DOCSLIB.ORG

Non-Black-Box Techniques in Cryptography

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Non-Black-Box Techniques in Cryptography Non-Black-Box Techniques in Cryptography Thesis for the Ph.D. Degree by Boaz Barak Under the Supervision of Professor Oded Goldreich Department of Computer Science and Applied Mathematics The Weizmann Institute of Science Submitted to the Feinberg Graduate School of the Weizmann Institute of Science Rehovot 76100, Israel January 6, 2004 To my darling Ravit Abstract The American Heritage dictionary defines the term “Black-Box” as “A device or theoretical construct with known or specified performance characteristics but unknown or unspecified constituents and means of operation.” In the context of Computer Science, to use a program as a black-box means to use only its input/output relation by executing the program on chosen inputs, without examining the actual code (i.e., representation as a sequence of symbols) of the program. Since learning properties of a program from its code is a notoriously hard problem, in most cases both in applied and theoretical computer science, only black-box techniques are used. In fact, there are specific cases in which it has been either proved (e.g., the Halting Problem) or is widely conjectured (e.g., the Satisfiability Problem) that there is no advantage for non-black-box techniques over black-box techniques. In this thesis, we consider several settings in cryptography, and ask whether there actually is an advantage in using non-black-box techniques over black-box techniques in these settings. Somewhat surprisingly, our answer is mainly positive. That is, we show that in several contexts in cryptog- raphy, there is a difference between the power of black-box and non-black-box techniques. Using non-black-box techniques we are able to solve some problems in cryptography that were previously unsolved. In fact, some of these problems were previously proven to be unsolvable using black-box techniques. The main results of this thesis are the following: Software Obfuscation Informally speaking, an obfuscator is a compiler that takes a program P as input and produces a new program P 0 that has the same functionality as P , and yet is “unintelligible” in some sense. Ideally, a software obfuscator should ensure that the only information leaked about P from the program P 0, is information that can be derived by using only black-box access to P . Obfuscators, if they exist, would have a wide variety of cryptographic and complexity-theoretic applications, ranging from software protection to homomorphic encryption to complexity-theoretic analogues of Rice’s theorem. In this thesis, we discuss how to formally define obfuscators, and whether or not such objects exist. Our main result in this context is that even very weak forms of obfuscators do not exist. Zero-Knowledge The simulation paradigm, introduced by Goldwasser, Micali and Rackoff, has had fundamental impact on cryptography. A simulator is an algorithm that tries to simulate the interaction of the adversary with an honest party, without knowing the private input of this honest party. Loosely speaking, the existence of such a simulator demonstrates that the adversary did not gain any knowledge about the honest party’s input. v vi Almost all previously known simulators used the adversary’s algorithm as a black-box. We present the first constructions of non-black-box simulators. Using these new non-black-box techniques we obtain several results that were previously shown to be impossible to obtain using black-box simulators. Specifically, assuming the existence of collision-resistant hash functions, we construct a new constant-round zero-knowledge argument system for NP that satisfies the following properties: 1. It remains zero knowledge even when composed concurrently n times, where n is the security parameter. 2. It is an Arthur-Merlin (public coins) protocol. 3. It has a simulator that runs in strict probabilistic polynomial-time, rather than in ex- pected probabilistic polynomial-time. It is impossible to obtain a constant-round zero-knowledge argument (for a non-trivial lan- guage) satisfying either Property 1 or Property 2 using black-box simulation (Canetti et al., 2001), (Goldreich and Krawczyk, 1996). We show that it is also impossible to obtain a constant-round zero-knowledge argument satisfying Property 3 using black-box simulation. We use this protocol to obtain other new results in cryptography. These include a con- struction of constant-round zero-knowledge proof of knowledge with a strict polynomial-time knowledge extractor, a zero-knowledge resettably sound argument for NP, and a resettable zero-knowledge argument of knowledge for NP. We show that all these applications are impossible to obtain when restricted to black-box techniques. Non-Malleability We construct the first constant round non-malleable commitment scheme and