Results 1  10
of
533
Randomized Algorithms
, 1995
"... Randomized algorithms, once viewed as a tool in computational number theory, have by now found widespread application. Growth has been fueled by the two major benefits of randomization: simplicity and speed. For many applications a randomized algorithm is the fastest algorithm available, or the simp ..."
Abstract

Cited by 1863 (38 self)
 Add to MetaCart
Randomized algorithms, once viewed as a tool in computational number theory, have by now found widespread application. Growth has been fueled by the two major benefits of randomization: simplicity and speed. For many applications a randomized algorithm is the fastest algorithm available, or the simplest, or both. A randomized algorithm is an algorithm that uses random numbers to influence the choices it makes in the course of its computation. Thus its behavior (typically quantified as running time or quality of output) varies from
Query evaluation techniques for large databases
 ACM COMPUTING SURVEYS
, 1993
"... Database management systems will continue to manage large data volumes. Thus, efficient algorithms for accessing and manipulating large sets and sequences will be required to provide acceptable performance. The advent of objectoriented and extensible database systems will not solve this problem. On ..."
Abstract

Cited by 644 (9 self)
 Add to MetaCart
Database management systems will continue to manage large data volumes. Thus, efficient algorithms for accessing and manipulating large sets and sequences will be required to provide acceptable performance. The advent of objectoriented and extensible database systems will not solve this problem. On the contrary, modern data models exacerbate it: In order to manipulate large sets of complex objects as efficiently as today’s database systems manipulate simple records, query processing algorithms and software will become more complex, and a solid understanding of algorithm and architectural issues is essential for the designer of database management software. This survey provides a foundation for the design and implementation of query execution facilities in new database management systems. It describes a wide array of practical query evaluation techniques for both relational and postrelational database systems, including iterative execution of complex query evaluation plans, the duality of sort and hashbased set matching algorithms, types of parallel query execution and their implementation, and special operators for emerging database application domains.
Chord: A Scalable PeertoPeer Lookup Protocol for Internet Applications
 ACM SIGCOMM
, 2001
"... A fundamental problem that confronts peertopeer applications is the efficient location of the node that stores a desired data item. This paper presents Chord, a distributed lookup protocol that addresses this problem. Chord provides support for just one operation: given a key, it maps the key onto ..."
Abstract

Cited by 550 (17 self)
 Add to MetaCart
A fundamental problem that confronts peertopeer applications is the efficient location of the node that stores a desired data item. This paper presents Chord, a distributed lookup protocol that addresses this problem. Chord provides support for just one operation: given a key, it maps the key onto a node. Data location can be easily implemented on top of Chord by associating a key with each data item, and storing the key/data item pair at the node to which the key maps. Chord adapts efficiently as nodes join and leave the system, and can answer queries even if the system is continuously changing. Results from theoretical analysis and simulations show that Chord is scalable: communication cost and the state maintained by each node scale logarithmically with the number of Chord nodes.
Universal OneWay Hash Functions and their Cryptographic Applications
, 1989
"... We define a Universal OneWay Hash Function family, a new primitive which enables the compression of elements in the function domain. The main property of this primitive is that given an element x in the domain, it is computationally hard to find a different domain element which collides with x. We ..."
Abstract

Cited by 313 (13 self)
 Add to MetaCart
We define a Universal OneWay Hash Function family, a new primitive which enables the compression of elements in the function domain. The main property of this primitive is that given an element x in the domain, it is computationally hard to find a different domain element which collides with x. We prove constructively that universal oneway hash functions exist if any 11 oneway functions exist. Among the various applications of the primitive is a OneWay based Secure Digital Signature Scheme which is existentially secure against adoptive attacks. Previously, all provably secure signature schemes were based on the stronger mathematical assumption that trapdoor oneway functions exist. Key words. cryptography, randomized algorithms AMS subject classifications. 68M10, 68Q20, 68Q22, 68R05, 68R10 Part of this work was done while the authors were at the IBM Almaden Research Center. The first author was supported in part by NSF grant CCR88 13632. A preliminary version of this work app...
Trading Group Theory for Randomness
, 1985
"... In a previous paper [BS] we proved, using the elements of the Clwory of nilyotenf yroupu, that some of the /undamcnla1 computational problems in mat & proup, belong to NP. These problems were also ahown to belong to CONP, assuming an unproven hypofhedi.9 concerning finilc simple Q ’ oup,. The aim o ..."
Abstract

