DOCSLIB.ORG

CECS 328 Lectures

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
CECS 328 Lectures CECS 328 Lectures Darin Goldstein 1 Review of Asymptotics 1. The Force: Certain functions are always eventually larger than others. This list goes from smallest to largest. (a) constants, sin, cos, tan−1 constant (b) (log n) (c) nconstant (d) constantn (e) n! (f) nn Be very careful with the final two levels. YOU MAY ONLY USE THE FORCE ADDITIVELY, NOT MULTIPLICATIVELY! Examples below. 2. Growth of functions: All functions we consider in this class will be even- tually positive. (a) O: f = O(g) ) There exists constants c > 0 and Nc such that for 2 3 every n ≥ Nc, f(x) ≤ cg(x). Example: 5x + 20 = O(x ) (b) Ω: f = Ω(g) ) There exists constants c > 0 and Nc such that for x3 2 every n ≥ Nc, f(x) ≥ cg(x). Example: 3 − 9x = Ω(x ) (c) Θ: f = Θ(g) ) f = O(g) and f = Ω(g). Example: 3x2 − 8x + 2 = Θ(x2) f(x) 2 3 (d) o: f = o(g) ) limx!1 g(x) = 0. Example: x = o(x ) g(x) p (e) !: f = !(g) ) limx!1 f(x) = 0. Example: x = !(log x) The following are exercises based on what you've learned so far: 1. Find the smallest n so that f = O(xn) if such an exists. Find the largest n so that f = Ω(xn) if such an n exists. Find a function g so that f = Θ(g). (a) f(x) = (x3 + x2 log x)(log x + 1) + (17 log x + 19)(x3 + 2) 6 x −3x+12p (b) f(x) = x2 log x+πx x 1 2 3 p 5x log x+x (c) f(x) = x(log x)2+x3 log x (d) f(x) = (2x + x2)(x3 + 3x) x 2 (e) f(x) = x2 + xx 2. Find a function g(x; y) such that f = Θ(g). (Notice that both x and y are variables.) f(x; y) = (x2 + xy + x log y)3 3. Show that for any two positive constants a and b, loga x = O(logb x). 4. Assume that all functions are strictly positive and increasing. True or false: (a) x2 = o(x3); x log x = !(x2); 2x = !(x2); x2 = o(x2) (b) f = o(g) ) 2f = o(2g) (c) f = !(g) ) log(f) = !(log g) (d) f1 = O(g1) and f2 = O(g2) ) f1 + f2 = O(g1 + g2) (e) f1 = o(g1) and f2 = o(g2) ) jf1 − f2j = o(jg1 − g2j) (f) log n! = Θ(n log n) 2 Master Method The Master Method is as follows: Let a ≥ 1 and b > 1 be constants, let f(n) be a function, and let T (n) be defined on the nonnegative integers by the recurrence T (n) = aT (n=b) + f(n) where we interpret n=b to mean either bn=bc or dn=be. Then T (n) can be bounded asymptotically as follows: 1. If f(n) = O(nlogb a−) for some > 0, then T (n) = Θ(nlogb a). 2. If f(n) = Θ(nlogb a)), then T (n) = Θ(nlogb a log n). 3. If f(n) = Ω(nlogb a+) for some constant > 0, and if af(n=b) ≤ cf(n) for some constant c < 1 and all sufficiently large n, then T (n) = Θ(f(n)). Find asymptotic bounds for the following problems using the Master Method if possible: 1. T (n) = 4T (n=2) + n 2. T (n) = T (2n=3) + 1 2 3. T (n) = 3T (n=4) + n log2 n 4. T (n) = 2T (n=2) + n log2 n To show that the Master Method works, unroll the recursion to get the following: T (n) = f(n) + af(n=b) + a2f(n=b2) + ::: + ak−1(aT (n=bk) + f(n=bk−1)) The first question becomes, what is k? When does the recursion stop? k n=b = 1 ) k = logb n ) k−1 X T (n) = alogb nT (n=blogb n) + aif(n=bi) ) i=0 T (n=blogb n) = T (1) = Θ(1) ) alogb nT (n=blogb n) = Θ(nlogb a) Pk−1 i i So now the only question is what happens with the term i=0 a f(n=b ). There are 3 cases to consider. 1. Assume that f(n) = O(nlogb a−) for some > 0. Then by the definition of O notation, 9c > 0 such that eventually f(n) ≤ cnlogb a−. This implies the following. k−1 k−1 k−1 X X X aif(n=bi) ≤ c ai(n=bi)logb a− = c biainlogb a−=ai = i=0 i=0 i=0 k−1 X cnlogb a− bi ≤ cnlogb a−O(bk) = O(nlogb a) i=0 Therefore T (n) = Θ(nlogb a). 