DOCSLIB.ORG

Interactive Proof Systems and Alternating Time-Space

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

INTERACTIVE PROOF SYSTEMS AND ALTERNATING TIMESPACE COMPLEXITY Lance Fortnow Carsten Lund University of Chicago Dept of Computer Science E th Street Chicago IL Abstract We show a rough equivalence b etween alternating timespace complexity and a publiccoin interactive pro of system with the verier having a p olynomial related timespace complexity Sp ecial cases include All of NC has interactive pro ofs with a logspace p olynomialtime publiccoin verier vastly improving the b est previous lower b ound of LOGCFL for this mo del All languages in P have interactive pro ofs with a p olynomialtime publiccoin verier using olog n space All exp onentialtime languages have interactive pro of systems with publiccoin p olynomialspace exp onentialtime veriers To achieve b etter b ounds we show how to reduce a k tap e alternat ing Turing machine to a tap e alternating Turing machine with only a constant factor increase in time and space Intro duction In Chandra Kozen and Sto ckmeyer intro duced alternating Tur ing machines an extension of nondeterministic computation where the Turing 1 Supp orted by NSF Grant CCR 2 Supp orted by a fellowship from the University of Arhus Fortnow Lund machine can make b oth existential and universal moves In Goldwasser Micali and Racko and Babai intro duced interactive pro of systems an extension of nondeterministic computation consisting of two players an in nitely p owerful prover and a probabilistic p olynomialtime verier The prover will try to convince the verier of the validity of some statement However the verier do es not trust the prover and will only accept if the prover manages to convince the verier of the validity of the statement There are some obvious similarities b etween alternating Turing machines and interactive pro of systems In fact Goldwasser and Sipser show the equivalence of interactive pro of systems to a Turing machine alternating b e tween nondeterministic and probabilistic moves However until recently com puter scientists generally b elieved that alternating Turing machines had far more p ower than the interactive pro of systems A series of results by Lund Fortnow Karlo and Nisan and Shamir show that the set of languages accepted by an interactive pro of system equals the class of languages accepted in deterministic p olynomial space Since Chandra Kozen and Sto ckmeyer have shown PSPACE equivalent to the languages accepted by a p olynomialtime alternating Turing machine in this case alternating Turing machine and interactive pro of systems have identical p ower We generalize the work of to show a broader equivalence b etween alternating Turing machines and interactive pro of systems We lo ok at time space complexity rst studied for alternating Turing machines by Ruzzo and for interactive pro of systems by Condon We show a general relationship b etween time and space b ounded alternating Turing machines and time and space b ounded veriers We show that all languages accepted by an interactive pro of system with a tntime snspace b ounded verier can also b e accepted by an alternating Turing machine using tn log tntime and snspace Conversely we show that an interactive pro of system can simulate any tntime snspace alternating Turing machine using a p olynp olytntime and p olysnspace b ounded verier We use this close relationship b etween alternating Turing machine and in teractive pro of systems to show a publiccoin interactive pro of system for all languages in NC with a p olynomialtime logspace verier and a pro of sys tem for all languages in P with a p olynomialtime verier using less then log squared space The previous b est known result by Fortnow and Sipser shows LOGCFL has a publiccoin interactive pro of system with a p olynomial time logspace verier LOGCFL consists of all languages logspace reducible to contextfree languages and is known to lie in NC Interactive Pro ofs We also use these theorems to get strong relationships b etween interac tive pro of systems and deterministic computation similar to the relationships b etween alternating Turing machine and deterministic computation found in With the notable exception of Theorem most of the results in this pap er do not relativize Fortnow and Sipser have shown an oracle A such A that some language in coNP do es not have interactive pro ofs relative to A However our result implies every language in PSPACE has interactive pro ofs Background and Denitions An interactive pro of system consists of a proververier pair P V The prover and verier share a reliable communication tap e and access to an input tap e The verier also has access to his own work tap es and a random bit generator such as a fair coin The prover can b e any