exceed 2 2o(n). Moreover, for a constant-depth circuit to amplify hardness beyond an n 1+o(1) factor in a security preserving way (with ¯n = O(n)), it size must exceed 2 no(1) Next, we show that if a constant-depth polynomial-size circuit can amplify hardness beyond a polynomial factor in a weakly black-box way, then it must basically embed a hard function in itself. In fact, one can derive from such an amplification procedure a highly parallel one-way function, which is computable by an NC 0 circuit (constant-depth polynomialsize circuit with bounded fan-in gates). Finally, we consider the task of constructing a pseudo-random generator G: {0, 1} ¯n → {0, 1} ¯m from a strongly one-way function f: {0, 1} n → {0, 1} m in a black-box way. We show that any such a construction realized by a constant-depth 2 no(1)-size circuit can only have a sublinear stretch (with ¯m − ¯n = o(¯n)).

Ehrenfeucht-Fraïssé Games on Random Structures

Abstract. Certain results in circuit complexity (e.g., the theorem that AC 0 functions have low average sensitivity [5, 17]) imply the existence of winning strategies in Ehrenfeucht-Fraïssé games on pairs of random structures (e.g., ordered random graphs G = G(n, 1/2) and G + = G ∪ {random edge}). Standard probabilistic methods in circuit complexity (e.g., the Switching Lemma [11] or Razborov-Smolensky Method [19, 21]), however, give no information about how a winning strategy might look. In this paper, we attempt to identify specific winning strategies in these games (as explicitly as possible). For random structures G and G +, we prove that the composition of minimal strategies in r-round Ehrenfeucht-Fraïssé games �r(G, G) and�r(G +,G +)isalmostsurely a winning strategy in the game �r(G, G +). We also examine a result of [20] that ordered random graphs H = G(n, p) andH + = H ∪{random k-clique} with p(n) ≪ n −2/(k−1) (below the k-clique threshold) are almost surely indistinguishable by ⌊k/4⌋-variable first-order sentences of any fixed quantifier-rank r. Wedescribeawinningstrategyinthecorresponding r-round ⌊k/4⌋-pebble game using a technique that combines strategies from several auxiliary games.

Uniform Circuits & Boolean Proof Nets

21 pagesInternational audienceThe relationship between Boolean proof nets of multiplicative linear logic (APN) and Boolean circuits has been studied [Ter04] in a non-uniform setting. We refine this results by taking care of uniformity: the relationship can be expressed in term of the (Turing) polynomial hierarchy. We give a proofs-as-programs correspondence between proof nets and deterministic as well as non-deterministic Boolean circuits with a uniform depth-preserving simulation of each other. The Boolean proof nets class m&BN(poly) is built on multiplicative and additive linear logic with a polynomial amount of additive connectives as the non-deterministic circuit class NNC(poly) is with non-deterministic variables. We obtain uniform-APN = NC and m&BN(poly) = NNC(poly) = N

Uniform circuits, & Boolean proof nets

The relationship between Boolean proof nets of multiplicative linear logic (APN) and Boolean circuits has been studied [Ter04] in a non-uniform setting. We refine the results taking care of uniformity: the relationship can be expressed in term of the (Turing) polynomial hierarchy. We give a proofs-as-programs correspondence between proof nets and deterministic as well as non-deterministic Boolean circuits with a uniform depth-preserving simulation of each other. The Boolean proof nets class m&BN(poly) is built on multiplicative and additive linear logic with a polynomial amount of additive connectives as the nondeterministic circuit class NNC(poly) is with non-deterministic variables. We obtain uniform-APN = NC and m&BN(poly) = NNC(poly) = NP

TANGGUNG JAWAB NEGARA TERHADAP PELARANGAN MENYELURUH RANJAU ANTI-PERSONEL DI INDONESIA DALAM KONFLIK BERSENJATA DI ACEH

Banda Ace

Linear Integer Secret Sharing and Distributed Exponentiation

We introduce the notion of Linear Integer Secret-Sharing (LISS) schemes, and show constructions of such schemes for any access structure. We show that any LISS scheme can be used to build a secure distributed protocol for exponentiation in any group. This implies, for instance, distributed RSA protocols for arbitrary access structures and with arbitrary public exponents

Polynomial Equivalence Problems: Algorithmic and Theoretical Aspects

Abstract. The Isomorphism of Polynomials (IP) [28], which is the main concern of this paper, originally corresponds to the problem of recovering the secret key of a C ∗ scheme [26]. Besides, the security of various other schemes (signature, authentication [28], traitor tracing [5],...) also depends on the practical hardness of IP. Due to its numerous applications, the Isomorphism of Polynomials is thus one of the most fundamental problems in multivariate cryptography. In this paper, we address two complementary aspects of IP, namely its theoretical and practical difficulty. We present an upper bound on the theoretical complexity of “IP-like ” problems, i.e. a problem consisting in recovering a particular transformation between two sets of multivariate polynomials. We prove that these problems are not NP-Hard (provided that the polynomial hierarchy does not collapse). Concerning the practical aspect, we present a new algorithm for solving IP. In a nutshell, the idea is to generate a suitable algebraic system of equations whose zeroes correspond to a solution of IP. From a practical point of view, we employed a fast Gröbner basis algorithm, namely F5 [17], for solving this system. This approach is efficient in practice and obliges to modify the current security criteria for IP. We have indeed broken several challenges proposed in literature [28, 29,5]. For instance, we solved a challenge proposed by O. Billet and H. Gilbert at Asiacrypt’03 [5] in less than one second