2. Assume that f(n) = Θ(nlogb a). Then k−1 k−1 X X aif(n=bi) ∼ ai(n=bi)logb a = knlogb a i=0 i=0 k = logb n ) knlogb a ∼ nlogb a log n 3. Assume that f(n) = Ω(nlogb a+) and 9c < 1 such that eventually af(n=b) ≤ cf(n). By the definition of Ω, 9c0 > 0 such that eventually f(n) ≥ c0nlogb a+. k−1 k−1 1 X X X aif(n=bi) ≤ cif(n) ≤ cif(n) ∼ f(n) i=0 i=0 i=0 f(n) = Ω(nlogb a+) ) T (n) = Ω(f(n)) ) T (n) = Θ(f(n)) 3 3 Divide and Conquer: Majority Element, Clos- est Point Pair 3.1 Majority Element An array A[1; n] is said to have a majority element if strictly more than half of its entries are the same. Given an array, the task is to design an efficient algorithm to tell whether the array has a majority element, and, if so, to find that element. The elements of the array are not necessarily from some ordered domain like the integers, and so there can be no comparisons of the form \Is A[i] > A[j]?". (Think of the array elements as pictures, say.) However you can answer questions of the form: \Is A[i] = A[j]?" in constant time. The naive way to do this is to compare every element to every other element for a running time of O(n2). There are two ways to accomplish this faster and both use divide and con- quer. 1. Split the array A into two halves, A1 and A2. If there is a majority element in the array A, then it must be a majority element in one of the halves; if an element x is not a majority element in at least one of the halves, then there is no way that it can sum to more than half the total in A. Recursively determine the majority element in each of the halves (should one exist) and then determine, for both possibilities (should either or both exist) x1 and x2 whether they are majority elements for the full array by brute-force search; base cases for n = 1 and n = 2 are easy. If T (n) is the time it takes to find a majority element in an array of size n, then T (n) = 2T (n=2) + O(n) ) T (n) = O(n log n) 2. Consider the following operation: If the array has an odd number in it, choose any element and check to see if it is a majority element. If so, you're done. If not, throw it away. Assume the array has an even number of elements. Split the array into pairs of 2 elements. For each pair, if they are the same element, keep one of the elements to add to a new array; otherwise, throw away both elements in the pair. Obviously, the majority element must survive until the very end: If you throw away at least one bad element for every majority element, then the majority element must remain a majority element after each step in the process. 3.2 Closest Point Pair Claim: Given a δ × δ square and the rule that every point must be at least distance δ from every other point, there are at most O(1) points that can fit in the square. 4 You are given a set of n points in the plane and you want to determine the closest pair of points. There is a simple O(n2) algorithm to do it, but it's not good enough. Use the following algorithm. Sort all the points on x- and y-coordinate (if they are not already sorted) before the algorithm begins. We can now assume that all inputs to the following function are sorted on both. 1. If n ≤ 3, just compute and return the answer via brute force. 2. Divide the points into two roughly equal-sized sets and recursively find the closest pair. Let the closest pair on the left side be fp1; p2g and on the right side fq1; q2g. Let δ = minfd(p1; p2); d(q1; q2)g. Let L be the vertical line in the middle of the two pairs of points. 3. If there is a pair of points with distance closer than δ, then one point must be on the left and one on the right. Both points must be within distance δ of L. Remove from consideration all points that are further from L than δ. Note that all points are either on one side of L or the other. 4. Starting at the point p with the lowest y-coordinate, consider which points may be within δ distance of p. These points must be within a δ × δ square on the other side of L.