function from the messages previously sent to the prover to a p olynomiallength resp onse P and V form an interactive proto col for a language L if If x L then PrP V x accepts If x L then for all P PrP V x accepts Goldwasser Micali and Racko and Babai require the verier com putes in probabilistic p olynomial time and space Lund Fortnow Karlo and Nisan showed an interactive pro of system for every language in the p olynomialtime hierarchy Using their techniques Shamir showed that the set of languages accepted by these interactive pro of systems coincides with the class of languages decidable in deterministic p olynomial space In this pa p er we will examine the complexity of interactive pro of systems with veriers having diering restrictions on time and space In general the verier may use private coins where the prover do es not know what the coin tosses were A publiccoin interactive pro of system allows the prover access to the veriers coin Equivalently we require the veriers messages to consist of exactly the veriers coin tosses since the previous round Goldwasser and Sipser show the class of languages accepted by interactive pro ofs with a p olynomialtime verier do es not dep end on whether the verier uses public or private coins However a dierence b etween private and public coins do es seem to hold for time and space b ounded veriers Condon show that interactive pro of systems with private coins and p olynomialtime logspace veriers can simu late any standard interactive proto col and thus accept any PSPACE language Fortnow Lund However a deterministic p olynomialtime Turing machine can simulate any publiccoin interactive pro of system with a p olynomialtime logspace verier Corollary Thus assuming P PSPACE private coins are strictly more p owerful than public coins in an interactive pro of system with a time and space b ounded verier In this pap er we study the complexity of the publiccoin interactive pro of system mo del In this pap er we contrast the p ower of interactive pro of systems with al ternating Turing machines as develop ed by Chandra Kozen and Sto ckmeyer An alternating Turing machine is a generalization of a nondeterministic machine where the machine may make b oth existential and universal choices A string is accepted by an alternating Turing machine M if there exists a rst existential choice such that for all rst universal choices there exists a second existential choice such that M accepts See for a complete technical denition Let n represent the length of the input string Let ATIMEtn b e the set of languages accepted by an alternating Turing machine running in time O tn Let ASPACEsn b e the analogous class for space Chandra Kozen and Sto ckmeyer show the following relationships S sn For sn log n ASPACEsn DTIMEc c For tn n ATIMEtn DSPACEtn ATIMEtn This implies for example that P ASPACElog n and PSPACE S k ATIMEn k We assume throughout this pap er that tn sn log n nondecreasing and fully time and space constructible in the following strong sense There exists a deterministic Turing machine M such that given m written in binary sm will output the pair tm where tm is written in binary Furthermore M uses O tm time and O sm space Note most natural functions fulll these conditions We also assume all inputs are elements of f g We say that t s is timespace constructible We dene the following time and space classes generalizing the TISP ter minology intro duced by Bruss and Meyer to describ e deterministic compu tation b ounded in b oth time and space A language L is in ATISPtn sn if some alternating Turing machine M accepts L and M runs in time O tn and space O sn on every computation path A language L is in IPTISPtn sn if there exists an publiccoin in teractive pro of for L such that the verier uses at most O tn time and Interactive Pro ofs O sn space on every computation path with every p ossible prover We de ne IPTIMEtn and IPSPACEsn analogously For IPSPACEsn we restrict the interactive pro ofs systems to having nite computation paths If an alternating Turing machine or a verier ever enters the same cong uration twice then it will have an innite computation path Thus we may always assume sn log tn Ruzzo rst studied time and space b ounded alternating Turing machine k k k complexity showing ATISPlog n log n NC for all k where NC is the set of languages accepted by a logspace uniform circuit family of p olynomial k size and log n depth Condon rst studied the complexity class IPTISPt s under the name BCTIMESPACE In she showed that IPTISPpol y tn log tn DTIMEpol y tn S k IPTISPn log n Fortnow and Sipser studied the class BPNL k They show LOGCFL BPNL P where LOGCFL NC is the class of languages logspace reducible to contextfree languages Restricted Alternating Turing Machines We will
Recommended publications
  • Database Theory

