Results 1  10
of
15
TimeSpace Tradeoffs for Satisfiability
 Journal of Computer and System Sciences
, 1997
"... We give the first nontrivial modelindependent timespace tradeoffs for satisfiability. Namely, we show that SAT cannot be solved simultaneously in n 1+o(1) time and n 1\Gammaffl space for any ffl ? 0 on general randomaccess nondeterministic Turing machines. In particular, SAT cannot be solved ..."
Abstract

Cited by 29 (1 self)
 Add to MetaCart
We give the first nontrivial modelindependent timespace tradeoffs for satisfiability. Namely, we show that SAT cannot be solved simultaneously in n 1+o(1) time and n 1\Gammaffl space for any ffl ? 0 on general randomaccess nondeterministic Turing machines. In particular, SAT cannot be solved deterministically by a Turing machine using quasilinear time and p n space. We also give lower bounds for logspace uniform NC 1 circuits and branching programs. Our proof uses two basic ideas. First we show that if SAT can be solved nondeterministically with a small amount of time then we can collapse a nonconstant number of levels of the polynomialtime hierarchy. We combine this work with a result of Nepomnjascii that shows that a nondeterministic computation of super linear time and sublinear space can be simulated in alternating linear time. A simple diagonalization yields our main result. We discuss how these bounds lead to a new approach to separating the complexity classes NL a...
Nonuniform ACC circuit lower bounds
, 2010
"... The class ACC consists of circuit families with constant depth over unbounded fanin AND, OR, NOT, and MODm gates, where m> 1 is an arbitrary constant. We prove: • NTIME[2 n] does not have nonuniform ACC circuits of polynomial size. The size lower bound can be slightly strengthened to quasipoly ..."
Abstract

Cited by 19 (4 self)
 Add to MetaCart
The class ACC consists of circuit families with constant depth over unbounded fanin AND, OR, NOT, and MODm gates, where m> 1 is an arbitrary constant. We prove: • NTIME[2 n] does not have nonuniform ACC circuits of polynomial size. The size lower bound can be slightly strengthened to quasipolynomials and other less natural functions. • ENP, the class of languages recognized in 2O(n) time with an NP oracle, doesn’t have nonuniform ACC circuits of 2no(1) size. The lower bound gives an exponential sizedepth tradeoff: for every d there is a δ> 0 such that ENP doesn’t have depthd ACC circuits of size 2nδ. Previously, it was not known whether EXP NP had depth3 polynomial size circuits made out of only MOD6 gates. The highlevel strategy is to design faster algorithms for the circuit satisfiability problem over ACC circuits, then prove that such algorithms entail the above lower bounds. The algorithm combines known properties of ACC with fast rectangular matrix multiplication and dynamic programming, while the second step requires a subtle strengthening of the author’s prior work [STOC’10]. Supported by the Josef Raviv Memorial Fellowship.
A Survey of Lower Bounds for Satisfiability and Related Problems
 Foundations and Trends in Theoretical Computer Science
, 2007
"... Ever since the fundamental work of Cook from 1971, satisfiability has been recognized as a central problem in computational complexity. It is widely believed to be intractable, and yet till recently even a lineartime, logarithmicspace algorithm for satisfiability was not ruled out. In 1997 Fortnow ..."
Abstract