Load more

Recommended publications
  • Reproducibility and Pseudo-Determinism in Log-Space
    Reproducibility and Pseudo-determinism in Log-Space by Ofer Grossman S.B., Massachusetts Institute of Technology (2017) Submitted to the Department of Electrical Engineering and Computer Science in partial fulfillment of the requirements for the degree of Master of Science in Electrical Engineering and Computer Science at the MASSACHUSETTS INSTITUTE OF TECHNOLOGY May 2020 c Massachusetts Institute of Technology 2020. All rights reserved. Author...................................................................... Department of Electrical Engineering and Computer Science May 15, 2020 Certified by.................................................................. Shafi Goldwasser RSA Professor of Electrical Engineering and Computer Science Thesis Supervisor Accepted by................................................................. Leslie A. Kolodziejski Professor of Electrical Engineering and Computer Science Chair, Department Committee on Graduate Students 2 Reproducibility and Pseudo-determinism in Log-Space by Ofer Grossman Submitted to the Department of Electrical Engineering and Computer Science on May 15, 2020, in partial fulfillment of the requirements for the degree of Master of Science in Electrical Engineering and Computer Science Abstract Acuriouspropertyofrandomizedlog-spacesearchalgorithmsisthattheiroutputsareoften longer than their workspace. This leads to the question: how can we reproduce the results of a randomized log space computation without storing the output or randomness verbatim? Running the algorithm again with new
    [Show full text]
  • Efficient Algorithms with Asymmetric Read and Write Costs
    Efficient Algorithms with Asymmetric Read and Write Costs Guy E. Blelloch1, Jeremy T. Fineman2, Phillip B. Gibbons1, Yan Gu1, and Julian Shun3 1 Carnegie Mellon University 2 Georgetown University 3 University of California, Berkeley Abstract In several emerging technologies for computer memory (main memory), the cost of reading is significantly cheaper than the cost of writing. Such asymmetry in memory costs poses a fun- damentally different model from the RAM for algorithm design. In this paper we study lower and upper bounds for various problems under such asymmetric read and write costs. We con- sider both the case in which all but O(1) memory has asymmetric cost, and the case of a small cache of symmetric memory. We model both cases using the (M, ω)-ARAM, in which there is a small (symmetric) memory of size M and a large unbounded (asymmetric) memory, both random access, and where reading from the large memory has unit cost, but writing has cost ω 1. For FFT and sorting networks we show a lower bound cost of Ω(ωn logωM n), which indicates that it is not possible to achieve asymptotic improvements with cheaper reads when ω is bounded by a polynomial in M. Moreover, there is an asymptotic gap (of min(ω, log n)/ log(ωM)) between the cost of sorting networks and comparison sorting in the model. This contrasts with the RAM, and most other models, in which the asymptotic costs are the same. We also show a lower bound for computations on an n × n diamond DAG of Ω(ωn2/M) cost, which indicates no asymptotic improvement is achievable with fast reads.
