Relations between automata and the simple k-path problem

Let $G$ be a directed graph on $n$ vertices. Given an integer $k<=n$, the SIMPLE $k$-PATH problem asks whether there exists a simple $k$-path in $G$. In case $G$ is weighted, the MIN-WT SIMPLE $k$-PATH problem asks for a simple $k$-path in $G$ of minimal weight. The fastest currently known deterministic algorithm for MIN-WT SIMPLE $k$-PATH by Fomin, Lokshtanov and Saurabh runs in time $O(2.851^k\cdot n^{O(1)}\cdot \log W)$ for graphs with integer weights in the range $[-W,W]$. This is also the best currently known deterministic algorithm for SIMPLE k-PATH- where the running time is the same without the $\log W$ factor. We define $L_k(n)\subseteq [n]^k$ to be the set of words of length $k$ whose symbols are all distinct. We show that an explicit construction of a non-deterministic automaton (NFA) of size $f(k)\cdot n^{O(1)}$ for $L_k(n)$ implies an algorithm of running time $O(f(k)\cdot n^{O(1)}\cdot \log W)$ for MIN-WT SIMPLE $k$-PATH when the weights are non-negative or the constructed NFA is acyclic as a directed graph. We show that the algorithm of Kneis et al. and its derandomization by Chen et al. for SIMPLE $k$-PATH can be used to construct an acylic NFA for $L_k(n)$ of size $O^*(4^{k+o(k)})$. We show, on the other hand, that any NFA for $L_k(n)$ must be size at least $2^k$. We thus propose closing this gap and determining the smallest NFA for $L_k(n)$ as an interesting open problem that might lead to faster algorithms for MIN-WT SIMPLE $k$-PATH. We use a relation between SIMPLE $k$-PATH and non-deterministic xor automata (NXA) to give another direction for a deterministic algorithm with running time $O^*(2^k)$ for SIMPLE $k$-PATH

Fast Algorithms for Parameterized Problems with Relaxed Disjointness Constraints

In parameterized complexity, it is a natural idea to consider different generalizations of classic problems. Usually, such generalization are obtained by introducing a "relaxation" variable, where the original problem corresponds to setting this variable to a constant value. For instance, the problem of packing sets of size at most $p$ into a given universe generalizes the Maximum Matching problem, which is recovered by taking $p=2$. Most often, the complexity of the problem increases with the relaxation variable, but very recently Abasi et al. have given a surprising example of a problem --- $r$-Simple $k$-Path --- that can be solved by a randomized algorithm with running time $O^*(2^{O(k \frac{\log r}{r})})$. That is, the complexity of the problem decreases with $r$. In this paper we pursue further the direction sketched by Abasi et al. Our main contribution is a derandomization tool that provides a deterministic counterpart of the main technical result of Abasi et al.: the $O^*(2^{O(k \frac{\log r}{r})})$ algorithm for $(r,k)$-Monomial Detection, which is the problem of finding a monomial of total degree $k$ and individual degrees at most $r$ in a polynomial given as an arithmetic circuit. Our technique works for a large class of circuits, and in particular it can be used to derandomize the result of Abasi et al. for $r$-Simple $k$-Path. On our way to this result we introduce the notion of representative sets for multisets, which may be of independent interest. Finally, we give two more examples of problems that were already studied in the literature, where the same relaxation phenomenon happens. The first one is a natural relaxation of the Set Packing problem, where we allow the packed sets to overlap at each element at most $r$ times. The second one is Degree Bounded Spanning Tree, where we seek for a spanning tree of the graph with a small maximum degree

Subspace Polynomials and Cyclic Subspace Codes

Subspace codes have received an increasing interest recently due to their application in error-correction for random network coding. In particular, cyclic subspace codes are possible candidates for large codes with efficient encoding and decoding algorithms. In this paper we consider such cyclic codes and provide constructions of optimal codes for which their codewords do not have full orbits. We further introduce a new way to represent subspace codes by a class of polynomials called subspace polynomials. We present some constructions of such codes which are cyclic and analyze their parameters

AuroraLight: Improved prover efficiency and SRS size in a Sonic-like system

Using ideas from the recent Aurora zk-STARK of Ben-Sasson et al. [BCRSVW, Eurocrypt 2019], we present a zk-SNARK with a universal and updatable SRS similar to the recent construction of Maller et al. [MBKM, 2019], called $\mathsf{Sonic}$. Compared to $\mathsf{Sonic}$, our construction achieves significantly better prover run time (less than half) and smaller SRS size (one sixth). However, we only achieve amortized succinct verification time for batches of proofs, either when the proofs are generated in parallel or in [MBKM]\u27s helper setting, and our proofs are longer than those of [MBKM] (but still contain a $\mathit{constant}$ number of field and group elements)

On the efficiency of pairing-based proofs under the d-PKE

We investigate the minimal number of group elements and prover running time in a zk-SNARK when using only a symmetric ``linear\u27\u27 knowledge assumption, like the $d$-Power Knowledge of Exponent assumption, rather than a ``quadratic\u27\u27 one as implicitly happens in the most efficient known construction by Groth [Groth16]. The proofs of [Groth16] contain only 3 group elements. We present 4 element proofs for quadratic arithmetic programs/rank 1 constraint systems under the $d$-PKE with very similar prover running time to [Groth16]. Central to our construction is a simple lemma for ``batching\u27\u27 knowledge checks, which allows us to save one proof element

On the security of the BCTV Pinocchio zk-SNARK variant

The main result of this note is a severe flaw in the description of the zk-SNARK in [BCTV14]. The flaw stems from including redundant elements in the CRS, as compared to that of the original Pinocchio protocol [PHGR16], which are vital not to expose. The flaw enables creating a proof of knowledge for *any* public input given a valid proof for *some* public input. We also provide a proof of security for the [BCTV14] zk-SNARK in the generic group model, when these elements are excluded from the CRS, provided a certain linear algebraic condition is satisfied by the QAP polynomials

Making Groth\u27s zk-SNARK Simulation Extractable in the Random Oracle Model

We describe a variant of Groth\u27s zk-SNARK [Groth, Eurocrypt 2016] that satisfies simulation extractability, which is a strong form of adaptive non-malleability. The proving time is almost identical to [Groth] and requires only two additional group operations. Our proof consists of 5 group elements rather than 3 as in [Groth], and the security proof requires the random oracle model