In the multiparty communication game (CFL-game) of Chandra, Furst, and Lipton (Proc. 15th ACM STOC, 1983, 94–99) k players collaboratively evaluate a function f(x0,..., xk−1) in which player i knows all inputs except xi. The players have unlimited computational power. The objective is to minimize communication. In this paper, we study the Simultaneous Messages (SM) model of multiparty communication complexity. The SM model is a restricted version of the CFL-game in which the players are not allowed to communicate with each other. Instead, each of the k players simultaneously sends a message to a referee, who sees none of the inputs. The referee then announces the function value. We prove lower and upper bounds on the SM-complexity of several classes of explicit functions. Our lower bounds extend to randomized SM complexity via an entropy argument. A lemma establishing a tradeoff between average Hamming distance and range size for transformations of the Boolean cube might be of independent interest. Our lower bounds on SM-complexity imply an exponential gap between the SM-model and

Bryant [5] has shown that any OBDD for the function MULn−1,n, i.e. the middle bit of the n-bit multiplication, requires at least 2 n/8 nodes. In this paper a stronger lower bound of essentially 2 n/2 /61 is proven by a new technique, using a universal family of hash functions. As a consequence, one cannot hope anymore to verify e.g. 128-bit multiplication circuits using OBDD-techniques because the representation of the middle bit of such a multiplier requires more than 3 · 10 17 OBDD-nodes. Further, a first non-trivial upper bound of 7/3 · 2 4n/3 for the OBDD-size of MULn−1,n is provided.

This paper introduces communicating branching programs, and develops a general technique for demonstrating communication-space tradeoffs for pairs of communicating branching programs. This technique is then used to prove communication-space tradeoffs for any pair of communicating branching programs that hashes according to a universal family of hash functions. Other tradeoffs follow from this result. As an example, any pair of communicating Boolean branching programs that computes matrix-vector products over GF(2) requires communication-space product Ω(n 2), provided the space used is o(n / log n). These are the first examples of communication-space tradeoffs on a completely general model of communicating processes.

unspoofable channels: a comparative survey

We prove (mostly tight) space lower bounds for "streaming " (or "on-line") computations of four fundamental combinatorial objects: error-correcting codes, universal hash functions, extractors, and dispersers. Streaming computations for these objects are motivated algorithmically by massive data set applications and complexity-theoretically by pseudorandomness and derandomization for spacebounded probabilistic algorithms.

Consider the set # of all linear (or affine) transformations between two vector spaces over a finite field F. We study how good # is as a class of hash functions, namely we consider hashing a set S of size n into a range having the same cardinality n by a randomly chosen function from # and look at the expected size of the largest hash bucket. # is a universal class of hash functions for any finite field, but with respect to our measure different fields behave differently. If the

We derive bounds on the product of the communication C and space S for communicating circuits. The first bound applies to quantum circuits and follows from a "bipartite product" result for the discrepancy of communication problems. If for any problem f : XY the multicolor discrepancy of the communication matrix of f is 1/2 then the problem in which Alice receives some l inputs, Bob r inputs, and their task is to compute f(x i , y j ) for the l r pairs of inputs (x i , y j ), has a quantum communication-space tradeo# CS (lrd log |Z|).

wer bounds. Machine models. Suppose that for every machine M 1 in model M 1 running in time t = t(n) there is a machine M 2 in M 2 which computes the same partial function in time g = g(t; n). If g = O(t)+O(n) we say that model M 2 simulates M 1 linearly. If g = O(t) the simulation has constant-factor overhead ; if g = O(t log t) it has a factor-of-O(log t) overhead , and so on. The simulation is on-line if each step of M 1 i

Current constructions of cryptographic primitives typically involve a large multiplicative computational overhead that grows with the desired level of security. We explore the possibility of implementing basic cryptographic primitives, such as encryption, authentication, signatures, and secure two-party computation, while incurring only a constant computational overhead compared to insecure implementations of the same tasks. Here we make the usual security requirement that the advantage of any polynomial-time attacker must be negligible in the input length. We obtain affirmative answers to this question for most central cryptographic primitives under plausible, albeit sometimes nonstandard, intractability assumptions. • We start by showing that pairwise-independent hash functions can be computed by linear-size circuits, disproving a conjecture of Mansour, Nisan, and Tiwari (STOC 1990). This construction does not rely on any unproven assumptions and is of independent interest. Our hash functions can be used to construct message authentication schemes with constant overhead from any one-way function. • Under an intractability assumption that generalizes a previous assumption of Alekhnovich (FOCS 2003), we get (public and private key) encryption schemes with constant overhead. Using an exponentially

With increased use of passive RFID tags, the need for secure lightweight identification protocols arose. HB+ is one such protocol, which was proven secure in the detection-based model, but shown breakable by man-in-the-middle attacks. Trusted-HB is a variant of HB+, specifically designed to resist man-in-the-middle attacks. In this paper, we discuss several weaknesses of Trusted-HB, show that the formal security proof provided by its designers is incorrect, and demonstrate how to break it in realistic scenarios. 1