Cited by 298 (9 self)
 Add to MetaCart
In a previous paper [BS] we proved, using the elements of the Clwory of nilyotenf yroupu, that some of the /undamcnla1 computational problems in mat & proup, belong to NP. These problems were also ahown to belong to CONP, assuming an unproven hypofhedi.9 concerning finilc simple Q ’ oup,. The aim of this paper is t.o replace most of the (proven and unproven) group theory of IBS] by elementary combinatorial argumenls. The rev & we prove is that relative to a random oracle f3, tbc meutioned matrix group problems belong to (NPncoNP)L! Thr problems we consider arr membership in and order of a matrix group given by a list of gnrrntors. These probtrms can bc vicwrd as m~lt~idimcnsio~r;lI vemiorm of a closr rrldivr of t.hc disrrct,r logarilhm prob1c.m. I tencc A’ltiro.VI ’ might be the lowrst natural romplcxity rla.us t bry may ii1 in. Wr remark that the resutt,s remain valid for blark boz groupa where group operations are prrformcd by an oracle. Thcb tools we inlroduce seem interesting in their own right. \Ve define a new hierarchy of complexit)y ctesscs A.4Ak) “just above NP’, introduring Arthur ud. Merlin games, the bonndedaway version of Pnpadimitriou’s Games against Nature. We prove th:rt. in spite of their analogy with the polynomial time hierarchy, the finite levrls of this hierarchy collapse t,o Afsf=Ah42). Using a combinatorial lemma on finite groups [IIE], we construct a game by whirh t.he nondeterministic player (Merlin) is able to coavlnre the random player (Arthur) about the rctation ICj=N provided Arthur trusts conclusions based on st,atisticnl rvidrnce (such as a SolovayStrassen type “proof” of primatit,y). One can prove that AM consists precisely of t&ose langungrs which belong to iV @ for almost every oracle 13. Our hirrarchy has an intrrcsjdng, still unclarified retation to imother hierarchy, obt,ained by rcnloving the cent.rat ingrrdirnt from the l&r ~a. Ezpcrl games of Goldwasser, Micali and Rackoff.
Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. Technical Report 2003/235, Cryptology ePrint archive, http://eprint.iacr.org, 2006. Previous version appeared at EUROCRYPT 2004
 34 [DRS07] [DS05] [EHMS00] [FJ01] Yevgeniy Dodis, Leonid Reyzin, and Adam
, 2004
"... We provide formal definitions and efficient secure techniques for • turning noisy information into keys usable for any cryptographic application, and, in particular, • reliably and securely authenticating biometric data. Our techniques apply not just to biometric information, but to any keying mater ..."
Abstract

Cited by 291 (34 self)
 Add to MetaCart
We provide formal definitions and efficient secure techniques for • turning noisy information into keys usable for any cryptographic application, and, in particular, • reliably and securely authenticating biometric data. Our techniques apply not just to biometric information, but to any keying material that, unlike traditional cryptographic keys, is (1) not reproducible precisely and (2) not distributed uniformly. We propose two primitives: a fuzzy extractor reliably extracts nearly uniform randomness R from its input; the extraction is errortolerant in the sense that R will be the same even if the input changes, as long as it remains reasonably close to the original. Thus, R can be used as a key in a cryptographic application. A secure sketch produces public information about its input w that does not reveal w, and yet allows exact recovery of w given another value that is close to w. Thus, it can be used to reliably reproduce errorprone biometric inputs without incurring the security risk inherent in storing them. We define the primitives to be both formally secure and versatile, generalizing much prior work. In addition, we provide nearly optimal constructions of both primitives for various measures of “closeness” of input data, such as Hamming distance, edit distance, and set difference.
Algorithms for Parallel Memory I: TwoLevel Memories
, 1992
"... We provide the first optimal algorithms in terms of the number of input/outputs (I/Os) required between internal memory and multiple secondary storage devices for the problems of sorting, FFT, matrix transposition, standard matrix multiplication, and related problems. Our twolevel memory model is n ..."
Abstract