Cited by 14 (1 self)
 Add to MetaCart
Ever since the fundamental work of Cook from 1971, satisfiability has been recognized as a central problem in computational complexity. It is widely believed to be intractable, and yet till recently even a lineartime, logarithmicspace algorithm for satisfiability was not ruled out. In 1997 Fortnow, building on earlier work by Kannan, ruled out such an algorithm. Since then there has been a significant amount of progress giving nontrivial lower bounds on the computational complexity of satisfiability. In this article we survey the known lower bounds for the time and space complexity of satisfiability and closely related problems on deterministic, randomized, and quantum models with random access. We discuss the stateoftheart results and present the underlying arguments in a unified framework. 1
SNARKs for C: Verifying program executions succinctly and in zero knowledge
 In Proceedings of CRYPTO 2013, LNCS
"... An argument system for NP is a proof system that allows efficient verification of NP statements, given proofs produced by an untrusted yet computationallybounded prover. Such a system is noninteractive and publiclyverifiable if, after a trusted party publishes a proving key and a verification key, ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
An argument system for NP is a proof system that allows efficient verification of NP statements, given proofs produced by an untrusted yet computationallybounded prover. Such a system is noninteractive and publiclyverifiable if, after a trusted party publishes a proving key and a verification key, anyone can use the proving key to generate noninteractive proofs for adaptivelychosen NP statements, and proofs can be verified by anyone by using the verification key. We present an implementation of a publiclyverifiable noninteractive argument system for NP. The system, moreover, is a zeroknowledge proofofknowledge. It directly proves correct executions of programs on TinyRAM, a randomaccess machine tailored for efficient verification of nondeterministic computations. Given a program P and time bound T, the system allows for proving correct execution of P, on any input x, for up to T steps, after a onetime setup requiring Õ(P  · T) cryptographic operations. An honest prover requires Õ(P  · T) cryptographic operations to generate such a proof, while proof verification can be performed with only O(x) cryptographic operations. This system can be used to prove the correct execution of C programs, using our TinyRAM port of the GCC compiler. This yields a zeroknowledge Succinct Noninteractive ARgument of Knowledge (zkSNARK) for
On Quasilinear Time Complexity Theory
, 1994
"... This paper furthers the study of quasilinear time complexity initiated by Schnorr and Gurevich and Shelah. We show that the fundamental properties of the polynomialtime hierarchy carry over to the quasilineartime hierarchy. ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
This paper furthers the study of quasilinear time complexity initiated by Schnorr and Gurevich and Shelah. We show that the fundamental properties of the polynomialtime hierarchy carry over to the quasilineartime hierarchy.
NonLinear Time Lower Bound for (Succinct) Quantified Boolean Formulas
"... Abstract. We give a reduction from arbitrary languages in alternating time t(n) to quantified Boolean formulas (QBF) describable in O(t(n)) bits. The reduction works for a reasonable succinct encoding of Boolean formulas and for several reasonable machine models, including multitape Turing machines ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
Abstract. We give a reduction from arbitrary languages in alternating time t(n) to quantified Boolean formulas (QBF) describable in O(t(n)) bits. The reduction works for a reasonable succinct encoding of Boolean formulas and for several reasonable machine models, including multitape Turing machines and logarithmiccost RAMs. By a simple diagonalization, it follows that our succinct QBF problem requires superlinear time on those models. To our knowledge this is the first known instance of a nonlinear time lower bound (with no space restriction) for solving a natural linear space problem on a variety of computational models.
On superlinear lower bounds in complexity theory
 In Proc. 10th Annual IEEE Conference on Structure in Complexity Theory
, 1995
"... This paper first surveys the neartotal lack of superlinear lower bounds in complexity theory, for “natural” computational problems with respect to many models of computation. We note that the dividing line between models where such bounds are known and those where none are known comes when the mode ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
This paper first surveys the neartotal lack of superlinear lower bounds in complexity theory, for “natural” computational problems with respect to many models of computation. We note that the dividing line between models where such bounds are known and those where none are known comes when the model allows nonlocal communication with memory at unit cost. We study a model that imposes a “fair cost ” for nonlocal communication, and obtain modest superlinear lower bounds for some problems via a Kolmogorovcomplexity argument. Then we look to the larger picture of what it will take to prove really striking lower bounds, and pull from ours and others’ work a concept of information vicinity that may offer new tools and modes of analysis to a young field that rather lacks them.
Local reductions
, 2013
"... We reduce nondeterministic time T ≥ 2 n to a 3SAT instance φ of size φ  = T ·log O(1) T such that there is an explicit circuit C that on input an index i of logφ bits outputs the ith clause, and each output bit of C depends on O(1) inputs bits. The previous best result was C in NC 1. Even in th ..."
Abstract
 Add to MetaCart
We reduce nondeterministic time T ≥ 2 n to a 3SAT instance φ of size φ  = T ·log O(1) T such that there is an explicit circuit C that on input an index i of logφ bits outputs the ith clause, and each output bit of C depends on O(1) inputs bits. The previous best result was C in NC 1. Even in the simpler setting of φ  = poly(T) the previous best result was C in AC 0. More generally, for any time T ≥ n and parameter r ≤ n we obtain log 2φ  = max(logT,n/r)+O(logn)+O(loglogT) and each output bit of C is a decision tree of depth O(logr). As an application, we simplify the proof of Williams ’ ACC 0 lower bound, and tighten his connection between satisfiability algorithms and lower bounds.
From RAM to SAT
, 2012
"... Common presentations of the NPcompleteness of SAT suffer from two drawbacks which hinder the scope of this flagship result. First, they do not apply to machines equipped with randomaccess memory, also known as directaccess memory, even though this feature is critical in basic algorithms. Second, ..."
Abstract
 Add to MetaCart
Common presentations of the NPcompleteness of SAT suffer from two drawbacks which hinder the scope of this flagship result. First, they do not apply to machines equipped with randomaccess memory, also known as directaccess memory, even though this feature is critical in basic algorithms. Second, they incur a quadratic blowup in parameters, even though the distinction between, say, linear and quadratic time is often as critical as the one between polynomial and exponential. But the landmark result of a sequence of works overcomes both these drawbacks simultaneously! [HS66, Sch78, PF79, Coo88, GS89, Rob91] The proof of this result is simplified by Van Melkebeek in [vM06, §2.3.1]. Compared to previous proofs, this proof more directly reduces randomaccess machines to SAT, bypassing sequential Turing machines, and using a simple, wellknown sorting algorithm: OddEven Merge sort [Bat68]. In this work we give a selfcontained rendering of this simpler proof. For context, we note that the impressive works [BSCGT12b, BSCGT12a] give the stronger type of reduction where a candidate satisfying assignment to the SAT instance can be verified
Recursive composition and bootstrapping for SNARKs . . .
, 2012
"... Succinct noninteractive arguments of knowledge (SNARKs), and their generalization to distributed computations by proofcarrying data (PCD), are powerful tools for enforcing the correctness of dynamically evolving computations among multiple mutuallyuntrusting parties. We present recursive composit ..."
Abstract
 Add to MetaCart
Succinct noninteractive arguments of knowledge (SNARKs), and their generalization to distributed computations by proofcarrying data (PCD), are powerful tools for enforcing the correctness of dynamically evolving computations among multiple mutuallyuntrusting parties. We present recursive composition and bootstrapping techniques that: 1. Transform any SNARK with an expensive preprocessing phase into a SNARK without such a phase. 2. Transform any SNARK into a PCD system for constantdepth distributed computations. 3. Transform any PCD system for constantdepth distributed computations into a PCD system for distributed computation over paths of fixed polynomial length. Our transformations apply to both the public and privateverification settings, and assume the existence of CRHs; for the privateverification setting, we additionally assume FHE. By applying our transformations to the NIZKs of [Groth, ASIACRYPT ’10], whose security is based on a Knowledge of Exponent assumption in bilinear groups, we obtain the first publiclyverifiable SNARKs and PCD without preprocessing in the plain model. (Previous constructions were either in the randomoracle model [Micali, FOCS ’94] or in a signature oracle model [Chiesa and Tromer, ICS ’10].) Interestingly,