the first constant-round non-malleable zero-knowledge argument system, as defined by Dolev, Dwork and Naor (Siam J. Computing, 2000). Previous constructions either used a non- constant number of rounds, or were only secure under stronger setup assumptions (such as the availability of a public string that was chosen at random and published by a trusted third party). We obtain this result by using a non-black-box proof of security. That is, our proof uses the code of the adversary in the security reduction. As an intermediate step we define and construct a constant-round non-malleable coin tossing protocol. This coin-tossing protocol may be of independent interest. To summarize, in this thesis we show that, somewhat unintuitively, non-black-box techniques sometimes have a significant advantage over black-box techniques in cryptography. From the point of view of cryptographers, this result has both negative and positive applications. On the one hand, it further stresses the point that it is unsafe to rely on the assumption that an adversary attacking our schemes will use only black-box techniques. On the other hand, it means that when designing and analyzing cryptographic schemes, we can use these non-black-box techniques to obtain useful and important security goals that cannot be obtained using black-box techniques. Origin of the term “Black-Box” The term “black-box” has two common interpretations. One is a flight recorder on an airplane, that records all information regarding the flight, and helps discover the reasons for a crash.1 Another interpretation, which is the one we are interested in, is “A device or theoretical construct with known or specified performance characteristics but unknown or unspecified constituents and means of operation” [Ame00]. It seems that both interpretations have the same origin. In the second world war, “black-box” was a slang word among the pilots of the British Royal Air-Force (RAF) for radar instruments [Par90, Has03]. One reason was simply that these instruments were indeed enclosed in black boxes. There are also sources that suggest that the pilots, who didn’t know how these instruments operated (and in fact were not allowed to know this, since it was classified information) joked that they operated on “black magic”.2 Indeed, this is probably the reason this term came to describe any piece of mysterious electronics, which its users know (or at least have some clue as to) what it does, but have no idea how it does it. Although all sources seem to agree that the term originated from the RAF, there are earlier examples of mysterious devices being placed in black boxes (c.f. [Vas96]). Perhaps the most notable of these was the Oscilloclast (also called the ERA), invented by Dr. Albert Abrams in the beginning of the 20th century (see [Sch01, Edw00, Vle99, Abr16]). The Oscilloclast was a black box that was supposed to cure all sorts of various diseases. 3500 practitioners were using the Oscilloclast at the height of its popularity in 1923. As in the case of modern software “black boxes”, the Oscilloclast, which was leased for $200 down and $5 per month, was sealed and the lessee had to sign a contract not to open it. Thousands of patients were diagnosed and cured by Abrams of bovine syphilis, a disease whose existence was never established to the satisfaction of the medical profession. In addition, when a blood sample from a healthy guinea-pig was sent to Abrams, it was diagnosed as suffering general cancer and tuberculosis of the genito-urinary tract, another diagnosis of a drop of sheeps blood came back as hereditary syphilis with an offer of a cure for $250. When physicists and engineers opened the devices they found them to be essentially a jungle of electric wires. Thanks to justaskscott-ga from the Google Answers website. 1Today these recorders are usually painted in a bright orange color. 2For example consider this quote from an RAF fighter pilot John Cunnigham expressing his frustration with the early radar systems: “The magician was still kneeling on his prayer mat of blankets muttering to himself, the green glow from the CRT flickered on his face. A witch doctor, I thought, a witch doctor and black magic – and just about as useful.”. See http://www.vectorsite.net/ttwiz2.html. vii viii Acknowledgements First and foremost, I want to thank my advisor, Oded Goldreich. Although it was certainly not always easy, I think that I have evolved in the last four years, both as a scientist and as a person. Oded, more than any other person, was instrumental in this evolution. It was mainly through interaction with Oded that I shaped my understanding of my subject, of Computer Science at large, and of being a scientist. (Although, of course, any errors in the end result are my responsibility...) I feel very lucky to have had Oded as an advisor, and look forward to having more opportunities to learn from and work with him in the future.
