DOCSLIB.ORG

Low Complexity Pseudorandom Generators and Indistinguishability Obfuscation by Alex Lombardi A.B., Harvard University (2016) A.M., Harvard University (2016)

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Low Complexity Pseudorandom Generators and Indistinguishability Obfuscation by Alex Lombardi A.B., Harvard University (2016) A.M., Harvard University (2016) Low Complexity Pseudorandom Generators and Indistinguishability Obfuscation by Alex Lombardi A.B., Harvard University (2016) A.M., Harvard University (2016) Submitted to the Department of Electrical Engineering and Computer Science in partial fulfillment of the requirements for the degree of Master of Science in Computer Science and Engineering at the MASSACHUSETTS INSTITUTE OF TECHNOLOGY June 2018 0 Massachusetts Institute of Technology 2018. All rights reserved. Signature redacted A uth or ....... ..................... Department of Electrical Engineering and Computer Science Signature redacted May 23, 2018 C ertified by ..... ..................... Vinod Vaikuntanathan Associate Professor of Electrical Engineering and Computer Science Thesis Supervisor Accepted by ....... Signature redacted..................... Leslie A. Kolodziejski Professor of Electrical Engineering and Computer Science Chairman, Department Committee on Graduate Theses MASSACHUSETS INSTITUTE OF TECHNOWOGY- 1 JUN 18 2018 LIBRARIES 4i Low Complexity Pseudorandom Generators and Indistinguishability Obfuscation by Alex Lombardi Submitted to the Department of Electrical Engineering and Computer Science on May 23, 2018, in partial fulfillment of the requirements for the degree of Master of Science in Computer Science and Engineering Abstract In the study of cryptography in NCO, it was previously known that Goldreich's candi- date pseudorandom generator (PRG) is insecure when instantiated with a predicate P in 4 or fewer variables, if one wants to achieve polynomial stretch. On the other hand, there is a standard candidate PRG with locality 5 based on the "tri-sum-and" predicate TSA(x) = XOR3 D AND 2 (X) = X1 E X 2 ( @ X 4 x5 . However, locality is only one complexity measure of a PRG that one could hope to minimize. In this work, we consider the problem of minimizing three other complexity measures of a (local) PRG: decision tree (DT-)complexity, Q-degree (i.e., the degree of P as a polynomial over Q), and the recent notion of blockwise locality (due to Lin and Tessaro). These three complexity measures are all of interest for their possible applications to constructing indistinguishability obfuscation (IO) schemes based on low-degree multilinear maps. Indeed, Lin and Tessaro recently proposed an intriguing candidate IO scheme based on bilinear maps and a non-standard assumption on "Goldreich-like" pseudorandom generators. We obtain both positive and negative results on the existence of low complexity PRGs. First, we give a candidate predicate for Goldreich's PRG with DT-complexity 4 and Q-degree 3. We also show that all predicates with either DT-complexity less than 4 or Q-degree less than 3 yield insecure PRGs, so our candidate predicate simul- taneously achieves the best possible locality, DT-complexity, Q-degree, and F2-degree according to all known attacks. Finally, we show polynomial-time attacks on the blockwise 2-local PRGs required in the Lin-Tessaro work, invalidating the security of their IO and FE candidates based on bilinear maps. Our attack uses tools from the literature on two-source extractors (Chor and Goldreich, SICOMP 1988) and efficient refutation of random 2-XOR instances (Charikar and Wirth, FOCS 2004). Thesis Supervisor: Vinod Vaikuntanathan Title: Associate Professor of Electrical Engineering and Computer Science 3 4 Acknowledgments First of all, I thank my advisor, Vinod Vaikuntanathan, for the incredible amount of encouragement and patience that he has provided since I started working with him. Vinod has also consistently been able to come up with (and help me come up with) intriguing, important, and somehow tractable problems to think about. I have no idea how he (or anyone else) manages this, but I am certainly grateful for it. I would also like to thank Salil Vadhan for taking in a curious math undergraduate who knew nothing about computer science for a summer research project, and for giving extremely good advice thereafter. The discussions I had with Salil, Boaz Barak, and Madhu Sudan during my last two undergraduate years are without a doubt the reason I am studying theoretical computer science. Boaz in addition taught my first course in cryptography, without which I would certainly not be where I am today. My friends in the theory group at MIT CSAIL have been a constant source of inspiration, support, and fun for the last two years. I thank them for that, and I hope that this doesn't change even as we come and go. Finally, I thank my parents, who have been putting up with my nonsense for far longer than everyone else and have handled it remarkably well. 5 6 Contents 1 Introduction 9 1.1 O ur R esults ...... ...... ....... ... 