Results 1  10
of
115
Revocation and Tracing Schemes for Stateless Receivers
, 2001
"... Abstract. We deal with the problem of a center sending a message to a group of users such that some subset of the users is considered revoked and should not be able to obtain the content of the message. We concentrate on the stateless receiver case, where the users do not (necessarily) update their ..."
Abstract

Cited by 181 (4 self)
 Add to MetaCart
Abstract. We deal with the problem of a center sending a message to a group of users such that some subset of the users is considered revoked and should not be able to obtain the content of the message. We concentrate on the stateless receiver case, where the users do not (necessarily) update their state from session to session. We present a framework called the SubsetCover framework, which abstracts a variety of revocation schemes including some previously known ones. We provide sufficient conditions that guarantees the security of a revocation algorithm in this class. We describe two explicit SubsetCover revocation algorithms; these algorithms are very flexible and work for any number of revoked users. The schemes require storage at the receiver of log N and 1 2 log2 N keys respectively (N is the total number of users), and in order to revoke r users the required message lengths are of r log N and 2r keys respectively. We also provide a general traitor tracing mechanism that can be integrated with any SubsetCover revocation scheme that satisfies a “bifurcation property”. This mechanism does not need an a priori bound on the number of traitors and does not expand the message length by much compared to the revocation of the same set of traitors. The main improvements of these methods over previously suggested methods, when adopted to the stateless scenario, are: (1) reducing the message length to O(r) regardless of the coalition size while maintaining a single decryption at the user’s end (2) provide a seamless integration between the revocation and tracing so that the tracing mechanisms does not require any change to the revocation algorithm.
The monotone circuit complexity of Boolean functions
 COMBINATORICA
, 1987
"... Recently, Razborov obtained superpolynomial lower bounds for monotone circuits that lect cliques in graphs. In particular, Razborov showed that detecting cliques of size s in a graph dh m vertices requires monotone circuits of size.Q(m'/(log m) ~') for fixed s, and size rn ao°~') for ..."
Abstract

Cited by 127 (4 self)
 Add to MetaCart
Recently, Razborov obtained superpolynomial lower bounds for monotone circuits that lect cliques in graphs. In particular, Razborov showed that detecting cliques of size s in a graph dh m vertices requires monotone circuits of size.Q(m'/(log m) ~') for fixed s, and size rn ao°~') for,.:[log ml4J. In this paper we modify the arguments of Razborov to obtain exponential lower bounds for monotone circuits. In particular, detecting cliques of size (1/4) (m/log m) ~'/a requires monotone circuits f size exp (£2((m/log m)~/:~)). For fixed s, any monotone circuit that detects cliques of size s requires 'm'/(log m)') AND gates. We show that even a very rough approximation of the maximum clique e of a graph requires superpolynomial size monotone circuits, and give lower bounds for some net Boolean functions. Our best lower bound fi~r an NP function of n variables is exp (f2(n w4. (log n)~/~)), improving a recent result of exp (f2(nws')) due to Andreev.
The Importance of Being Biased
, 2002
"... The Minimum Vertex Cover problem is the problem of, given a graph, finding a smallest set of vertices that touches all edges. We show that it is NPhard to approximate this problem 1.36067, improving on the previously known hardness result for a 6 factor. 1 ..."
Abstract

Cited by 87 (8 self)
 Add to MetaCart
The Minimum Vertex Cover problem is the problem of, given a graph, finding a smallest set of vertices that touches all edges. We show that it is NPhard to approximate this problem 1.36067, improving on the previously known hardness result for a 6 factor. 1
Combinatorial Bounds for Broadcast Encryption
, 1998
"... Abstract. A broadcast encryption system allows a center to communicate securely over a broadcast channel with selected sets of users. Each time the set of privileged users changes, the center enacts a protocol to establish a new broadcast key that only the privileged users can obtain, and subsequen ..."
Abstract

