Results 1  10
of
20
Limits on the Provable Consequences of Oneway Permutations
, 1989
"... We present strong evidence that the implication, "if oneway permutations exist, then secure secret key agreement is possible" is not provable by standard techniques. Since both sides of this implication are widely believed true in real life, to show that the implication is false requir ..."
Abstract

Cited by 165 (0 self)
 Add to MetaCart
We present strong evidence that the implication, "if oneway permutations exist, then secure secret key agreement is possible" is not provable by standard techniques. Since both sides of this implication are widely believed true in real life, to show that the implication is false requires a new model. We consider a world where dl parties have access to a black box or a randomly selected permutation. Being totally random, this permutation will be strongly oneway in provable, informationthevretic way. We show that, if P = NP, no protocol for secret key agreement is secure in such setting. Thus, to prove that a secret key greement protocol which uses a oneway permutation as a black box is secure is as hrd as proving F NP. We also obtain, as corollary, that there is an oracle relative to which the implication is false, i.e., there is a oneway permutation, yet secretexchange is impossible. Thus, no technique which relativizes can prove that secret exchange can be based on any oneway permutation. Our results present a general framework for proving statements of the form, "Cryptographic application X is not likely possible based solely on complexity assumption Y." 1
BPP has Subexponential Time Simulations unless EXPTIME has Publishable Proofs (Extended Abstract)
, 1993
"... ) L'aszl'o Babai Noam Nisan y Lance Fortnow z Avi Wigderson University of Chicago Hebrew University Abstract We show that BPP can be simulated in subexponential time for infinitely many input lengths unless exponential time ffl collapses to the second level of the polynomialtime ..."
Abstract

Cited by 114 (9 self)
 Add to MetaCart
) L'aszl'o Babai Noam Nisan y Lance Fortnow z Avi Wigderson University of Chicago Hebrew University Abstract We show that BPP can be simulated in subexponential time for infinitely many input lengths unless exponential time ffl collapses to the second level of the polynomialtime hierarchy, ffl has polynomialsize circuits and ffl has publishable proofs (EXPTIME=MA). We also show that BPP is contained in subexponential time unless exponential time has publishable proofs for infinitely many input lengths. In addition, we show BPP can be simulated in subexponential time for infinitely many input lengths unless there exist unary languages in MA n P . The proofs are based on the recent characterization of the power of multiprover interactive protocols and on random selfreducibility via low degree polynomials. They exhibit an interplay between Boolean circuit simulation, interactive proofs and classical complexity classes. An important feature of this proof is that it does not ...
Complexity Limitations on Quantum Computation
 Journal of Computer and System Sciences
, 1997
"... We use the powerful tools of counting complexity and generic oracles to help understand the limitations of the complexity of quantum computation. We show several results for the probabilistic quantum class BQP.  BQP is low for PP, i.e., PP BQP = PP.  There exists a relativized world where P = ..."
Abstract

Cited by 94 (3 self)
 Add to MetaCart
We use the powerful tools of counting complexity and generic oracles to help understand the limitations of the complexity of quantum computation. We show several results for the probabilistic quantum class BQP.  BQP is low for PP, i.e., PP BQP = PP.  There exists a relativized world where P = BQP and the polynomialtime hierarchy is infinite.  There exists a relativized world where BQP does not have complete sets.  There exists a relativized world where P = BQP but P 6= UP " coUP and oneway functions exist. This gives a relativized answer to an open question of Simon.
The Role of Relativization in Complexity Theory
 Bulletin of the European Association for Theoretical Computer Science
, 1994
"... Several recent nonrelativizing results in the area of interactive proofs have caused many people to review the importance of relativization. In this paper we take a look at how complexity theorists use and misuse oracle results. We pay special attention to the new interactive proof systems and progr ..."
Abstract

Cited by 42 (9 self)
 Add to MetaCart
Several recent nonrelativizing results in the area of interactive proofs have caused many people to review the importance of relativization. In this paper we take a look at how complexity theorists use and misuse oracle results. We pay special attention to the new interactive proof systems and program checking results and try to understand why they do not relativize. We give some new results that may help us to understand these questions better.
A Lower Bound for Randomized Algebraic Decision Trees
 PROC. 28TH ACM STOC
, 1996
"... We prove the first nontrivial (and superlinear) lower bounds on the depth of randomized algebraic decision trees (with twosided error) for problems being finite unions of hyperplanes and intersections of halfspaces, solving a long standing open problem. As an application, among other things, we ..."
Abstract