14 1.1.1 Predicates Over the Binary Alphabet .... 15 1.1.2 Predicates Over a Large Alphabet . ..... 16 1.2 Conclusions and Open Questions ..... ..... 20 1.3 Organization ..... .... ..... .... ... 22 2 Preliminaries 23 2.1 Pseudorandom generators .. .. .. .... .. .... ..... 24 2.2 Analysis of Boolean Functions .... ...... .. ......... 25 2.3 A Review of Goldreich's PRG and its Security . .. ......... 26 2.3.1 The Choice of Predicates in Goldreich's PRG . ...... .. 27 2.3.2 Generalization to Blockwise Local PRGs . ..... .... 29 3 Minimizing DT-Complexity and Q-Degree 31 3.1 New Candidate Predicates for Goldreich's PRG .... ....... 32 3.1.1 A Predicate with Decision Tree-Complexity 4 ... ..... 32 3.1.2 A Predicate with Decision-Tree Complexity 4 and Q-degree 3 33 3.2 Predicates with Depth-3 Decision Trees Yield Insecure PRGs .... 35 3.3 Predicates with Q-degree 2 Yield Insecure PRGs ........... 39 4 An Attack on Blockwise 2-Local PRGs 43 4.1 Outline of the Attack .......................... 44 7 4.2 Alphabet Reduction ........................... 46 4.2.1 Limits of Alphabet Reduction .................. 51 4.3 From Small Alphabet Refutation to Large Alphabet Distinguishing . 53 4.3.1 Proof of Theorem 4.3.1 .... .................. 56 4.3.2 Generalization of Theorem 4.3.1 to Multiple Predicates .. 59 8 Chapter 1 Introduction 9 While hard problems occur abundantly in nature, useful hard problems are some- what rare. In particular, to be useful in cryptography, the (conjuctured) hard prob- lems need several additional properties: at the minimum, average-case hardness and the ability to sample hard instances with their solutions (a property that is required for building one-way functions). It is hard enough to come up with cryptographically useful hard problems, but to make our life even harder, we also often want the cryptographic constructions to be as simple as possible. For example, take the case of (cryptographic) pseudorandom generators (PRGs), the object of study in this work. Here, we ask for a functioni G: {0, 1}' -+ {o, 1}' which is: (a) expanding, meaning that m > n and ideally, m is a large polynomial in n; (b) pseudorandom, meaning that G(Un) is computationally indistinguishable from Ur, where U, and Un are uniform distributions on n and m bits, respectively; and (c) simple, meaning that G is computable by a (uniform) NC0 circuit. In a remarkable tour-de-force, Applebaum, Ishai and Kushilevitz [AIK06] showed how to "compile" any PRG computable in a large complexity class, say NC1 , into one that'can be computed in NCO. Their PRGs even had locality as small as 4, meaning that each output bit depends on only 4 input bits. This gave us candidate PRGs under essentially any standard complexity assumption, e.g., the hardness of factoring, that of the decisional Diffie-Hellman problem, the worst-case hardness of approximating shortest vectors in lattices, and so forth. The main deficiency of the AIK work is that even if you start with a PRG with large, polynomial, stretch in NC1 , the compiler only produces a PRG with sub-linear (additive) stretch in NC0 , that is m = n + o(n). Indeed, as Mossel, Shpilka and Trevisan [MST06] showed, there are no PRGs in NC0 with polynomial stretch and locality 4, so in a sense, the [AIK06] construction is nearly optimal. However, we cannot help but ask for more. Polynomial stretch PRGs, also called PPRGs (where m = nc for some c > 1) in NC0 have several applications including 'To be more precise, we ask for a family of functions {Gn}ncN where G, maps n bits to m = m(n) > n bits. 10 secure two-party computation with constant overhead [IKOS08] and more recently, indistinguishability obfuscation (IO) from constant-degree multilinear maps [Lini6a, LV16, AS16, Linl6b, LT17]. PPRGs are much trickier to construct; indeed, our best hope is a candidate con- struction (actually, a family of constructions) first proposed by Goldreich [Gol00] in 2000. Goldreich's generator and its properties in the polynomial stretch regime are the central themes of this paper. Goldreich's Pseudorandom Generator. Goldreich's candidate pseudorandom generator, first introduced in [Gol00] (then as a candidate one-way function), can be instantiated with any k-ary predicate P : {0, 1}k -+ {0, 1} and any k-uniform (directed) hypergraph H on n vertices and m hyperedges. Given H and P, we define a PRG G: {0, 1} - {0, 1} m as follows: Identify each vertex in H with an index in [n] and each hyperedge with an index i C [m]. For each i c [Tm], let FH (i) E k be the sequence of k vertices in the ith hyperedge. Then, Goldreich's PRG is the function from {0, 1} to {0, 1}m defined by GH,P(X) - (P(XrH(i)))j [m] That is, the ith bit of GH,p(x) is the output of P when given the FH(i)-restriction of x as input. For the rest of this paper, we think of k as an absolute constant. Many predicates P : {0, I}k - {0, 1} are