    Database Theory

    DATABASE THEORY Lecture 4: Complexity of FO Query Answering Markus Krotzsch¨ TU Dresden, 21 April 2016 Overview 1. Introduction | Relational data model 2. First-order queries 3. Complexity of query answering 4. Complexity of FO query answering 5. Conjunctive queries 6. Tree-like conjunctive queries 7. Query optimisation 8. Conjunctive Query Optimisation / First-Order Expressiveness 9. First-Order Expressiveness / Introduction to Datalog 10. Expressive Power and Complexity of Datalog 11. Optimisation and Evaluation of Datalog 12. Evaluation of Datalog (2) 13. Graph Databases and Path Queries 14. Outlook: database theory in practice See course homepage [) link] for more information and materials Markus Krötzsch, 21 April 2016 Database Theory slide 2 of 41 How to Measure Query Answering Complexity Query answering as decision problem { consider Boolean queries Various notions of complexity: • Combined complexity (complexity w.r.t. size of query and database instance) • Data complexity (worst case complexity for any fixed query) • Query complexity (worst case complexity for any fixed database instance) Various common complexity classes: L ⊆ NL ⊆ P ⊆ NP ⊆ PSpace ⊆ ExpTime Markus Krötzsch, 21 April 2016 Database Theory slide 3 of 41 An Algorithm for Evaluating FO Queries function Eval(', I) 01 switch (') f I 02 case p(c1, ::: , cn): return hc1, ::: , cni 2 p 03 case : : return :Eval( , I) 04 case 1 ^ 2 : return Eval( 1, I) ^ Eval( 2, I) 05 case 9x. : 06 for c 2 ∆I f 07 if Eval( [x 7! c], I) then return true 08 g 09 return false 10 g Markus Krötzsch, 21 April 2016 Database Theory slide 4 of 41 FO Algorithm Worst-Case Runtime Let m be the size of ', and let n = jIj (total table sizes) • How many recursive calls of Eval are there? { one per subexpression: at most m • Maximum depth of recursion? { bounded by total number of calls: at most m • Maximum number of iterations of for loop? { j∆Ij ≤ n per recursion level { at most nm iterations I • Checking hc1, ::: , cni 2 p can be done in linear time w.r.t.
  • CS601 DTIME and DSPACE Lecture 5 Time and Space Functions: T, S

    CS601 DTIME and DSPACE Lecture 5 Time and Space Functions: T, S

    CS601 DTIME and DSPACE Lecture 5 Time and Space functions: t, s : N → N+ Definition 5.1 A set A ⊆ U is in DTIME[t(n)] iff there exists a deterministic, multi-tape TM, M, and a constant c, such that, 1. A = L(M) ≡ w ∈ U M(w)=1 , and 2. ∀w ∈ U, M(w) halts within c · t(|w|) steps. Definition 5.2 A set A ⊆ U is in DSPACE[s(n)] iff there exists a deterministic, multi-tape TM, M, and a constant c, such that, 1. A = L(M), and 2. ∀w ∈ U, M(w) uses at most c · s(|w|) work-tape cells. (Input tape is “read-only” and not counted as space used.) Example: PALINDROMES ∈ DTIME[n], DSPACE[n]. In fact, PALINDROMES ∈ DSPACE[log n]. [Exercise] 1 CS601 F(DTIME) and F(DSPACE) Lecture 5 Definition 5.3 f : U → U is in F (DTIME[t(n)]) iff there exists a deterministic, multi-tape TM, M, and a constant c, such that, 1. f = M(·); 2. ∀w ∈ U, M(w) halts within c · t(|w|) steps; 3. |f(w)|≤|w|O(1), i.e., f is polynomially bounded. Definition 5.4 f : U → U is in F (DSPACE[s(n)]) iff there exists a deterministic, multi-tape TM, M, and a constant c, such that, 1. f = M(·); 2. ∀w ∈ U, M(w) uses at most c · s(|w|) work-tape cells; 3. |f(w)|≤|w|O(1), i.e., f is polynomially bounded. (Input tape is “read-only”; Output tape is “write-only”.
  • Interactive Proof Systems and Alternating Time-Space Complexity

