Results 1 
5 of
5
Almost Everywhere High Nonuniform Complexity
, 1992
"... . We investigate the distribution of nonuniform complexities in uniform complexity classes. We prove that almost every problem decidable in exponential space has essentially maximum circuitsize and spacebounded Kolmogorov complexity almost everywhere. (The circuitsize lower bound actually exceeds ..."
Abstract

Cited by 170 (34 self)
 Add to MetaCart
. We investigate the distribution of nonuniform complexities in uniform complexity classes. We prove that almost every problem decidable in exponential space has essentially maximum circuitsize and spacebounded Kolmogorov complexity almost everywhere. (The circuitsize lower bound actually exceeds, and thereby strengthens, the Shannon 2 n n lower bound for almost every problem, with no computability constraint.) In exponential time complexity classes, we prove that the strongest relativizable lower bounds hold almost everywhere for almost all problems. Finally, we show that infinite pseudorandom sequences have high nonuniform complexity almost everywhere. The results are unified by a new, more powerful formulation of the underlying measure theory, based on uniform systems of density functions, and by the introduction of a new nonuniform complexity measure, the selective Kolmogorov complexity. This research was supported in part by NSF Grants CCR8809238 and CCR9157382 and in ...
The Sum of PRPs is a Secure PRF
, 2000
"... Given d independent pseudorandom permutations (PRPs) # i , . . . , #d over {0, 1} , it appears natural to define a pseudorandom function (PRF) by adding (or XORing) the permutation results: sum #1 (x)# ##d (x). This paper investigates the security of and also considers a variant that only u ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
Given d independent pseudorandom permutations (PRPs) # i , . . . , #d over {0, 1} , it appears natural to define a pseudorandom function (PRF) by adding (or XORing) the permutation results: sum #1 (x)# ##d (x). This paper investigates the security of and also considers a variant that only uses one single PRP over {0, 1} . Keywords: Pseudorandom Functions, Concrete Security, Block Ciphers. 1
Norms, XOR lemmas, and lower bounds for polynomials and protocols
, 2007
"... Abstract: This paper presents a unified and simple treatment of basic questions concerning two computational models: multiparty communication complexity and polynomials over GF(2). The key is the use of (known) norms on Boolean functions, which capture their proximity to each of these models (and ar ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
Abstract: This paper presents a unified and simple treatment of basic questions concerning two computational models: multiparty communication complexity and polynomials over GF(2). The key is the use of (known) norms on Boolean functions, which capture their proximity to each of these models (and are closely related to property testers of this proximity). The main contributions are new XOR lemmas. We show that if a Boolean function has correlation at most ε ≤ 1/2 with either of these models, then the correlation of the parity of its values on m independent instances drops exponentially with m. More specifically: • For polynomials over GF(2) of degree d, the correlation drops to exp ( −m/4 d). No XOR lemma was known even for d = 2. • For cbit kparty protocols, the correlation drops to 2c · εm/2k. No XOR lemma was known for k ≥ 3 parties.
On the security of the Winternitz onetime signature scheme
 Africacrypt 2011, volume 6737 of Lecture Notes in Computer Science
, 2011
"... Abstract. We show that the Winternitz onetime signature scheme is existentially unforgeable under adaptive chosen message attacks when instantiated with a family of pseudo random functions. Compared to previous results, which require a collision resistant hash function, our result provides signific ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
Abstract. We show that the Winternitz onetime signature scheme is existentially unforgeable under adaptive chosen message attacks when instantiated with a family of pseudo random functions. Compared to previous results, which require a collision resistant hash function, our result provides significantly smaller signatures at the same security level. We also consider security in the strong sense and show that the Winternitz onetime signature scheme is strongly unforgeable assuming additional properties of the pseudo random function. In this context we formally define several keybased security notions for function families and investigate their relation to pseudorandomness. All our reductions are exact and in the standard model and can directly be used to estimate the output length of the hash function required to meet a certain security level.
The communication complexity of addition
, 2011
"... Suppose each of k ≤ no(1) players holds an nbit number xi in its hand. The players wish to determine if ∑ i≤k xi = s. We give a publiccoin protocol with error 1% and communication O(k lg k). The communication bound is independent of n, and for k ≥ 3 improves on the O(k lg n) bound by Nisan (Bolyai ..."
Abstract
 Add to MetaCart
Suppose each of k ≤ no(1) players holds an nbit number xi in its hand. The players wish to determine if ∑ i≤k xi = s. We give a publiccoin protocol with error 1% and communication O(k lg k). The communication bound is independent of n, and for k ≥ 3 improves on the O(k lg n) bound by Nisan (Bolyai Soc. Math. Studies; 1993). Our protocol also applies to addition modulo m. In this case we give a matching (publiccoin) Ω(k lg k) lower bound for various m. We also obtain some lower bounds over the integers, including Ω(k lg lg k) for protocols that are oneway, like ours. We give a protocol to determine if ∑ xi> s with error 1 % and communication O(k lg k) lg n. For k ≥ 3 this improves on Nisan’s O(k lg 2 n) bound. A similar improvement holds for computing degree(k − 1) polynomialthreshold functions in the numberonforehead model. We give a (publiccoin, 2player, tight) Ω(lg n) lower bound to determine if x1> x2. This improves on the Ω ( √ lg n) bound by Smirnov (1988).