Load more

Recommended publications
  • 2020 SIGACT REPORT SIGACT EC – Eric Allender, Shuchi Chawla, Nicole Immorlica, Samir Khuller (Chair), Bobby Kleinberg September 14Th, 2020
    2020 SIGACT REPORT SIGACT EC – Eric Allender, Shuchi Chawla, Nicole Immorlica, Samir Khuller (chair), Bobby Kleinberg September 14th, 2020 SIGACT Mission Statement: The primary mission of ACM SIGACT (Association for Computing Machinery Special Interest Group on Algorithms and Computation Theory) is to foster and promote the discovery and dissemination of high quality research in the domain of theoretical computer science. The field of theoretical computer science is the rigorous study of all computational phenomena - natural, artificial or man-made. This includes the diverse areas of algorithms, data structures, complexity theory, distributed computation, parallel computation, VLSI, machine learning, computational biology, computational geometry, information theory, cryptography, quantum computation, computational number theory and algebra, program semantics and verification, automata theory, and the study of randomness. Work in this field is often distinguished by its emphasis on mathematical technique and rigor. 1. Awards ▪ 2020 Gödel Prize: This was awarded to Robin A. Moser and Gábor Tardos for their paper “A constructive proof of the general Lovász Local Lemma”, Journal of the ACM, Vol 57 (2), 2010. The Lovász Local Lemma (LLL) is a fundamental tool of the probabilistic method. It enables one to show the existence of certain objects even though they occur with exponentially small probability. The original proof was not algorithmic, and subsequent algorithmic versions had significant losses in parameters. This paper provides a simple, powerful algorithmic paradigm that converts almost all known applications of the LLL into randomized algorithms matching the bounds of the existence proof. The paper further gives a derandomized algorithm, a parallel algorithm, and an extension to the “lopsided” LLL.
    [Show full text]
  • Program Sunday Evening: Welcome Recep- Tion from 7Pm to 9Pm at the Staff Lounge of the Department of Computer Science, Ny Munkegade, Building 540, 2Nd floor
    Computational ELECTRONIC REGISTRATION Complexity The registration for CCC’03 is web based. Please register at http://www.brics.dk/Complexity2003/. Registration Fees (In Danish Kroner) Eighteenth Annual IEEE Conference Advance† Late Members‡∗ 1800 DKK 2200 DKK ∗ Sponsored by Nonmembers 2200 DKK 2800 DKK Students+ 500 DKK 600 DKK The IEEE Computer Society ∗The registration fee includes a copy of the proceedings, Technical Committee on receptions Sunday and Monday, the banquet Wednesday, and lunches Monday, Tuesday and Wednesday. Mathematical Foundations +The registration fee includes a copy of the proceedings, of Computing receptions Sunday and Monday, and lunches Monday, Tuesday and Wednesday. The banquet Wednesday is not included. †The advance registration deadline is June 15. ‡ACM, EATCS, IEEE, or SIGACT members. Extra proceedings/banquet tickets Extra proceedings are 350 DKK. Extra banquet tick- ets are 300 DKK. Both can be purchased when reg- istering and will also be available for sale on site. Alternative registration If electronic registration is not possible, please con- tact the organizers at one of the following: E-mail: [email protected] Mail: Complexity 2003 c/o Peter Bro Miltersen In cooperation with Department of Computer Science University of Aarhus ACM-SIGACT and EATCS Ny Munkegade, Building 540 DK 8000 Aarhus C, Denmark Fax: (+45) 8942 3255 July 7–10, 2003 Arhus,˚ Denmark Conference homepage Conference Information Information about this year’s conference is available Location All sessions of the conference and the on the Web at Kolmogorov workshop will be held in Auditorium http://www.brics.dk/Complexity2003/ F of the Department of Mathematical Sciences at Information about the Computational Complexity Aarhus University, Ny Munkegade, building 530, 1st conference is available at floor.