    Interactive Proof Systems and Alternating Time-Space Complexity

    Theoretical Computer Science 113 (1993) 55-73 55 Elsevier Interactive proof systems and alternating time-space complexity Lance Fortnow” and Carsten Lund** Department of Computer Science, Unicersity of Chicago. 1100 E. 58th Street, Chicago, IL 40637, USA Abstract Fortnow, L. and C. Lund, Interactive proof systems and alternating time-space complexity, Theoretical Computer Science 113 (1993) 55-73. We show a rough equivalence between alternating time-space complexity and a public-coin interactive proof system with the verifier having a polynomial-related time-space complexity. Special cases include the following: . All of NC has interactive proofs, with a log-space polynomial-time public-coin verifier vastly improving the best previous lower bound of LOGCFL for this model (Fortnow and Sipser, 1988). All languages in P have interactive proofs with a polynomial-time public-coin verifier using o(log’ n) space. l All exponential-time languages have interactive proof systems with public-coin polynomial-space exponential-time verifiers. To achieve better bounds, we show how to reduce a k-tape alternating Turing machine to a l-tape alternating Turing machine with only a constant factor increase in time and space. 1. Introduction In 1981, Chandra et al. [4] introduced alternating Turing machines, an extension of nondeterministic computation where the Turing machine can make both existential and universal moves. In 1985, Goldwasser et al. [lo] and Babai [l] introduced interactive proof systems, an extension of nondeterministic computation consisting of two players, an infinitely powerful prover and a probabilistic polynomial-time verifier. The prover will try to convince the verifier of the validity of some statement.
  • On the Randomness Complexity of Interactive Proofs and Statistical Zero-Knowledge Proofs*

    On the Randomness Complexity of Interactive Proofs and Statistical Zero-Knowledge Proofs*

    On the Randomness Complexity of Interactive Proofs and Statistical Zero-Knowledge Proofs* Benny Applebaum† Eyal Golombek* Abstract We study the randomness complexity of interactive proofs and zero-knowledge proofs. In particular, we ask whether it is possible to reduce the randomness complexity, R, of the verifier to be comparable with the number of bits, CV , that the verifier sends during the interaction. We show that such randomness sparsification is possible in several settings. Specifically, unconditional sparsification can be obtained in the non-uniform setting (where the verifier is modelled as a circuit), and in the uniform setting where the parties have access to a (reusable) common-random-string (CRS). We further show that constant-round uniform protocols can be sparsified without a CRS under a plausible worst-case complexity-theoretic assumption that was used previously in the context of derandomization. All the above sparsification results preserve statistical-zero knowledge provided that this property holds against a cheating verifier. We further show that randomness sparsification can be applied to honest-verifier statistical zero-knowledge (HVSZK) proofs at the expense of increasing the communica- tion from the prover by R−F bits, or, in the case of honest-verifier perfect zero-knowledge (HVPZK) by slowing down the simulation by a factor of 2R−F . Here F is a new measure of accessible bit complexity of an HVZK proof system that ranges from 0 to R, where a maximal grade of R is achieved when zero- knowledge holds against a “semi-malicious” verifier that maliciously selects its random tape and then plays honestly.
  • The Complexity of Space Bounded Interactive Proof Systems

    The Complexity of Space Bounded Interactive Proof Systems

    The Complexity of Space Bounded Interactive Proof Systems ANNE CONDON Computer Science Department, University of Wisconsin-Madison 1 INTRODUCTION Some of the most exciting developments in complexity theory in recent years concern the complexity of interactive proof systems, defined by Goldwasser, Micali and Rackoff (1985) and independently by Babai (1985). In this paper, we survey results on the complexity of space bounded interactive proof systems and their applications. An early motivation for the study of interactive proof systems was to extend the notion of NP as the class of problems with efficient \proofs of membership". Informally, a prover can convince a verifier in polynomial time that a string is in an NP language, by presenting a witness of that fact to the verifier. Suppose that the power of the verifier is extended so that it can flip coins and can interact with the prover during the course of a proof. In this way, a verifier can gather statistical evidence that an input is in a language. As we will see, the interactive proof system model precisely captures this in- teraction between a prover P and a verifier V . In the model, the computation of V is probabilistic, but is typically restricted in time or space. A language is accepted by the interactive proof system if, for all inputs in the language, V accepts with high probability, based on the communication with the \honest" prover P . However, on inputs not in the language, V rejects with high prob- ability, even when communicating with a \dishonest" prover. In the general model, V can keep its coin flips secret from the prover.
  • Lecture 9 1 Interactive Proof Systems/Protocols