    [Show full text]
  • Tarjan Transcript Final with Timestamps
    A.M. Turing Award Oral History Interview with Robert (Bob) Endre Tarjan by Roy Levin San Mateo, California July 12, 2017 Levin: My name is Roy Levin. Today is July 12th, 2017, and I’m in San Mateo, California at the home of Robert Tarjan, where I’ll be interviewing him for the ACM Turing Award Winners project. Good afternoon, Bob, and thanks for spending the time to talk to me today. Tarjan: You’re welcome. Levin: I’d like to start by talking about your early technical interests and where they came from. When do you first recall being interested in what we might call technical things? Tarjan: Well, the first thing I would say in that direction is my mom took me to the public library in Pomona, where I grew up, which opened up a huge world to me. I started reading science fiction books and stories. Originally, I wanted to be the first person on Mars, that was what I was thinking, and I got interested in astronomy, started reading a lot of science stuff. I got to junior high school and I had an amazing math teacher. His name was Mr. Wall. I had him two years, in the eighth and ninth grade. He was teaching the New Math to us before there was such a thing as “New Math.” He taught us Peano’s axioms and things like that. It was a wonderful thing for a kid like me who was really excited about science and mathematics and so on. The other thing that happened was I discovered Scientific American in the public library and started reading Martin Gardner’s columns on mathematical games and was completely fascinated.
    [Show full text]
  • Butler Lampson, Martin Abadi, Michael Burrows, Edward Wobber
    Outline • Chapter 19: Security (cont) • A Method for Obtaining Digital Signatures and Public-Key Cryptosystems Ronald L. Rivest, Adi Shamir, and Leonard M. Adleman. Communications of the ACM 21,2 (Feb. 1978) – RSA Algorithm – First practical public key crypto system • Authentication in Distributed Systems: Theory and Practice, Butler Lampson, Martin Abadi, Michael Burrows, Edward Wobber – Butler Lampson (MSR) - He was one of the designers of the SDS 940 time-sharing system, the Alto personal distributed computing system, the Xerox 9700 laser printer, two-phase commit protocols, the Autonet LAN, and several programming languages – Martin Abadi (Bell Labs) – Michael Burrows, Edward Wobber (DEC/Compaq/HP SRC) Oct-21-03 CSE 542: Operating Systems 1 Encryption • Properties of good encryption technique: – Relatively simple for authorized users to encrypt and decrypt data. – Encryption scheme depends not on the secrecy of the algorithm but on a parameter of the algorithm called the encryption key. – Extremely difficult for an intruder to determine the encryption key. Oct-21-03 CSE 542: Operating Systems 2 Strength • Strength of crypto system depends on the strengths of the keys • Computers get faster – keys have to become harder to keep up • If it takes more effort to break a code than is worth, it is okay – Transferring money from my bank to my credit card and Citibank transferring billions of dollars with another bank should not have the same key strength Oct-21-03 CSE 542: Operating Systems 3 Encryption methods • Symmetric cryptography – Sender and receiver know the secret key (apriori ) • Fast encryption, but key exchange should happen outside the system • Asymmetric cryptography – Each person maintains two keys, public and private • M ≡ PrivateKey(PublicKey(M)) • M ≡ PublicKey (PrivateKey(M)) – Public part is available to anyone, private part is only known to the sender – E.g.
    [Show full text]
  • Great Ideas in Computing
    Great Ideas in Computing University of Toronto CSC196 Winter/Spring 2019 Week 6: October 19-23 (2020) 1 / 17 Announcements I added one final question to Assignment 2. It concerns search engines. The question may need a little clarification. I have also clarified question 1 where I have defined (in a non standard way) the meaning of a strict binary search tree which is what I had in mind. Please answer the question for a strict binary search tree. If you answered the quiz question for a non strict binary search tree withn a proper explanation you will get full credit. Quick poll: how many students feel that Q1 was a fair quiz? A1 has now been graded by Marta. I will scan over the assignments and hope to release the grades later today. If you plan to make a regrading request, you have up to one week to submit your request. You must specify clearly why you feel that a question may not have been graded fairly. In general, students did well which is what I expected. 2 / 17 Agenda for the week We will continue to discuss search engines. We ended on what is slide 10 (in Week 5) on Friday and we will continue with where we left off. I was surprised that in our poll, most students felt that the people advocating the \AI view" of search \won the debate" whereas today I will try to argue that the people (e.g., Salton and others) advocating the \combinatorial, algebraic, statistical view" won the debate as to current search engines.