    [Show full text]
  • SIGACT News Complexity Theory Column 93
    SIGACT News Complexity Theory Column 93 Lane A. Hemaspaandra Dept. of Computer Science University of Rochester Rochester, NY 14627, USA Introduction to Complexity Theory Column 93 This issue This issue features Swastik Kopparty and Shubhangi Saraf's column, \Local Testing and Decoding of High-Rate Error-Correcting Codes." Warmest thanks to the authors for their fascinating, exciting column! Future issues And please stay tuned to future issues' Complexity Theory Columns, for articles by Neeraj Kayal and Chandan Saha (tentative topic: arithmetic circuit lower bounds); Stephen Fenner and Thomas Thierauf (tentative topic: related to the STOC 2016 quasi-NC bipartite perfect matching algorithm of Fenner, Gurjar, and Thierauf); Srinivasan Arunachalam and Ronald de Wolf (tentative topic: quantum machine learning); and Ryan O'Donnell and John Wright (tentative topic: learning and testing quantum states). 2016{2017 As this issue reaches you, the 2016{2017 academic year will be starting. For those of you who are faculty members, I wish you a theorem-filled year, including the treat of working on research with bright graduate and undergraduate students. For those you who are students (bright ones, of course|you're reading this column!), if you are not already working with a faculty member on research and would like to, don't be shy! Even if you're a young undergraduate, it makes a lot of sense to pop by your favorite theory professor's office, and let him or her know what has most interested you so far within theory, if something has (perhaps a nifty article you read by Kopparty and Saraf?), and that you find theory thrilling, if you do (admit it, you do!), and that you'd love to be doing theory research as soon as possible and would deeply appreciate any advice as to what you can do to best make that happen.
    [Show full text]
  • Garbled Protocols and Two-Round MPC from Bilinear Maps
    58th Annual IEEE Symposium on Foundations of Computer Science Garbled Protocols and Two-Round MPC from Bilinear Maps Sanjam Garg Akshayaram Srinivasan Dept. of Computer Science Dept. of Computer Science University of California, Berkeley University of California, Berkeley Berkeley, USA Berkeley, USA Email: [email protected] Email: [email protected] Abstract—In this paper, we initiate the study of garbled (OT) protocol [57], [2], [51], [40] gives an easy solution to protocols — a generalization of Yao’s garbled circuits construc- the problem of (semi-honest) two-round secure computation tion to distributed protocols. More specifically, in a garbled in the two-party setting. However, the same problem for protocol construction, each party can independently generate a garbled protocol component along with pairs of input the multiparty setting turns out to be much harder. Beaver, labels. Additionally, it generates an encoding of its input. The Micali and Rogaway [7] show that garbled circuits can be evaluation procedure takes as input the set of all garbled used to realize a constant round multi-party computation protocol components and the labels corresponding to the input protocol. However, unlike the two-party case, this protocol encodings of all parties and outputs the entire transcript of the is not two rounds. distributed protocol. We provide constructions for garbling arbitrary protocols A. Garbled Protocols based on standard computational assumptions on bilinear maps (in the common random string model). Next, using In this paper, we introduce a generalization of Yao’s garbled protocols we obtain a general compiler that compresses construction from circuits to distributed protocols. We next any arbitrary round multiparty secure computation protocol elaborate on (i) what it means to garble a protocol, (ii) why into a two-round UC secure protocol.