Load more

Recommended publications
  • The Weakness of CTC Qubits and the Power of Approximate Counting
    The weakness of CTC qubits and the power of approximate counting Ryan O'Donnell∗ A. C. Cem Sayy April 7, 2015 Abstract We present results in structural complexity theory concerned with the following interre- lated topics: computation with postselection/restarting, closed timelike curves (CTCs), and approximate counting. The first result is a new characterization of the lesser known complexity class BPPpath in terms of more familiar concepts. Precisely, BPPpath is the class of problems that can be efficiently solved with a nonadaptive oracle for the Approximate Counting problem. Similarly, PP equals the class of problems that can be solved efficiently with nonadaptive queries for the related Approximate Difference problem. Another result is concerned with the compu- tational power conferred by CTCs; or equivalently, the computational complexity of finding stationary distributions for quantum channels. Using the above-mentioned characterization of PP, we show that any poly(n)-time quantum computation using a CTC of O(log n) qubits may as well just use a CTC of 1 classical bit. This result essentially amounts to showing that one can find a stationary distribution for a poly(n)-dimensional quantum channel in PP. ∗Department of Computer Science, Carnegie Mellon University. Work performed while the author was at the Bo˘gazi¸ciUniversity Computer Engineering Department, supported by Marie Curie International Incoming Fellowship project number 626373. yBo˘gazi¸ciUniversity Computer Engineering Department. 1 Introduction It is well known that studying \non-realistic" augmentations of computational models can shed a great deal of light on the power of more standard models. The study of nondeterminism and the study of relativization (i.e., oracle computation) are famous examples of this phenomenon.
    [Show full text]
  • Independence of P Vs. NP in Regards to Oracle Relativizations. · 3 Then
    Independence of P vs. NP in regards to oracle relativizations. JERRALD MEEK This is the third article in a series of four articles dealing with the P vs. NP question. The purpose of this work is to demonstrate that the methods used in the first two articles of this series are not affected by oracle relativizations. Furthermore, the solution to the P vs. NP problem is actually independent of oracle relativizations. Categories and Subject Descriptors: F.2.0 [Analysis of Algorithms and Problem Complex- ity]: General General Terms: Algorithms, Theory Additional Key Words and Phrases: P vs NP, Oracle Machine 1. INTRODUCTION. Previously in “P is a proper subset of NP” [Meek Article 1 2008] and “Analysis of the Deterministic Polynomial Time Solvability of the 0-1-Knapsack Problem” [Meek Article 2 2008] the present author has demonstrated that some NP-complete problems are likely to have no deterministic polynomial time solution. In this article the concepts of these previous works will be applied to the relativizations of the P vs. NP problem. It has previously been shown by Hartmanis and Hopcroft [1976], that the P vs. NP problem is independent of Zermelo-Fraenkel set theory. However, this same discovery had been shown by Baker [1979], who also demonstrates that if P = NP then the solution is incompatible with ZFC. The purpose of this article will be to demonstrate that the oracle relativizations of the P vs. NP problem do not preclude any solution to the original problem. This will be accomplished by constructing examples of five out of the six relativizing or- acles from Baker, Gill, and Solovay [1975], it will be demonstrated that inconsistent relativizations do not preclude a proof of P 6= NP or P = NP.
