67 research outputs found
Relations between automata and the simple k-path problem
Let be a directed graph on vertices. Given an integer , the
SIMPLE -PATH problem asks whether there exists a simple -path in . In
case is weighted, the MIN-WT SIMPLE -PATH problem asks for a simple
-path in of minimal weight. The fastest currently known deterministic
algorithm for MIN-WT SIMPLE -PATH by Fomin, Lokshtanov and Saurabh runs in
time for graphs with integer weights in
the range . This is also the best currently known deterministic
algorithm for SIMPLE k-PATH- where the running time is the same without the
factor. We define to be the set of words of
length whose symbols are all distinct. We show that an explicit
construction of a non-deterministic automaton (NFA) of size for implies an algorithm of running time for MIN-WT SIMPLE -PATH when the weights are
non-negative or the constructed NFA is acyclic as a directed graph. We show
that the algorithm of Kneis et al. and its derandomization by Chen et al. for
SIMPLE -PATH can be used to construct an acylic NFA for of size
.
We show, on the other hand, that any NFA for must be size at least
. We thus propose closing this gap and determining the smallest NFA for
as an interesting open problem that might lead to faster algorithms
for MIN-WT SIMPLE -PATH.
We use a relation between SIMPLE -PATH and non-deterministic xor automata
(NXA) to give another direction for a deterministic algorithm with running time
for SIMPLE -PATH
Fast Algorithms for Parameterized Problems with Relaxed Disjointness Constraints
In parameterized complexity, it is a natural idea to consider different
generalizations of classic problems. Usually, such generalization are obtained
by introducing a "relaxation" variable, where the original problem corresponds
to setting this variable to a constant value. For instance, the problem of
packing sets of size at most into a given universe generalizes the Maximum
Matching problem, which is recovered by taking . Most often, the
complexity of the problem increases with the relaxation variable, but very
recently Abasi et al. have given a surprising example of a problem ---
-Simple -Path --- that can be solved by a randomized algorithm with
running time . That is, the complexity of the
problem decreases with . In this paper we pursue further the direction
sketched by Abasi et al. Our main contribution is a derandomization tool that
provides a deterministic counterpart of the main technical result of Abasi et
al.: the algorithm for -Monomial
Detection, which is the problem of finding a monomial of total degree and
individual degrees at most in a polynomial given as an arithmetic circuit.
Our technique works for a large class of circuits, and in particular it can be
used to derandomize the result of Abasi et al. for -Simple -Path. On our
way to this result we introduce the notion of representative sets for
multisets, which may be of independent interest. Finally, we give two more
examples of problems that were already studied in the literature, where the
same relaxation phenomenon happens. The first one is a natural relaxation of
the Set Packing problem, where we allow the packed sets to overlap at each
element at most times. The second one is Degree Bounded Spanning Tree,
where we seek for a spanning tree of the graph with a small maximum degree
Subspace Polynomials and Cyclic Subspace Codes
Subspace codes have received an increasing interest recently due to their
application in error-correction for random network coding. In particular,
cyclic subspace codes are possible candidates for large codes with efficient
encoding and decoding algorithms. In this paper we consider such cyclic codes
and provide constructions of optimal codes for which their codewords do not
have full orbits. We further introduce a new way to represent subspace codes by
a class of polynomials called subspace polynomials. We present some
constructions of such codes which are cyclic and analyze their parameters
AuroraLight: Improved prover efficiency and SRS size in a Sonic-like system
Using ideas from the recent Aurora zk-STARK of Ben-Sasson et al. [BCRSVW, Eurocrypt 2019], we present a zk-SNARK with a universal and updatable SRS similar to the recent construction of Maller et al. [MBKM, 2019], called .
Compared to , our construction achieves significantly better prover run time (less than half) and smaller SRS size (one sixth). However, we only achieve amortized succinct verification time for batches of proofs, either when the proofs are generated in parallel or in [MBKM]\u27s helper setting, and our proofs are longer than those of [MBKM] (but still contain a number of field and group elements)
On the efficiency of pairing-based proofs under the d-PKE
We investigate the minimal number of group elements and prover running time in a zk-SNARK when using only a symmetric ``linear\u27\u27 knowledge assumption, like the -Power Knowledge of Exponent assumption, rather than a ``quadratic\u27\u27 one as implicitly happens in the most efficient known construction by Groth [Groth16]. The proofs of
[Groth16] contain only 3 group elements.
We present 4 element proofs for quadratic arithmetic programs/rank 1 constraint systems under the -PKE with very similar prover running time to [Groth16]. Central to our construction is a simple lemma for ``batching\u27\u27 knowledge checks, which allows us to save one proof element
On the security of the BCTV Pinocchio zk-SNARK variant
The main result of this note is a severe flaw in the description of the zk-SNARK in [BCTV14].
The flaw stems from including redundant elements in the CRS, as compared to that of the original Pinocchio protocol [PHGR16], which are vital not to expose.
The flaw enables creating a proof of knowledge for *any* public input given a valid proof for *some* public input.
We also provide a proof of security for the [BCTV14] zk-SNARK in the generic group model, when these elements are excluded from the CRS, provided a certain linear algebraic condition is satisfied by the QAP polynomials
Making Groth\u27s zk-SNARK Simulation Extractable in the Random Oracle Model
We describe a variant of Groth\u27s zk-SNARK [Groth, Eurocrypt 2016] that satisfies simulation extractability, which is a strong form of adaptive non-malleability. The proving time is almost identical to [Groth] and requires only two additional group operations. Our proof consists of 5 group elements rather than 3 as in [Groth], and the security proof requires the random oracle model
- β¦