    Lecture 9 1 Interactive Proof Systems/Protocols

    CS 282A/MATH 209A: Foundations of Cryptography Prof. Rafail Ostrovsky Lecture 9 Lecture date: March 7-9, 2005 Scribe: S. Bhattacharyya, R. Deak, P. Mirzadeh 1 Interactive Proof Systems/Protocols 1.1 Introduction The traditional mathematical notion of a proof is a simple passive protocol in which a prover P outputs a complete proof to a verifier V who decides on its validity. The interaction in this traditional sense is minimal and one-way, prover → verifier. The observation has been made that allowing the verifier to interact with the prover can have advantages, for example proving the assertion faster or proving more expressive languages. This extension allows for the idea of interactive proof systems (protocols). The general framework of the interactive proof system (protocol) involves a prover P with an exponential amount of time (computationally unbounded) and a verifier V with a polyno- mial amount of time. Both P and V exchange multiple messages (challenges and responses), usually dependent upon outcomes of fair coin tosses which they may or may not share. It is easy to see that since V is a poly-time machine (PPT), only a polynomial number of messages may be exchanged between the two. P ’s objective is to convince (prove to) the verifier the truth of an assertion, e.g., claimed knowledge of a proof that x ∈ L. V either accepts or rejects the interaction with the P . 1.2 Definition of Interactive Proof Systems An interactive proof system for a language L is a protocol PV for communication between a computationally unbounded (exponential time) machine P and a probabilistic poly-time (PPT) machine V such that the protocol satisfies the properties of completeness and sound- ness.
  • Complexity Theory

    Complexity Theory

    Complexity Theory Course Notes Sebastiaan A. Terwijn Radboud University Nijmegen Department of Mathematics P.O. Box 9010 6500 GL Nijmegen the Netherlands [email protected] Copyright c 2010 by Sebastiaan A. Terwijn Version: December 2017 ii Contents 1 Introduction 1 1.1 Complexity theory . .1 1.2 Preliminaries . .1 1.3 Turing machines . .2 1.4 Big O and small o .........................3 1.5 Logic . .3 1.6 Number theory . .4 1.7 Exercises . .5 2 Basics 6 2.1 Time and space bounds . .6 2.2 Inclusions between classes . .7 2.3 Hierarchy theorems . .8 2.4 Central complexity classes . 10 2.5 Problems from logic, algebra, and graph theory . 11 2.6 The Immerman-Szelepcs´enyi Theorem . 12 2.7 Exercises . 14 3 Reductions and completeness 16 3.1 Many-one reductions . 16 3.2 NP-complete problems . 18 3.3 More decision problems from logic . 19 3.4 Completeness of Hamilton path and TSP . 22 3.5 Exercises . 24 4 Relativized computation and the polynomial hierarchy 27 4.1 Relativized computation . 27 4.2 The Polynomial Hierarchy . 28 4.3 Relativization . 31 4.4 Exercises . 32 iii 5 Diagonalization 34 5.1 The Halting Problem . 34 5.2 Intermediate sets . 34 5.3 Oracle separations . 36 5.4 Many-one versus Turing reductions . 38 5.5 Sparse sets . 38 5.6 The Gap Theorem . 40 5.7 The Speed-Up Theorem . 41 5.8 Exercises . 43 6 Randomized computation 45 6.1 Probabilistic classes . 45 6.2 More about BPP . 48 6.3 The classes RP and ZPP .
  • Interactive Proofs for Quantum Computations

