Results 11 
16 of
16
The random oracle hypothesis is false
, 1990
"... The Random Oracle Hypothesis, attributed to Bennett and Gill, essentially states that the relationships between complexity classes which holdforalmost all relativized worlds must also hold in the unrelativized case. Although this paper is not the rst to provideacounterexample to the Random Oracle Hy ..."
Abstract

Cited by 24 (2 self)
 Add to MetaCart
The Random Oracle Hypothesis, attributed to Bennett and Gill, essentially states that the relationships between complexity classes which holdforalmost all relativized worlds must also hold in the unrelativized case. Although this paper is not the rst to provideacounterexample to the Random Oracle Hypothesis, it does provide a most compelling counterexample by showing that for almost all oracles A, IP A 6=PSPACE A. If the Random Oracle Hypothesis were true, it would contradict Shamir's result that IP = PSPACE. In fact, it is shown that for almost all oracles A, coNP A 6 IP A. These results extend to the multiprover proof systems of BenOr, Goldwasser, Kilian and Wigderson. In addition, this paper shows that the Random Oracle Hypothesis is sensitive to small changes in the de nition. A class IPP, similar to IP, is de ned. Surprisingly, the IPP = PSPACE result holds for all oracle worlds. Warning: Essentially this paper has been published in Information and Computation and is hence subject to copyright restrictions. It is for personal use only. 1
ON THE POWER OF INTERACTION
"... Let IP[f(n)] be the class of languages recognized by interactive proofs with f(jxj) interactions. Babai [B] showed that all languages recognized by interactive proofs with a bounded number of interactions can be recognized by interactive proofs with only two interactions � i.e., for every constant k ..."
Abstract

Cited by 22 (3 self)
 Add to MetaCart
Let IP[f(n)] be the class of languages recognized by interactive proofs with f(jxj) interactions. Babai [B] showed that all languages recognized by interactive proofs with a bounded number of interactions can be recognized by interactive proofs with only two interactions � i.e., for every constant k, IP[k] collapses to IP[2]. In this paper, we give evidence that interactive proofs with an unbounded number of interactions may be more powerful than interactive proofs with a bounded number of interactions. We show that for any polynomially bounded polynomial time computable function f(n) and any g(n) =o(f(n)) there exists an oracle B such that IPB [f(n)] 6 IPB [g(n)]. The techniques employed are extensions of the techniques for proving lower bounds on small depth circuits used in [FSS], [Y] and [H1].
On the complexity of interactive proofs with bounded communication
 Information Processing Letters
, 1998
"... We investigate the computational complexity of languages which haveinteractive proof systems of bounded message complexity. In particular, denoting the length of the input by n, we show that If L has an interactive proof in which the total communication is bounded by c(n) bits then L can be recogniz ..."
Abstract

Cited by 19 (1 self)
 Add to MetaCart
We investigate the computational complexity of languages which haveinteractive proof systems of bounded message complexity. In particular, denoting the length of the input by n, we show that If L has an interactive proof in which the total communication is bounded by c(n) bits then L can be recognized by a probabilistic machine in time exponential in O(c(n)+log(n)). If L has a publiccoin interactive proof in which the prover sends c(n) bits then L can be recognized by a probabilistic machine in time exponential in O(c(n) log(c(n)) + log(n)). If L has an interactive proof in which the prover sends c(n) bits then L can be recognized by a probabilistic machine with an NPoracle in time exponential in O(c(n) log(c(n)) + log(n)). Work done while being on a sabbatical leave at LCS, MIT. 0 1
Geometric Cryptography: Identification by Angle Trisection
, 1997
"... We propose the field of "geometric cryptography," where messages and ciphertexts may be represented by geometric quantities such as angles or intervals, and where computation is performed by ruler and compass constructions. We describe a elegant little zeroknowledge identification scheme, based on ..."
Abstract
 Add to MetaCart
We propose the field of "geometric cryptography," where messages and ciphertexts may be represented by geometric quantities such as angles or intervals, and where computation is performed by ruler and compass constructions. We describe a elegant little zeroknowledge identification scheme, based on the impossibility of trisecting an angle using ruler and compass operations. While geometric cryptography may have little practical application, it may facilitate the construction of pedagogic examples making cryptographic principles accessible to a wider audience, and may also by contrast illuminate those cryptographic principles.
Information Security Group Royal Holloway{University ofLondon
, 1997
"... We propose the eld of \geometric cryptography, " where messages and ciphertexts may be represented by geometric quantities such asanglesorintervals, and where computation is performed by ruler and compass constructions. We describe a elegant little zeroknowledge identi cation scheme, based on the i ..."
Abstract
 Add to MetaCart
We propose the eld of \geometric cryptography, " where messages and ciphertexts may be represented by geometric quantities such asanglesorintervals, and where computation is performed by ruler and compass constructions. We describe a elegant little zeroknowledge identi cation scheme, based on the impossibility of trisecting an angle using ruler and compass operations. While geometric cryptography mayhavelittle practical application, it may facilitate the construction of pedagogic examples making cryptographic principles accessible to a wider audience, and may also by contrast illuminate those cryptographic principles. 1 Geometric Cryptography The modern theory of computation, following Turing, is based on representing data as sequences of symbols (typically bits), and performing operations from a small set of primitive operations (suchas ANDs and ORs). But the notion of computation is compatible with other data representations. For example, the classic geometric notion of constructability with ruler and compass operations yields a rich theory analogous in many ways to the modern theory of computation. The impossibility of trisecting an angle can be viewed as analogous to the impossibility of solving the halting problem. The di culty, or impossibility, of solving geometric problems can be used as a foundation for \geometric cryptography"{a eld which we propose for further study. Bywayof getting this eld of study o the ground, we propose here a simple zeroknowledge identi cation protocol, based on the impossibility of trisecting an angle by ruler and compass. We begin by reviewing the standard operations allowed in ruler and compass constructions:
Why fragments?
"... Several years ago, Sha Goldwasser and myself have decided to write together abook titled \Foundations of Cryptography". In a rst burst of energy, I've written most of the material appearing in these fragments, but since then very little progress has been done. The chances that we will complete our o ..."
Abstract
 Add to MetaCart
Several years ago, Sha Goldwasser and myself have decided to write together abook titled \Foundations of Cryptography". In a rst burst of energy, I've written most of the material appearing in these fragments, but since then very little progress has been done. The chances that we will complete our original plan within a year or two seem quite slim. In fact, we even fail to commit ourselves to a date on which we will resume work on this project. What is in these fragments? These fragments contain a rst draft for three major chapters and an introduction chapter. The three chapters are the chapters on computational di culty (or oneway functions), pseudorandom generators and zeroknowledge. These chapters are quitecomplete with the exception that the zeroknowledge chapter misses the planned section on noninteractive zeroknowledge. However, none of these chapters has been carefully proofread and I expect them to be full of various mistakes ranging from spelling and grammatical mistakes to minor technical inaccuracies. I hope and believe that they are no fatal mistakes, but I cannot guarantee this either. A major thing which is missing: An updated list of references is indeed missing. Instead I enclose an old annotated