    [Show full text]
  • Onyx: New Encryption and Signature Schemes with Multivariate Public Key in Degree 3
    Onyx: New Encryption and Signature Schemes with Multivariate Public Key in Degree 3 Gilles Macario-Rat1 and Jacques Patarin2 1 Orange, Orange Gardens, 46 avenue de la R´epublique,F-92320 Ch^atillon,France [email protected] 2 Versailles Laboratory of Mathematics, UVSQ, CNRS, University of Paris-Saclay [email protected] Abstract. In this paper, we present a new secret trapdoor function for the design of multivariate schemes that we call \Onyx", suitable for en- cryption and signature. It has been inspired by the schemes presented in [19,20]. From this idea, we present some efficient encryption and signa- ture multivariate schemes with explicit parameters that resist all known attacks. In particular they resist the two main (and often very power- ful) attacks in this area: the Gr¨obner attacks (to compute a solution of the system derived from the public key) and the MinRank attacks (to recover the secret key). Specific attacks due to the properties of the function and its differential are also addressed in this paper. The \Onyx" schemes have public key equations of degree 3. Despite this, the size of the public key may still be reasonable since we can use larger fields and smaller extension degrees. Onyx signatures can be as short as the \birth- day paradox" allows, i.e. twice the security level, or even shorter thanks to the Feistel-Patarin construction, like many other signatures schemes based on multivariate equations. Keywords: public-key cryptography, post-quantum multivariate cryptography, UOV, HFE, Gr¨obnerbasis, MinRank problem, differential attacks. 1 Introduction Many schemes in Multivariate cryptography have been broken.
    [Show full text]
  • Toward Probabilistic Checking Against Non-Signaling Strategies with Constant Locality
    Electronic Colloquium on Computational Complexity, Report No. 144 (2020) Toward Probabilistic Checking against Non-Signaling Strategies with Constant Locality Mohammad Mahdi Jahanara Sajin Koroth Igor Shinkar [email protected] sajin [email protected] [email protected] Simon Fraser University Simon Fraser University Simon Fraser University September 7, 2020 Abstract Non-signaling strategies are a generalization of quantum strategies that have been studied in physics over the past three decades. Recently, they have found applications in theoretical computer science, including to proving inapproximability results for linear programming and to constructing protocols for delegating computation. A central tool for these applications is probabilistically checkable proof (PCPs) systems that are sound against non-signaling strategies. In this paper we show, assuming a certain geometrical hypothesis about noise robustness of non-signaling proofs (or, equivalently, about robustness to noise of solutions to the Sherali- Adams linear program), that a slight variant of the parallel repetition of the exponential-length constant-query PCP construction due to Arora et al. (JACM 1998) is sound against non-signaling strategies with constant locality. Our proof relies on the analysis of the linearity test and agreement test (also known as the direct product test) in the non-signaling setting. Keywords: direct product testing; linearity testing; non-signaling strategies; parallel repetition; proba- bilistically checkable proofs 1 ISSN 1433-8092 Contents 1 Introduction 3 1.1 Informal statement of the result . .5 1.2 Roadmap . .6 2 Preliminaries 6 2.1 Probabilistically Checkable Proofs . .6 2.2 Parallel repetition . .7 2.3 Non-signaling functions . .7 2.4 Permutation folded repeated non-signaling functions .
    [Show full text]
  • UC Berkeley UC Berkeley Electronic Theses and Dissertations
    UC Berkeley UC Berkeley Electronic Theses and Dissertations Title Hardness of Maximum Constraint Satisfaction Permalink https://escholarship.org/uc/item/5x33g1k7 Author Chan, Siu On Publication Date 2013 Peer reviewed|Thesis/dissertation eScholarship.org Powered by the California Digital Library University of California Hardness of Maximum Constraint Satisfaction by Siu On Chan A dissertation submitted in partial satisfaction of the requirements for the degree of Doctor of Philosophy in Computer Science in the Graduate Division of the University of California, Berkeley Committee in charge: Professor Elchanan Mossel, Chair Professor Luca Trevisan Professor Satish Rao Professor Michael Christ Spring 2013 Hardness of Maximum Constraint Satisfaction Creative Commons 3.0 BY: C 2013 by Siu On Chan 1 Abstract Hardness of Maximum Constraint Satisfaction by Siu On Chan Doctor of Philosophy in Computer Science University of California, Berkeley Professor Elchanan Mossel, Chair Maximum constraint satisfaction problem (Max-CSP) is a rich class of combinatorial op- timization problems. In this dissertation, we show optimal (up to a constant factor) NP- hardness for maximum constraint satisfaction problem with k variables per constraint (Max- k-CSP), whenever k is larger than the domain size. This follows from our main result con- cerning CSPs given by a predicate: a CSP is approximation resistant if its predicate contains a subgroup that is balanced pairwise independent. Our main result is related to previous works conditioned on the Unique-Games Conjecture and integrality gaps in sum-of-squares semidefinite programming hierarchies. Our main ingredient is a new gap-amplification technique inspired by XOR-lemmas. Using this technique, we also improve the NP-hardness of approximating Independent-Set on bounded-degree graphs, Almost-Coloring, Two-Prover-One-Round-Game, and various other problems.