    Interactive Proofs for Quantum Computations

    Innovations in Computer Science 2010 Interactive Proofs For Quantum Computations Dorit Aharonov Michael Ben-Or Elad Eban School of Computer Science, The Hebrew University of Jerusalem, Israel [email protected] [email protected] [email protected] Abstract: The widely held belief that BQP strictly contains BPP raises fundamental questions: Upcoming generations of quantum computers might already be too large to be simulated classically. Is it possible to experimentally test that these systems perform as they should, if we cannot efficiently compute predictions for their behavior? Vazirani has asked [21]: If computing predictions for Quantum Mechanics requires exponential resources, is Quantum Mechanics a falsifiable theory? In cryptographic settings, an untrusted future company wants to sell a quantum computer or perform a delegated quantum computation. Can the customer be convinced of correctness without the ability to compare results to predictions? To provide answers to these questions, we define Quantum Prover Interactive Proofs (QPIP). Whereas in standard Interactive Proofs [13] the prover is computationally unbounded, here our prover is in BQP, representing a quantum computer. The verifier models our current computational capabilities: it is a BPP machine, with access to few qubits. Our main theorem can be roughly stated as: ”Any language in BQP has a QPIP, and moreover, a fault tolerant one” (providing a partial answer to a challenge posted in [1]). We provide two proofs. The simpler one uses a new (possibly of independent interest) quantum authentication scheme (QAS) based on random Clifford elements. This QPIP however, is not fault tolerant. Our second protocol uses polynomial codes QAS due to Ben-Or, Cr´epeau, Gottesman, Hassidim, and Smith [8], combined with quantum fault tolerance and secure multiparty quantum computation techniques.
  • Lecture 11 1 Non-Uniform Complexity

    Lecture 11 1 Non-Uniform Complexity

    Notes on Complexity Theory Last updated: October, 2011 Lecture 11 Jonathan Katz 1 Non-Uniform Complexity 1.1 Circuit Lower Bounds for a Language in §2 \ ¦2 We have seen that there exist \very hard" languages (i.e., languages that require circuits of size (1 ¡ ")2n=n). If we can show that there exists a language in NP that is even \moderately hard" (i.e., requires circuits of super-polynomial size) then we will have proved P 6= NP. (In some sense, it would be even nicer to show some concrete language in NP that requires circuits of super-polynomial size. But mere existence of such a language is enough.) c Here we show that for every c there is a language in §2 \ ¦2 that is not in size(n ). Note that this does not prove §2 \ ¦2 6⊆ P=poly since, for every c, the language we obtain is di®erent. (Indeed, using the time hierarchy theorem, we have that for every c there is a language in P that is not in time(nc).) What is particularly interesting here is that (1) we prove a non-uniform lower bound and (2) the proof is, in some sense, rather simple. c Theorem 1 For every c, there is a language in §4 \ ¦4 that is not in size(n ). Proof Fix some c. For each n, let Cn be the lexicographically ¯rst circuit on n inputs such c that (the function computed by) Cn cannot be computed by any circuit of size at most n . By the c+1 non-uniform hierarchy theorem (see [1]), there exists such a Cn of size at most n (for n large c enough).
  • Simple Doubly-Efficient Interactive Proof Systems for Locally

    Simple Doubly-Efficient Interactive Proof Systems for Locally

    Electronic Colloquium on Computational Complexity, Revision 3 of Report No. 18 (2017) Simple doubly-efficient interactive proof systems for locally-characterizable sets Oded Goldreich∗ Guy N. Rothblumy September 8, 2017 Abstract A proof system is called doubly-efficient if the prescribed prover strategy can be implemented in polynomial-time and the verifier’s strategy can be implemented in almost-linear-time. We present direct constructions of doubly-efficient interactive proof systems for problems in P that are believed to have relatively high complexity. Specifically, such constructions are presented for t-CLIQUE and t-SUM. In addition, we present a generic construction of such proof systems for a natural class that contains both problems and is in NC (and also in SC). The proof systems presented by us are significantly simpler than the proof systems presented by Goldwasser, Kalai and Rothblum (JACM, 2015), let alone those presented by Reingold, Roth- blum, and Rothblum (STOC, 2016), and can be implemented using a smaller number of rounds. Contents 1 Introduction 1 1.1 The current work . 1 1.2 Relation to prior work . 3 1.3 Organization and conventions . 4 2 Preliminaries: The sum-check protocol 5 3 The case of t-CLIQUE 5 4 The general result 7 4.1 A natural class: locally-characterizable sets . 7 4.2 Proof of Theorem 1 . 8 4.3 Generalization: round versus computation trade-off . 9 4.4 Extension to a wider class . 10 5 The case of t-SUM 13 References 15 Appendix: An MA proof system for locally-chracterizable sets 18 ∗Department of Computer Science, Weizmann Institute of Science, Rehovot, Israel.
  • Lecture 10: Space Complexity III