Cited by 56 (0 self)
 Add to MetaCart
Abstract. A broadcast encryption system allows a center to communicate securely over a broadcast channel with selected sets of users. Each time the set of privileged users changes, the center enacts a protocol to establish a new broadcast key that only the privileged users can obtain, and subsequent transmissions by the center are encrypted using the new broadcast key. We study the inherent tradeoff between the number of establishment keys held by each user and the number of transmissions needed to establish a new broadcast key. For every given upper bound on the number of establishment keys held by each user, we prove a lower bound on the number of transmissions needed to establish a new broadcast key. We show that these bounds are essentially tight, by describing broadcast encryption systems that come close to these bounds. 1
Multiplying matrices faster than coppersmithwinograd
 In Proc. 44th ACM Symposium on Theory of Computation
, 2012
"... We develop new tools for analyzing matrix multiplication constructions similar to the CoppersmithWinograd construction, and obtain a new improved bound on ω < 2.3727. 1 ..."
Abstract

Cited by 43 (5 self)
 Add to MetaCart
We develop new tools for analyzing matrix multiplication constructions similar to the CoppersmithWinograd construction, and obtain a new improved bound on ω < 2.3727. 1
Problems and results in combinatorial analysis
 COMBINATORICS (PROC. SYMP. PURE MATH
, 1971
"... This review of some solved and unsolved problems in combinatorial analysis will be highly subjective. i will only discuss problems which I either worked on or at least thought about. The disadvantages of such an approach are obvious, but the disadvantages are perhaps counterbalanced by the fact that ..."
Abstract

Cited by 38 (0 self)
 Add to MetaCart
This review of some solved and unsolved problems in combinatorial analysis will be highly subjective. i will only discuss problems which I either worked on or at least thought about. The disadvantages of such an approach are obvious, but the disadvantages are perhaps counterbalanced by the fact that I certainly know more about these problems than about others (which perhaps are more important). i will mainly discuss finite combinatorial problems. I cannot claim completeness in any way but will try to refer to the literature in some cases; even so many things will be omitted. ISO will denote the cardinal number of S; c, cl, c2,... will denote absolute constants not necessarily the same at each occurrence. I. I will start with some problems dealing with subsets of a set. Let IS I =n. A well known theorem of Sperner [57] states that if A i a S, 15 i 5 m, is such that no A, contains any other, then max m=(aA). The theorem of Sperner has many applications in number theory; as far as I know these were first noticed by Behrend [2] and myself [8]. I asked 30 years ago several further extremal problems about subsets which also have number theoretic consequences. Let At a S, 15 i 5mi, assume that there are no three distinct A's so that Ai V A! = A,. I conjectured that
The Cell Probe Complexity of Succinct Data Structures
 In Automata, Languages and Programming, 30th International Colloquium (ICALP 2003
, 2003
"... We show lower bounds in the cell probe model for the redundancy/query time tradeoff of solutions to static data structure problems. ..."
Abstract

Cited by 30 (0 self)
 Add to MetaCart
We show lower bounds in the cell probe model for the redundancy/query time tradeoff of solutions to static data structure problems.
Reductions in Circuit Complexity: An Isomorphism Theorem and a Gap Theorem
 Journal of Computer and System Sciences
"... We show that all sets that arecomplete for NP under nonuniform AC are isomorphic under nonuniform AC computable isomorphisms. Furthermore, these sets remain NPcomplete even under nonuniform NC reductions. ..."
Abstract

Cited by 29 (11 self)
 Add to MetaCart
We show that all sets that arecomplete for NP under nonuniform AC are isomorphic under nonuniform AC computable isomorphisms. Furthermore, these sets remain NPcomplete even under nonuniform NC reductions.
On the concentration of multivariate polynomials with small expectation
, 2000
"... Let t1,..., tn be independent, but not necessarily identical, {0, 1} random variables. We prove a general large deviation bound for multivariate polynomials (in t1,..., tn) with small expectation (order O(polylog(n))). Few applications in random graphs and combinatorial number theory will be discus ..."
Abstract

Cited by 28 (4 self)
 Add to MetaCart
Let t1,..., tn be independent, but not necessarily identical, {0, 1} random variables. We prove a general large deviation bound for multivariate polynomials (in t1,..., tn) with small expectation (order O(polylog(n))). Few applications in random graphs and combinatorial number theory will be discussed. Our result is closely related to a classical result of Janson [Jan]. Both of them can be applied in similar situations. On the other hand, our result is symmetric, while Janson’s inequality only deals with the lower tail probability.