Results 1  10
of
36
Computationally private information retrieval with polylogarithmic communication
 Advances in Cryptology—EUROCRYPT ’99
, 1999
"... We present a singledatabase computationally private information retrieval scheme with polylogarithmic communication complexity. Our construction is based on a new, but reasonable intractability assumption, which we call the ΦHiding Assumption (ΦHA): essentially the difficulty of deciding whether a ..."
Abstract

Cited by 223 (3 self)
 Add to MetaCart
We present a singledatabase computationally private information retrieval scheme with polylogarithmic communication complexity. Our construction is based on a new, but reasonable intractability assumption, which we call the ΦHiding Assumption (ΦHA): essentially the difficulty of deciding whether a small prime> 2 divides ϕ(m), where m is a composite integer of unknown factorization. Our result also implies the existence of tworound CS proof systems under a concrete complexity assumption. Keywords: Integer factorization, Euler’s function, Φhiding assumption, private information retrieval, computationally sound proofs.
Noninteractive ZeroKnowledge
 SIAM J. COMPUTING
, 1991
"... This paper investigates the possibility of disposing of interaction between prover and verifier in a zeroknowledge proof if they share beforehand a short random string. Without any assumption, it is proven that noninteractive zeroknowledge proofs exist for some numbertheoretic languages for which ..."
Abstract

Cited by 188 (19 self)
 Add to MetaCart
This paper investigates the possibility of disposing of interaction between prover and verifier in a zeroknowledge proof if they share beforehand a short random string. Without any assumption, it is proven that noninteractive zeroknowledge proofs exist for some numbertheoretic languages for which no efficient algorithm is known. If deciding quadratic residuosity (modulo composite integers whose factorization is not known) is computationally hard, it is shown that the NPcomplete language of satisfiability also possesses noninteractive zeroknowledge proofs.
Elliptic Curves And Primality Proving
 Math. Comp
, 1993
"... The aim of this paper is to describe the theory and implementation of the Elliptic Curve Primality Proving algorithm. ..."
Abstract

Cited by 162 (22 self)
 Add to MetaCart
The aim of this paper is to describe the theory and implementation of the Elliptic Curve Primality Proving algorithm.
LOW REDUNDANCY IN STATIC DICTIONARIES WITH CONSTANT QUERY TIME
 SIAM J. COMPUT.
, 2001
"... A static dictionary is a data structure storing subsets of a finite universe U, answering membership queries. We show that on a unit cost RAM with word size Θ(log U), a static dictionary for nelement sets with constant worst case query time can be obtained using B +O(log log U)+o(n) (U) bits ..."
Abstract

Cited by 50 (7 self)
 Add to MetaCart
A static dictionary is a data structure storing subsets of a finite universe U, answering membership queries. We show that on a unit cost RAM with word size Θ(log U), a static dictionary for nelement sets with constant worst case query time can be obtained using B +O(log log U)+o(n) (U) bits of storage, where B = ⌈log2 ⌉ is the minimum number of bits needed to represent all nn element subsets of U.
A Complexity Theory for Feasible Closure Properties
, 1991
"... The study of the complexity of sets encompasses two complementary aims: (1) establishing  usually via explicit construction of algorithms  that sets are feasible, and (2) studying the relative complexity of sets that plausibly might be feasible but are not currently known to be feasible (such as ..."
Abstract

Cited by 47 (3 self)
 Add to MetaCart
The study of the complexity of sets encompasses two complementary aims: (1) establishing  usually via explicit construction of algorithms  that sets are feasible, and (2) studying the relative complexity of sets that plausibly might be feasible but are not currently known to be feasible (such as the NPcomplete sets and the PSPACEcomplete sets). For the study of the complexity of closure properties, a recent urry of results [21, 33, 49, 6, 7, 16] has established an analog of (1); these papers explicitly demonstrate many closure properties possessed by PP and C=P (and the proofs implicitly give closure properties of the function class #P). The present paper presents and develops, for function classes such as #P, SpanP, OptP, and MidP, an analog of (2): a general theory of the complexity of closure properties. In particular, we show that subtraction is hard for the closure properties of each of these classes: each is closed under subtraction if and only if it is closed under every polynom...
Verifying Candidate Matches in Sparse and Wildcard Matching (Extended Abstract)
, 2002
"... This paper obtains the following results on pattern matching problems in which the text has length n and the pattern has length m. ..."
Abstract