    Lecture 10: Space Complexity III

    Space Complexity Classes: NL and L Reductions NL-completeness The Relation between NL and coNL A Relation Among the Complexity Classes Lecture 10: Space Complexity III Arijit Bishnu 27.03.2010 Space Complexity Classes: NL and L Reductions NL-completeness The Relation between NL and coNL A Relation Among the Complexity Classes Outline 1 Space Complexity Classes: NL and L 2 Reductions 3 NL-completeness 4 The Relation between NL and coNL 5 A Relation Among the Complexity Classes Space Complexity Classes: NL and L Reductions NL-completeness The Relation between NL and coNL A Relation Among the Complexity Classes Outline 1 Space Complexity Classes: NL and L 2 Reductions 3 NL-completeness 4 The Relation between NL and coNL 5 A Relation Among the Complexity Classes Definition for Recapitulation S c NPSPACE = c>0 NSPACE(n ). The class NPSPACE is an analog of the class NP. Definition L = SPACE(log n). Definition NL = NSPACE(log n). Space Complexity Classes: NL and L Reductions NL-completeness The Relation between NL and coNL A Relation Among the Complexity Classes Space Complexity Classes Definition for Recapitulation S c PSPACE = c>0 SPACE(n ). The class PSPACE is an analog of the class P. Definition L = SPACE(log n). Definition NL = NSPACE(log n). Space Complexity Classes: NL and L Reductions NL-completeness The Relation between NL and coNL A Relation Among the Complexity Classes Space Complexity Classes Definition for Recapitulation S c PSPACE = c>0 SPACE(n ). The class PSPACE is an analog of the class P. Definition for Recapitulation S c NPSPACE = c>0 NSPACE(n ).
  • On the Existence of Extractable One-Way Functions

    On the Existence of Extractable One-Way Functions

    On the Existence of Extractable One-Way Functions The MIT Faculty has made this article openly available. Please share how this access benefits you. Your story matters. Citation Bitansky, Nir et al. “On the Existence of Extractable One-Way Functions.” SIAM Journal on Computing 45.5 (2016): 1910–1952. © 2016 by SIAM As Published http://dx.doi.org/10.1137/140975048 Publisher Society for Industrial and Applied Mathematics Version Final published version Citable link http://hdl.handle.net/1721.1/107895 Terms of Use Article is made available in accordance with the publisher's policy and may be subject to US copyright law. Please refer to the publisher's site for terms of use. SIAM J. COMPUT. c 2016 Society for Industrial and Applied Mathematics Vol. 45, No. 5, pp. 1910{1952 ∗ ON THE EXISTENCE OF EXTRACTABLE ONE-WAY FUNCTIONS NIR BITANSKYy , RAN CANETTIz , OMER PANETHz , AND ALON ROSENx Abstract. A function f is extractable if it is possible to algorithmically \extract," from any adversarial program that outputs a value y in the image of f , a preimage of y. When combined with hardness properties such as one-wayness or collision-resistance, extractability has proven to be a powerful tool. However, so far, extractability has not been explicitly shown. Instead, it has only been considered as a nonstandard knowledge assumption on certain functions. We make headway in the study of the existence of extractable one-way functions (EOWFs) along two directions. On the negative side, we show that if there exist indistinguishability obfuscators for circuits, then there do not exist EOWFs where extraction works for any adversarial program with auxiliary input of unbounded polynomial length.