    [Show full text]
  • ACM SIGLOG News 1 October 2015, Vol
    Volume 2, Number 4 Published by the Association for Computing Machinery Special Interest Group on Logic and Computation October 2015 SIGLOG news TABLE OF CONTENTS General Information 1 From the Editor Andrzej Murawski 2 Chair's Letter Prakash Panangaden Technical Columns 3 Automata Mikołaj Bojańczyk 16 Verication Neha Rungta Announcements 26 Gödel Prize - Call for Nominations 28 SIGLOG Monthly 175 SIGLOG NEWS Published by the ACM Special Interest Group on Logic and Computation SIGLOG Executive Committee Chair Prakash Panangaden McGill University Vice-Chair Luke Ong University of Oxford Treasurer Natarajan Shankar SRI International Secretary Alexandra Silva Radboud University Nijmegen Catuscia Palamidessi INRIA and LIX, Ecole´ Polytechnique EACSL President Anuj Dawar University of Cambridge EATCS President Luca Aceto Reykjavik University ACM ToCL E-in-C Dale Miller INRIA and LIX, Ecole´ Polytechnique Andrzej Murawski University of Warwick Veronique´ Cortier CNRS and LORIA, Nancy ADVISORY BOARD Mart´ın Abadi Google and UC Santa Cruz Phokion Kolaitis University of California, Santa Cruz Dexter Kozen Cornell University Gordon Plotkin University of Edinburgh Moshe Vardi Rice University COLUMN EDITORS Automata Mikołaj Bojanczyk´ University of Warsaw Complexity Neil Immerman University of Massachusetts Amherst Security and Privacy Matteo Maffei CISPA, Saarland University Semantics Mike Mislove Tulane University Verification Neha Rungta SGT Inc. and NASA Ames Notice to Contributing Authors to SIG Newsletters By submitting your article for distribution
    [Show full text]
  • László Lovász Avi Wigderson of Eötvös Loránd University of the Institute for Advanced Study, in Budapest, Hungary and Princeton, USA
    2021 The Norwegian Academy of Science and Letters has decided to award the Abel Prize for 2021 to László Lovász Avi Wigderson of Eötvös Loránd University of the Institute for Advanced Study, in Budapest, Hungary and Princeton, USA, “for their foundational contributions to theoretical computer science and discrete mathematics, and their leading role in shaping them into central fields of modern mathematics.” Theoretical Computer Science (TCS) is the study of computational lens”. Discrete structures such as the power and limitations of computing. Its roots go graphs, strings, permutations are central to TCS, back to the foundational works of Kurt Gödel, Alonzo and naturally discrete mathematics and TCS Church, Alan Turing, and John von Neumann, leading have been closely allied fields. While both these to the development of real physical computers. fields have benefited immensely from more TCS contains two complementary sub-disciplines: traditional areas of mathematics, there has been algorithm design which develops efficient methods growing influence in the reverse direction as well. for a multitude of computational problems; and Applications, concepts, and techniques from TCS computational complexity, which shows inherent have motivated new challenges, opened new limitations on the efficiency of algorithms. The notion directions of research, and solved important open of polynomial-time algorithms put forward in the problems in pure and applied mathematics. 1960s by Alan Cobham, Jack Edmonds, and others, and the famous P≠NP conjecture of Stephen Cook, László Lovász and Avi Wigderson have been leading Leonid Levin, and Richard Karp had strong impact on forces in these developments over the last decades. the field and on the work of Lovász and Wigderson.