Cited by 40 (3 self)
 Add to MetaCart
This paper obtains the following results on pattern matching problems in which the text has length n and the pattern has length m.
Practical ZeroKnowledge Proofs: Giving Hints and Using Deficiencies
 JOURNAL OF CRYPTOLOGY
, 1994
"... New zeroknowledge proofs are given for some numbertheoretic problems. All of the problems are in NP, but the proofs given here are much more efficient than the previously known proofs. In addition, these proofs do not require the prover to be superpolynomial in power. A probabilistic polynomial t ..."
Abstract

Cited by 32 (0 self)
 Add to MetaCart
New zeroknowledge proofs are given for some numbertheoretic problems. All of the problems are in NP, but the proofs given here are much more efficient than the previously known proofs. In addition, these proofs do not require the prover to be superpolynomial in power. A probabilistic polynomial time prover with the appropriate trapdoor knowledge is sufficient. The proofs are perfect or statistical zeroknowledge in all cases except one.
On Parallel Hashing and Integer Sorting
, 1991
"... The problem of sorting n integers from a restricted range [1::m], where m is superpolynomial in n, is considered. An o(n log n) randomized algorithm is given. Our algorithm takes O(n log log m) expected time and O(n) space. (Thus, for m = n polylog(n) we have an O(n log log n) algorithm.) The al ..."
Abstract

Cited by 25 (9 self)
 Add to MetaCart
The problem of sorting n integers from a restricted range [1::m], where m is superpolynomial in n, is considered. An o(n log n) randomized algorithm is given. Our algorithm takes O(n log log m) expected time and O(n) space. (Thus, for m = n polylog(n) we have an O(n log log n) algorithm.) The algorithm is parallelizable. The resulting parallel algorithm achieves optimal speed up. Some features of the algorithm make us believe that it is relevant for practical applications. A result of independent interest is a parallel hashing technique. The expected construction time is logarithmic using an optimal number of processors, and searching for a value takes O(1) time in the worst case. This technique enables drastic reduction of space requirements for the price of using randomness. Applicability of the technique is demonstrated for the parallel sorting algorithm, and for some parallel string matching algorithms. The parallel sorting algorithm is designed for a strong and non standard mo...
The Generation of Random Numbers That Are Probably Prime
 Journal of Cryptology
, 1988
"... In this paper we make two observations on Rabin's probabilistic primality test. The first is a provocative reason why Rabin's test is so good. It turned out that a single iteration has a nonnegligible probability of failing _only_ on composite numbers that can actually be split in expected polynomia ..."
Abstract

Cited by 22 (0 self)
 Add to MetaCart
In this paper we make two observations on Rabin's probabilistic primality test. The first is a provocative reason why Rabin's test is so good. It turned out that a single iteration has a nonnegligible probability of failing _only_ on composite numbers that can actually be split in expected polynomial time. Therefore, factoring would be easy if Rabin's test systematically failed with a 25% probability on each composite integer (which, of course, it does not). The second observation is more fundamental because is it _not_ restricted to primality testing: it has consequences for the entire field of probabilistic algorithms. The failure probability when using a probabilistic algorithm for the purpose of testing some property is compared with that when using it for the purpose of obtaining a random element hopefully having this property. More specifically, we investigate the question of how reliable Rabin's test is when used to _generate_ a random integer that is probably prime, rather than to _test_ a specific integer for primality.
Key words: factorization, false witnesses, primality testing, probabilistic algorithms, Rabin's test.
Low Redundancy in Static Dictionaries with O(1) Worst Case Lookup Time
 IN PROCEEDINGS OF THE 26TH INTERNATIONAL COLLOQUIUM ON AUTOMATA, LANGUAGES AND PROGRAMMING (ICALP '99
, 1999
"... A static dictionary is a data structure for storing subsets of a nite universe U , so that membership queries can be answered efficiently. We study this problem in a unit cost RAM model with word size (log jU j), and show that for nelement subsets, constant worst case query time can be obtained us ..."
Abstract

Cited by 21 (5 self)
 Add to MetaCart
A static dictionary is a data structure for storing subsets of a nite universe U , so that membership queries can be answered efficiently. We study this problem in a unit cost RAM model with word size (log jU j), and show that for nelement subsets, constant worst case query time can be obtained using B +O(log log jU j) + o(n) bits of storage, where B = dlog 2 jUj n e is the minimum number of bits needed to represent all such subsets. For jU j = n log O(1) n the dictionary supports constant time rank queries.