    [Show full text]
  • Rivest, Shamir, and Adleman Receive 2002 Turing Award, Volume 50
    Rivest, Shamir, and Adleman Receive 2002 Turing Award Cryptography and Information Se- curity Group. He received a B.A. in mathematics from Yale University and a Ph.D. in computer science from Stanford University. Shamir is the Borman Profes- sor in the Applied Mathematics Department of the Weizmann In- stitute of Science in Israel. He re- Ronald L. Rivest Adi Shamir Leonard M. Adleman ceived a B.S. in mathematics from Tel Aviv University and a Ph.D. in The Association for Computing Machinery (ACM) has computer science from the Weizmann Institute. named RONALD L. RIVEST, ADI SHAMIR, and LEONARD M. Adleman is the Distinguished Henry Salvatori ADLEMAN as winners of the 2002 A. M. Turing Award, Professor of Computer Science and Professor of considered the “Nobel Prize of Computing”, for Molecular Biology at the University of Southern their contributions to public key cryptography. California. He earned a B.S. in mathematics at the The Turing Award carries a $100,000 prize, with University of California, Berkeley, and a Ph.D. in funding provided by Intel Corporation. computer science, also at Berkeley. As researchers at the Massachusetts Institute of The ACM presented the Turing Award on June 7, Technology in 1977, the team developed the RSA 2003, in conjunction with the Federated Computing code, which has become the foundation for an en- Research Conference in San Diego, California. The tire generation of technology security products. It award was named for Alan M. Turing, the British mathematician who articulated the mathematical has also inspired important work in both theoret- foundation and limits of computing and who was a ical computer science and mathematics.
    [Show full text]
  • Fault-Tolerant Distributed Computing in Full-Information Networks
    Fault-Tolerant Distributed Computing in Full-Information Networks Shafi Goldwasser∗ Elan Pavlov Vinod Vaikuntanathan∗ CSAIL, MIT MIT CSAIL, MIT Cambridge MA, USA Cambridge MA, USA Cambridge MA, USA December 15, 2006 Abstract In this paper, we use random-selection protocols in the full-information model to solve classical problems in distributed computing. Our main results are the following: • An O(log n)-round randomized Byzantine Agreement (BA) protocol in a synchronous full-information n network tolerating t < 3+ faulty players (for any constant > 0). As such, our protocol is asymp- totically optimal in terms of fault-tolerance. • An O(1)-round randomized BA protocol in a synchronous full-information network tolerating t = n O( (log n)1.58 ) faulty players. • A compiler that converts any randomized protocol Πin designed to tolerate t fail-stop faults, where the n source of randomness of Πin is an SV-source, into a protocol Πout that tolerates min(t, 3 ) Byzantine ∗ faults. If the round-complexity of Πin is r, that of Πout is O(r log n). Central to our results is the development of a new tool, “audited protocols”. Informally “auditing” is a transformation that converts any protocol that assumes built-in broadcast channels into one that achieves a slightly weaker guarantee, without assuming broadcast channels. We regard this as a tool of independent interest, which could potentially find applications in the design of simple and modular randomized distributed algorithms. ∗Supported by NSF grants CNS-0430450 and CCF0514167. 1 1 Introduction The problem of how n players, some of who may be faulty, can make a common random selection in a set, has received much attention.