    [Show full text]
  • On Beating the Hybrid Argument∗
    THEORY OF COMPUTING, Volume 9 (26), 2013, pp. 809–843 www.theoryofcomputing.org On Beating the Hybrid Argument∗ Bill Fefferman† Ronen Shaltiel‡ Christopher Umans§ Emanuele Viola¶ Received February 23, 2012; Revised July 31, 2013; Published November 14, 2013 Abstract: The hybrid argument allows one to relate the distinguishability of a distribution (from uniform) to the predictability of individual bits given a prefix. The argument incurs a loss of a factor k equal to the bit-length of the distributions: e-distinguishability implies e=k-predictability. This paper studies the consequences of avoiding this loss—what we call “beating the hybrid argument”—and develops new proof techniques that circumvent the loss in certain natural settings. Our main results are: 1. We give an instantiation of the Nisan-Wigderson generator (JCSS 1994) that can be broken by quantum computers, and that is o(1)-unpredictable against AC0. We conjecture that this generator indeed fools AC0. Our conjecture implies the existence of an oracle relative to which BQP is not in the PH, a longstanding open problem. 2. We show that the “INW generator” by Impagliazzo, Nisan, and Wigderson (STOC’94) with seed length O(lognloglogn) produces a distribution that is 1=logn-unpredictable ∗An extended abstract of this paper appeared in the Proceedings of the 3rd Innovations in Theoretical Computer Science (ITCS) 2012. †Supported by IQI. ‡Supported by BSF grant 2010120, ISF grants 686/07,864/11 and ERC starting grant 279559. §Supported by NSF CCF-0846991, CCF-1116111 and BSF grant
    [Show full text]
  • Restricted Relativizations of Probabilistic Polynomial Time
    Theoretical Computer Science 93 (1992) 265-277 265 Elsevier Restricted relativizations of probabilistic polynomial time Seinosuke Toda Dvpurtment of Computer Science und In/ormution Mutkematic..s. Unirrrsity of Elrctro-conlmun~~utions, Chqfi-ahi. Tokyo 182. Jupun Communicated by R. Book Received December 1988 Revised September 1989, December 1989 Toda, S., Restricted relativizations of probabilistic polynomial time, Theoretical Computer Science 93 (1992) 265-277. We consider several questions on the computational power of PP. the class of sets accepted by polynomial time-bounded probabilistic Turing machines with two-sided unbounded error prob- ability. In particular, we consider the questions whether PP is as powerful as PSPACE and whether PP is more powerful than PH (the polynomial-time hierarchy). These questions have remained open. In fact, only a few results have been shown even in the relativized case. In the present paper we deal with the above questions in a manner similar to Long (1985). Bal&ar et al. (1986), and Long and Selman (1986). We introduce a quantitative restriction on access to a given oracle for probabilistic oracle machines. The restriction, denoted as PP,(.), allows polynomial time-bounded probabilistic oracle machines to query only polynomially many positive strings but exponentially many nuqariw strings in its computation tree. We show that for every oracle A that PP,(NP(A)) is included in PP(A). This strengthens the result shown recently by Beige] et al. (1989). In fact. we have their result as an immediate consequence. We next show some positive relativization results on the above questions. We show that separating PP from PSPACE with some sparse oracle implies the separation of PP from PSPACE in the nonrelativized case.
    [Show full text]
  • A Mini-Course on Probabilistically Checkable Proofs
    A Mini-Course on Probabilistically Checkable Proofs Orr Paradise∗ The 2018 Amos de-Shalit Summer School Weizmann Institute of Science Contents I Sunday, September 2nd 2018 2 1 Prelude: Computation and Verification 2 2 Probabilistically Checkable Proofs 3 II Monday, September 3rd 2018 5 3 The geometry of Boolean functions 5 4 Multiplicative Boolean functions 6 III Tuesday, September 4th 2018 8 5 A connection: property testing 8 6 Testing and decoding the Hadamard code 8 IV Wednesday, September 5th 2018 11 7 Quadratic equations over the field of two elements 11 8 Constructing the PCP: from ideal to real 11 9 N P ⊆ PCP (poly;O (1)) 13 ∗http://www.wisdom.weizmann.ac.il/~orrp/ 1 Part I Sunday, September 2nd 2018 This course does not directly follow any specific textbook (and therefore all errors and omissions are the teacher's). Two great resources for additional reading (and studying complexity theory in general) are [Gol08, AB09]. 1 Prelude: Computation and Verification What can be computed efficiently? This question stands at the heart of the field of computational complexity. Complexity theorists aim to answer questions of this type, a famous example being "If a solution for a problem can be verified efficiently, can it also be found efficiently?". Definition 1.1 (NP). A language L is efficiently verifiable if there exists a Turing Machine V with the following properties: • Completeness: For all x 2 L there exists a witness w of length polynomial in jxj such that V (x; w) = 1. • Soundness: For all x2 = L and any w it holds that V (x; w) = 0.