    [Show full text]
  • The Gödel Prize 2020 - Call for Nominatonn
    The Gödel Prize 2020 - Call for Nominatonn Deadline: February 15, 2020 The Gödel Prize for outntanding papern in the area of theoretial iomputer niienie in nponnored jointly by the European Annoiiaton for Theoretial Computer Siienie (EATCS) and the Annoiiaton for Computng Maihinery, Speiial Innterent Group on Algorithmn and Computaton Theory (AC M SInGACT) The award in prenented annually, with the prenentaton taaing plaie alternately at the Innternatonal Colloquium on Automata, Languagen, and Programming (InCALP) and the AC M Symponium on Theory of Computng (STOC) The 28th Gödel Prize will be awarded at the 47th Innternatonal Colloquium on Automata, Languagen, and Programming to be held during 8-12 July, 2020 in Beijing The Prize in named in honour of Kurt Gödel in reiogniton of hin major iontributonn to mathematial logii and of hin interent, diniovered in a leter he wrote to John von Neumann nhortly before von Neumann’n death, in what han beiome the famoun “P vernun NP” quenton The Prize iniluden an award of USD 5,000 Award Committee: The 2020 Award Commitee ionnintn of Samnon Abramnay (Univernity of Oxford), Anuj Dawar (Chair, Univernity of Cambridge), Joan Feigenbaum (Yale Univernity), Robert Krauthgamer (Weizmann Innnttute), Daniel Spielman (Yale Univernity) and David Zuiaerman (Univernity of Texan, Auntn) Eligibility: The 2020 Prize rulen are given below and they nupernede any diferent interpretaton of the generii rule to be found on webniten of both SInGACT and EATCS Any renearih paper or nerien of papern by a ningle author or by
    [Show full text]
  • SETH-Based Lower Bounds for Subset Sum and Bicriteria Path
    SETH-Based Lower Bounds for Subset Sum and Bicriteria Path Amir Abboud1, Karl Bringmann2, Danny Hermelin3, and Dvir Shabtay3 1 Department of Computer Science, Stanford University, CA, USA [email protected] 2 Max Planck Institute for Informatics, Saarland Informatics Campus, Germany [email protected] 3 Department of Industrial Engineering and Management, Ben-Gurion University, Israel [email protected], [email protected] Abstract. Subset Sum and k-SAT are two of the most extensively studied problems in computer science, and conjectures about their hardness are among the cornerstones of fine-grained complexity. An important open problem in this area is to base the hardness of one of these problems on the other. Our main result is a tight reduction from k-SAT to Subset Sum on dense instances, proving that Bellman’s 1962 pseudo-polynomial O∗(T )-time algorithm for Subset Sum on n numbers and target T − cannot be improved to time T 1 ε · 2o(n) for any ε> 0, unless the Strong Exponential Time Hypothesis (SETH) fails. As a corollary, we prove a “Direct-OR” theorem for Subset Sum under SETH, offering a new tool for proving conditional lower bounds: It is now possible to assume that deciding whether one out of N − given instances of Subset Sum is a YES instance requires time (NT )1 o(1). As an application of this corollary, we prove a tight SETH-based lower bound for the classical Bicriteria s,t-Path problem, which is extensively studied in Operations Research. We separate its complexity from that of Subset Sum: On graphs with m edges and edge lengths bounded by L, we show that the O(Lm) pseudo- polynomial time algorithm by Joksch from 1966 cannot be improved to O˜(L + m), in contrast to a recent improvement for Subset Sum (Bringmann, SODA 2017).
    [Show full text]
  • Beating Brute Force for Polynomial Identity Testing of General Depth-3 Circuits
    Electronic Colloquium on Computational Complexity, Report No. 111 (2018) Beating Brute Force for Polynomial Identity Testing of General Depth-3 Circuits V. Arvind∗ Abhranil Chatterjeey Rajit Dattaz Partha Mukhopadhyayx June 4, 2018 Abstract Let C be a depth-3 ΣΠΣ arithmetic circuit of size s, computing a polynomial f 2 F[x1; : : : ; xn] (where F = Q or C) with fan-in of product gates bounded by d. We give a deterministic time 2d poly(n; s) polynomial identity testing algorithm to check whether f ≡ 0 or not. In the case of finite fields, for Char(F) > d we obtain a deterministic algorithm of running time 2γ·d poly(n; s), whereas for Char(F) ≤ d, we obtain a deterministic algorithm of running time 2(γ+2)·d log d poly(n; s) where γ ≤ 5. 1 Introduction Polynomial Identity Testing (PIT ) is the following well-studied algorith- mic problem: Given an arithmetic circuit C computing a polynomial in F[x1; : : : ; xn], determine whether C computes an identically zero polynomial or not. The problem can be presented either in the white-box model or in the black-box model. In the white-box model, the arithmetic circuit is given ex- plicitly as the input. In the black-box model, the arithmetic circuit is given n n black-box access. I.e., the circuit can be evaluated at any point in F (or in F , for a suitable extension field F ). In the last three decades, PIT has played a pivotal role in many important results in complexity theory and algorithms: Pri- mality Testing [AKS04], the PCP Theorem [ALM+98], IP = PSPACE [Sha90], graph matching algorithms [Lov79, MVV87].
    [Show full text]