    [Show full text]
  • Three Puzzles on Mathematics, Computation, and Games
    P. I. C. M. – 2018 Rio de Janeiro, Vol. 1 (551–606) THREE PUZZLES ON MATHEMATICS, COMPUTATION, AND GAMES G K Abstract In this lecture I will talk about three mathematical puzzles involving mathemat- ics and computation that have preoccupied me over the years. The first puzzle is to understand the amazing success of the simplex algorithm for linear programming. The second puzzle is about errors made when votes are counted during elections. The third puzzle is: are quantum computers possible? 1 Introduction The theory of computing and computer science as a whole are precious resources for mathematicians. They bring up new questions, profound new ideas, and new perspec- tives on classical mathematical objects, and serve as new areas for applications of math- ematics and mathematical reasoning. In my lecture I will talk about three mathematical puzzles involving mathematics and computation (and, at times, other fields) that have preoccupied me over the years. The connection between mathematics and computing is especially strong in my field of combinatorics, and I believe that being able to person- ally experience the scientific developments described here over the past three decades may give my description some added value. For all three puzzles I will try to describe in some detail both the large picture at hand, and zoom in on topics related to my own work. Puzzle 1: What can explain the success of the simplex algorithm? Linear program- ming is the problem of maximizing a linear function subject to a system of linear inequalities. The set of solutions to the linear inequalities is a convex polyhedron P .
    [Show full text]
  • Efficient Algorithms with Asymmetric Read and Write Costs
    Efficient Algorithms with Asymmetric Read and Write Costs Guy E. Blelloch1, Jeremy T. Fineman2, Phillip B. Gibbons1, Yan Gu1, and Julian Shun3 1 Carnegie Mellon University 2 Georgetown University 3 University of California, Berkeley Abstract In several emerging technologies for computer memory (main memory), the cost of reading is significantly cheaper than the cost of writing. Such asymmetry in memory costs poses a fun- damentally different model from the RAM for algorithm design. In this paper we study lower and upper bounds for various problems under such asymmetric read and write costs. We con- sider both the case in which all but O(1) memory has asymmetric cost, and the case of a small cache of symmetric memory. We model both cases using the (M, ω)-ARAM, in which there is a small (symmetric) memory of size M and a large unbounded (asymmetric) memory, both random access, and where reading from the large memory has unit cost, but writing has cost ω 1. For FFT and sorting networks we show a lower bound cost of Ω(ωn logωM n), which indicates that it is not possible to achieve asymptotic improvements with cheaper reads when ω is bounded by a polynomial in M. Moreover, there is an asymptotic gap (of min(ω, log n)/ log(ωM)) between the cost of sorting networks and comparison sorting in the model. This contrasts with the RAM, and most other models, in which the asymptotic costs are the same. We also show a lower bound for computations on an n × n diamond DAG of Ω(ωn2/M) cost, which indicates no asymptotic improvement is achievable with fast reads.
    [Show full text]
  • Cryptography: DH And
    1 ì Key Exchange Secure Software Systems Fall 2018 2 Challenge – Exchanging Keys & & − 1 6(6 − 1) !"#ℎ%&'() = = = 15 & 2 2 The more parties in communication, ! $ the more keys that need to be securely exchanged Do we have to use out-of-band " # methods? (e.g., phone?) % Secure Software Systems Fall 2018 3 Key Exchange ì Insecure communica-ons ì Alice and Bob agree on a channel shared secret (“key”) that ì Eve can see everything! Eve doesn’t know ì Despite Eve seeing everything! ! " (alice) (bob) # (eve) Secure Software Systems Fall 2018 Whitfield Diffie and Martin Hellman, 4 “New directions in cryptography,” in IEEE Transactions on Information Theory, vol. 22, no. 6, Nov 1976. Proposed public key cryptography. Diffie-Hellman key exchange. Secure Software Systems Fall 2018 5 Diffie-Hellman Color Analogy (1) It’s easy to mix two colors: + = (2) Mixing two or more colors in a different order results in + + = the same color: + + = (3) Mixing colors is one-way (Impossible to determine which colors went in to produce final result) https://www.crypto101.io/ Secure Software Systems Fall 2018 6 Diffie-Hellman Color Analogy ! # " (alice) (eve) (bob) + + $ $ = = Mix Mix (1) Start with public color ▇ – share across network (2) Alice picks secret color ▇ and mixes it to get ▇ (3) Bob picks secret color ▇ and mixes it to get ▇ Secure Software Systems Fall 2018 7 Diffie-Hellman Color Analogy ! # " (alice) (eve) (bob) $ $ Mix Mix = = Eve can’t calculate ▇ !! (secret keys were never shared) (4) Alice and Bob exchange their mixed colors (▇,▇) (5) Eve will