    [Show full text]
  • Turing Oracle Machines, Online Computing, and Three Displacements in Computability Theory
    Turing Oracle Machines, Online Computing, and Three Displacements in Computability Theory Robert I. Soare∗ January 3, 2009 Contents 1 Introduction 4 1.1 Terminology: Incompleteness and Incomputability . 4 1.2 The Goal of Incomputability not Computability . 5 1.3 Computing Relative to an Oracle or Database . 5 1.4 Continuous Functions and Calculus . 6 2 Origins of Computability and Incomputability 7 2.1 G¨odel'sIncompleteness Theorem . 7 2.2 Alonzo Church . 8 2.3 Herbrand-G¨odelRecursive Functions . 9 2.4 Stalemate at Princeton Over Church's Thesis . 10 2.5 G¨odel'sThoughts on Church's Thesis . 11 3 Turing Breaks the Stalemate 11 3.1 Turing Machines and Turing's Thesis . 11 3.2 G¨odel'sOpinion of Turing's Work . 13 3.2.1 G¨odel[193?] Notes in Nachlass [1935] . 14 3.2.2 Princeton Bicentennial [1946] . 15 ∗Parts of this paper were delivered in an address to the conference, Computation and Logic in the Real World, at Siena, Italy, June 18{23, 2007. Keywords: Turing ma- chine, automatic machine, a-machine, Turing oracle machine, o-machine, Alonzo Church, Stephen C. Kleene, Alan Turing, Kurt G¨odel, Emil Post, computability, incomputability, undecidability, Church-Turing Thesis, Post-Turing Thesis on relative computability, com- putable approximations, Limit Lemma, effectively continuous functions, computability in analysis, strong reducibilities. Thanks are due to C.G. Jockusch, Jr., P. Cholak, and T. Slaman for corrections and suggestions. 1 3.2.3 The Flaw in Church's Thesis . 16 3.2.4 G¨odelon Church's Thesis . 17 3.2.5 G¨odel'sLetter to Kreisel [1968] .
    [Show full text]
  • Quantum Complexity, Relativized Worlds, Oracle Separations
    Quantum Complexity, Relativized Worlds, and Oracle Separations by Dimitrios I. Myrisiotis A thesis presented to the Department of Mathematics, of the School of Science, of the National and Kapodistrian University of Athens, in fulfillment of the thesis requirement for the degree of Master of Science in Logic, and the Theory of Algorithms and Computation. Athens, Greece, 2016 c Dimitrios I. Myrisiotis 2016 I hereby declare that I am the sole author of this thesis. This is a true copy of the thesis, including any required final revisions, as accepted by my examiners. I understand that my thesis may be made electronically available to the public. ii H Παρούσα Diπλωματική ErgasÐa ekpoνήθηκε sto plaÐsio twn spoud¸n gia thn απόκτηση tou Metαπτυχιακού Dipl¸matoc EidÐkeushc sth Loγική kai JewrÐa AlgorÐjmwn kai Upologiσμού pou aponèmei to Τμήμα Majhmatik¸n tou Εθνικού kai Kapodisτριακού PanepisthmÐou Ajhn¸n EgkrÐjhke thn από thn Exetasτική Epiτροπή apoτελούμενη από touc: Onomatep¸numo BajmÐda Upoγραφή 1. 2. 3. 4. iii iv Notational Conventions True Denotes the notion of the logical truth. False Denotes the notion of the logical falsity. Yes It is used, instead of True, to denote the acceptance, of some element, by some algorithm that produces the answer to some decision problem. No It is used, instead of False, to denote the rejection, of some element, by some algorithm that produces the answer to some decision problem. :P Expresses the negation of the logical proposition P, that is, the assertion “it is not the case that P.” P ^ Q Expresses the conjuction of the logical proposition P with the logical proposition Q.