Cited by 233 (31 self)
 Add to MetaCart
We provide the first optimal algorithms in terms of the number of input/outputs (I/Os) required between internal memory and multiple secondary storage devices for the problems of sorting, FFT, matrix transposition, standard matrix multiplication, and related problems. Our twolevel memory model is new and gives a realistic treatment of parallel block transfer, in which during a single I/O each of the P secondary storage devices can simultaneously transfer a contiguous block of B records. The model pertains to a largescale uniprocessor system or parallel multiprocessor system with P disks. In addition, the sorting, FFT, permutation network, and standard matrix multiplication algorithms are typically optimal in terms of the amount of internal processing time. The difficulty in developing optimal algorithms is to cope with the partitioning of memory into P separate physical devices. Our algorithms' performance can be significantly better than those obtained by the wellknown but nonopti...
Generalized Privacy Amplification
 IEEE Transactions on Information Theory
, 1995
"... This paper provides a general treatment of privacy amplification by public discussion, a concept introduced by Bennett, Brassard and Robert [1] for a special scenario. The results have applications to unconditionallysecure secretkey agreement protocols, quantum cryptography and to a nonasymptotic ..."
Abstract

Cited by 212 (18 self)
 Add to MetaCart
This paper provides a general treatment of privacy amplification by public discussion, a concept introduced by Bennett, Brassard and Robert [1] for a special scenario. The results have applications to unconditionallysecure secretkey agreement protocols, quantum cryptography and to a nonasymptotic and constructive treatment of the secrecy capacity of wiretap and broadcast channels, even for a considerably strengthened definition of secrecy capacity. I. Introduction This paper is concerned with unconditionallysecure secretkey agreement by two communicating parties Alice and Bob who both know a random variable W, for instance a random nbit string, about which an eavesdropper Eve has incomplete information characterized by the random variable V jointly distributed with W according to PV W . This distribution may partially be under Eve's control. Alice and Bob know nothing about PV W , except that it satisfies a certain constraint. We present protocols by which Alice and Bob can us...
Approximate distance oracles
 J. ACM
"... Let G = (V, E) be an undirected weighted graph with V  = n and E  = m. Let k ≥ 1 be an integer. We show that G = (V, E) can be preprocessed in O(kmn 1/k) expected time, constructing a data structure of size O(kn 1+1/k), such that any subsequent distance query can be answered, approximately, in ..."
Abstract

Cited by 205 (8 self)
 Add to MetaCart
Let G = (V, E) be an undirected weighted graph with V  = n and E  = m. Let k ≥ 1 be an integer. We show that G = (V, E) can be preprocessed in O(kmn 1/k) expected time, constructing a data structure of size O(kn 1+1/k), such that any subsequent distance query can be answered, approximately, in O(k) time. The approximate distance returned is of stretch at most 2k − 1, i.e., the quotient obtained by dividing the estimated distance by the actual distance lies between 1 and 2k−1. A 1963 girth conjecture of Erdős, implies that Ω(n 1+1/k) space is needed in the worst case for any real stretch strictly smaller than 2k + 1. The space requirement of our algorithm is, therefore, essentially optimal. The most impressive feature of our data structure is its constant query time, hence the name “oracle”. Previously, data structures that used only O(n 1+1/k) space had a query time of Ω(n 1/k). Our algorithms are extremely simple and easy to implement efficiently. They also provide faster constructions of sparse spanners of weighted graphs, and improved tree covers and distance labelings of weighted or unweighted graphs. 1
Oneway functions are necessary and sufficient for secure signatures
, 1990
"... Much research in theoretical cryptography has been centered around finding the weakest possible cryptographic assumptions required to implement major primitives. Ever since Diffie and Hellman first suggested that modern ..."
Abstract

Cited by 197 (0 self)
 Add to MetaCart
Much research in theoretical cryptography has been centered around finding the weakest possible cryptographic assumptions required to implement major primitives. Ever since Diffie and Hellman first suggested that modern