    [Show full text]
  • Race in the Age of Obama Making America More Competitive
    american academy of arts & sciences summer 2011 www.amacad.org Bulletin vol. lxiv, no. 4 Race in the Age of Obama Gerald Early, Jeffrey B. Ferguson, Korina Jocson, and David A. Hollinger Making America More Competitive, Innovative, and Healthy Harvey V. Fineberg, Cherry A. Murray, and Charles M. Vest ALSO: Social Science and the Alternative Energy Future Philanthropy in Public Education Commission on the Humanities and Social Sciences Reflections: John Lithgow Breaking the Code Around the Country Upcoming Events Induction Weekend–Cambridge September 30– Welcome Reception for New Members October 1–Induction Ceremony October 2– Symposium: American Institutions and a Civil Society Partial List of Speakers: David Souter (Supreme Court of the United States), Maj. Gen. Gregg Martin (United States Army War College), and David M. Kennedy (Stanford University) OCTOBER NOVEMBER 25th 12th Stated Meeting–Stanford Stated Meeting–Chicago in collaboration with the Chicago Humanities Perspectives on the Future of Nuclear Power Festival after Fukushima WikiLeaks and the First Amendment Introduction: Scott D. Sagan (Stanford Introduction: John A. Katzenellenbogen University) (University of Illinois at Urbana-Champaign) Speakers: Wael Al Assad (League of Arab Speakers: Geoffrey R. Stone (University of States) and Jayantha Dhanapala (Pugwash Chicago Law School), Richard A. Posner (U.S. Conferences on Science and World Affairs) Court of Appeals for the Seventh Circuit), 27th Judith Miller (formerly of The New York Times), Stated Meeting–Berkeley and Gabriel Schoenfeld (Hudson Institute; Healing the Troubled American Economy Witherspoon Institute) Introduction: Robert J. Birgeneau (Univer- DECEMBER sity of California, Berkeley) 7th Speakers: Christina Romer (University of Stated Meeting–Stanford California, Berkeley) and David H.
    [Show full text]
  • Magic Adversaries Versus Individual Reduction: Science Wins Either Way ?
    Magic Adversaries Versus Individual Reduction: Science Wins Either Way ? Yi Deng1;2 1 SKLOIS, Institute of Information Engineering, CAS, Beijing, P.R.China 2 State Key Laboratory of Cryptology, P. O. Box 5159, Beijing ,100878,China [email protected] Abstract. We prove that, assuming there exists an injective one-way function f, at least one of the following statements is true: – (Infinitely-often) Non-uniform public-key encryption and key agreement exist; – The Feige-Shamir protocol instantiated with f is distributional concurrent zero knowledge for a large class of distributions over any OR NP-relations with small distinguishability gap. The questions of whether we can achieve these goals are known to be subject to black-box lim- itations. Our win-win result also establishes an unexpected connection between the complexity of public-key encryption and the round-complexity of concurrent zero knowledge. As the main technical contribution, we introduce a dissection procedure for concurrent ad- versaries, which enables us to transform a magic concurrent adversary that breaks the distribu- tional concurrent zero knowledge of the Feige-Shamir protocol into non-black-box construc- tions of (infinitely-often) public-key encryption and key agreement. This dissection of complex algorithms gives insight into the fundamental gap between the known universal security reductions/simulations, in which a single reduction algorithm or simu- lator works for all adversaries, and the natural security definitions (that are sufficient for almost all cryptographic primitives/protocols), which switch the order of qualifiers and only require that for every adversary there exists an individual reduction or simulator. 1 Introduction The seminal work of Impagliazzo and Rudich [IR89] provides a methodology for studying the lim- itations of black-box reductions.
    [Show full text]