    [Show full text]
  • Interactive Proofs and the Hardness of Approximating Cliques
    Interactive Proofs and the Hardness of Approximating Cliques Uriel Feige ¤ Sha¯ Goldwasser y Laszlo Lovasz z Shmuel Safra x Mario Szegedy { Abstract The contribution of this paper is two-fold. First, a connection is shown be- tween approximating the size of the largest clique in a graph and multi-prover interactive proofs. Second, an e±cient multi-prover interactive proof for NP languages is constructed, where the veri¯er uses very few random bits and communication bits. Last, the connection between cliques and e±cient multi- prover interactive proofs, is shown to yield hardness results on the complexity of approximating the size of the largest clique in a graph. Of independent interest is our proof of correctness for the multilinearity test of functions. 1 Introduction A clique in a graph is a subset of the vertices, any two of which are connected by an edge. Computing the size of the largest clique in a graph G, denoted !(G), is one of the ¯rst problems shown NP-complete in Karp's well known paper on NP- completeness [26]. In this paper, we consider the problem of approximating !(G) within a given factor. We say that function f(x) approximates (from below) g(x) g(x) within a factor h(x) i® 1 · f(x) · h(x). ¤Department of Applied Math and Computer Science, the Weizmann Institute, Rehovot 76100, Israel. Part of this work was done while the author was visiting Princeton University. yDepartment of Electrical Engineering and Computer Science, MIT, Cambridge, MA 02139. Part of this work was done while the author was visiting Princeton University.
    [Show full text]
  • Introduction to the Theory of Complexity
    Introduction to the theory of complexity Daniel Pierre Bovet Pierluigi Crescenzi The information in this book is distributed on an “As is” basis, without warranty. Although every precaution has been taken in the preparation of this work, the authors shall not have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in this work. First electronic edition: June 2006 Contents 1 Mathematical preliminaries 1 1.1 Sets, relations and functions 1 1.2 Set cardinality 5 1.3 Three proof techniques 5 1.4 Graphs 8 1.5 Alphabets, words and languages 10 2 Elements of computability theory 12 2.1 Turing machines 13 2.2 Machines and languages 26 2.3 Reducibility between languages 28 3 Complexity classes 33 3.1 Dynamic complexity measures 34 3.2 Classes of languages 36 3.3 Decision problems and languages 38 3.4 Time-complexity classes 41 3.5 The pseudo-Pascal language 47 4 The class P 51 4.1 The class P 52 4.2 The robustness of the class P 57 4.3 Polynomial-time reducibility 60 4.4 Uniform diagonalization 62 5 The class NP 69 5.1 The class NP 70 5.2 NP-complete languages 72 v vi 5.3 NP-intermediate languages 88 5.4 Computing and verifying a function 92 5.5 Relativization of the P 6= NP conjecture 95 6 The complexity of optimization problems 110 6.1 Optimization problems 111 6.2 Underlying languages 115 6.3 Optimum measure versus optimum solution 117 6.4 Approximability 119 6.5 Reducibility and optimization problems 125 7 Beyond NP 133 7.1 The class coNP
    [Show full text]
  • 6.046J Lecture 17: Complexity and NP-Completeness
    Lecture 17 Complexity and NP-completeness Supplemental reading in CLRS: Chapter 34 As an engineer or computer scientist, it is important not only to be able to solve problems, but also to know which problems one can expect to solve efficiently. In this lecture we will explore the complexity of various problems, which is a measure of how efficiently they can be solved. 17.1 Examples To begin, we’ll review three problems that we already know how to solve efficiently. For each of the three problems, we will propose a variation which might not be so easy to solve. • Flow. Given a flow network G with integer capacities, we can efficiently find an integer flow that is optimal using the Edmonds–Karp algorithm. • Multi-Commodity Flow. In §13.3, we considered a varation of network flow in which there are k commodities which need to simultaneously flow through our network, where we need to send at least di units of commodity i from source si to sink ti. • Minimum Cut. Given an undirected weighted graph G, we can efficiently find a cut (S,V \ S) of minimum weight. Exercise 17.1. Design an efficient algorithm to solve the minimum cut problem. (Hint in this footnote.1) • Maximum Cut. What if we want to find a cut of maximum weight? • Minimum Spanning Tree. Given an undirected weighted graph G (V,E), we know how Æ to efficiently find a spanning tree of minimum weight. A spanning tree of G is a subgraph G0 (V 0,E0) G such that Æ ⊆ – G0 is connected and contains no cycles – V 0 V.