Cited by 23 (11 self)
 Add to MetaCart
We prove the first nontrivial (and superlinear) lower bounds on the depth of randomized algebraic decision trees (with twosided error) for problems being finite unions of hyperplanes and intersections of halfspaces, solving a long standing open problem. As an application, among other things, we derive, for the first time, an \Omega\Gamma n 2 ) randomized lower bound for the Knapsack Problem, and an \Omega\Gamma n log n) randomized lower bound for the Element Distinctness Problem which were previously known only for deterministic algebraic decision trees. It is worth noting that for the languages being finite unions of hyperplanes our proof method yields also a new elementary lower bound technique for deterministic algebraic decision trees without making use of Milnor's bound on Betti number of algebraic varieties.
An Observation on Probability versus Randomness with Applications to Complexity Classes
 MATHEMATICAL SYSTEMS THEORY
, 1993
"... Every class C of languages satisfying a simple topological condition is shown to have probability one if and only if it contains some language that is algorithmically random in the sense of MartinLof. This result is used to derive separation properties of algorithmically random oracles and to gi ..."
Abstract

Cited by 20 (7 self)
 Add to MetaCart
Every class C of languages satisfying a simple topological condition is shown to have probability one if and only if it contains some language that is algorithmically random in the sense of MartinLof. This result is used to derive separation properties of algorithmically random oracles and to give characterizations of the complexity classes P, BPP, AM, and PH in terms of reducibility to such oracles. These characterizations lead to results like: P = NP if and only if there exists an algorithmically random set that is P btt hard for NP.
On the Power of Randomized Branching Programs
 IN PROCEEDINGS OF THE ICALP'96, LECTURE NOTES IN COMPUTER SCIENCE
, 1996
"... We define the notion of a randomized branching program in the natural way similar to the definition of a randomized circuit. We exhibit an explicit function fn for which we prove that: 1) f n can be computed by polynomial size randomized readonce ordered branching program with a small onesided ..."
Abstract

Cited by 19 (9 self)
 Add to MetaCart
We define the notion of a randomized branching program in the natural way similar to the definition of a randomized circuit. We exhibit an explicit function fn for which we prove that: 1) f n can be computed by polynomial size randomized readonce ordered branching program with a small onesided error; 2) fn cannot be computed in polynomial size by deterministic readonce branching programs; 3) fn cannot be computed in polynomial size by deterministic read ktimes ordered branching program for k = o(n= log n) (the required deterministic size is exp \Gamma\Omega \Gamma n k \Delta\Delta ).
On ReadOnce vs. Multiple Access to Randomness in Logspace
 THEORETICAL COMPUTER SCIENCE
, 1993
"... In the "correct" definition of randomized spacebounded computation, the machine has access to a random coin. The coin can be flipped at will, but outcomes of previous coin flips cannot be recalled unless they are saved in the machine's limited memory. In contrast to this readonc ..."
Abstract

Cited by 18 (2 self)
 Add to MetaCart
In the "correct" definition of randomized spacebounded computation, the machine has access to a random coin. The coin can be flipped at will, but outcomes of previous coin flips cannot be recalled unless they are saved in the machine's limited memory. In contrast to this readonce mechanism of accessing the random source, one may consider Turing machines which have access to a random tape. Here, the random bits may be multiply accessed by the machine. In this note we show a very concrete sense in which multiple access to the random bits is better than readonce access to them: Every language accepted with bounded 2sided error by a readoncerandomized Logspace machine, can be accepted with zero error by a randomized Logspace machine having multiple access to the random bits. Finally we characterize the class of languages that can be accepted with twosided error by randomized Logspace machines with multiple access to the random bits as exactly the class of languages tha...
Amplification and Percolation
, 1992
"... Moore and Shannon had shown that relays with arbitrarily high reliability can be built from relays with arbitrarily poor reliability. Valiant used similar methods to construct monotone readonce formulae of size O(n ff+2 ) (where ff = log p 5\Gamma1 2 ' 3:27) that amplify (/ \Gamma 1 n ..."
Abstract

Cited by 10 (3 self)
 Add to MetaCart
Moore and Shannon had shown that relays with arbitrarily high reliability can be built from relays with arbitrarily poor reliability. Valiant used similar methods to construct monotone readonce formulae of size O(n ff+2 ) (where ff = log p 5\Gamma1 2 ' 3:27) that amplify (/ \Gamma 1 n ; / + 1 n ) (where / = p 5\Gamma1 2 ' 0:62) to (2 \Gamman ; 1 \Gamma 2 \Gamman ) and deduced as a consequence the existence of monotone formulae of the same size that compute the majority of n bits. Boppana had shown that any monotone readonce formula that amplifies (p \Gamma 1 n ; p + 1 n ) to ( 1 4 ; 3 4 ) (where 0 ! p ! 1 is constant) has size of at least\Omega\Gamma n ff ) and that any monotone, not necessarily readonce, contact network (and in particular any monotone formula) that amplifies ( 1 4 ; 3 4 ) to (2 \Gamman ; 1 \Gamma 2 \Gamman ) has size of at least \Omega\Gamma n 2 ). We extend Boppana's results in two ways. We first show that his two lower bounds...