    [Show full text]
  • On the Hardness of Probabilistic Inference Relaxations∗
    The Thirty-Third AAAI Conference on Artificial Intelligence (AAAI-19) On the Hardness of Probabilistic Inference Relaxations∗ Supratik Chakraborty Kuldeep S. Meel Moshe Y. Vardi Dept of Computer Science & Engineering School of Computing Department of Computer Science Indian Institute of Technology, Bombay National University of Singapore Rice University Abstract counting techniques (Chakraborty, Meel, and Vardi 2013b; Chakraborty et al. 2014; Ermon et al. 2013; Chakraborty, A promising approach to probabilistic inference that has at- Meel, and Vardi 2016; Meel et al. 2016) therefore yield a tracted recent attention exploits its reduction to a set of model promising approach for probabilistic inference that is com- counting queries. Since probabilistic inference and model counting are #P-hard, various relaxations are used in practice, plementary to variational methods (Wainwright and Jordan with the hope that these relaxations allow efficient computa- 2008), loopy belief propagation (Murphy, Weiss, and Jor- tion while also providing rigorous approximation guarantees. dan 1999), Markov Chain Monte Carlo (MCMC)-based tech- In this paper, we show that contrary to common belief, sev- niques (Neal 1993) and the like. Indeed, the model counting eral relaxations used for model counting and its applications formulation has recently been hailed as a promising assembly (including probablistic inference) do not really lead to compu- language for inferencing in probabilistic graphical models. tational efficiency in a complexity theoretic sense. Our argu-
    [Show full text]
  • Patrizio Cintioli and Riccardo Silvestri 1. Introduction
    Theoretical Informatics and Applications Theoret. Informatics Appl. 35 (2001) 367–377 THE HELPING HIERARCHY Patrizio Cintioli1 and Riccardo Silvestri 2 Abstract.Sch¨oning [14] introduced a notion of helping and suggested the study of the class Phelp(C) of the languages that can be helped by oracles in a given class C. Later, Ko [12], in order to study the connections between helping and “witness searching”, introduced the notion of self-helping for languages. We extend this notion to classes of languages and show that there exists a self-helping class that we call SH which contains all the self-helping classes. We introduce the Helping hierarchy whose levels are obtained applying a constant number of times the operator Phelp(·) to the set of all the languages. We show that the Helping hierarchy collapses to the k-th level if and only if SH is equal to the k-th level. We give characterizations of all the levels and use these to construct a relativized world in which the Helping hierarchy is infinite. Mathematics Subject Classification. 68Q15, 68Q05, 03D15. 1. Introduction Sch¨oning [14] proposed a notion of oracle set helping the computation of a language. He introduced the basic concept of robust machine, that is, a determinis- tic oracle Turing machine that always recognizes the same language, independent of the oracle that is used. The oracle is only for possibly speeding up the computation. Precisely, a language L is said to be recognized in polynomial time with the help of an oracle E if there is a robust machine M recognizing L such that M with oracle E runs in polynomial time.
    [Show full text]