Results 11  20
of
349
Derandomizing Polynomial Identity Tests Means Proving Circuit Lower Bounds (Extended Abstract)
, 2003
"... Since Polynomial Identity Testing is a coRP problem, we obtain the following corollary: If RP = P (or, even, coRP ` "ffl?0NTIME(2nffl), infinitely often), then NEXP is not computable by polynomialsize arithmetic circuits. Thus, establishing that RP = coRP or BPP = P would require proving s ..."
Abstract

Cited by 175 (5 self)
 Add to MetaCart
Since Polynomial Identity Testing is a coRP problem, we obtain the following corollary: If RP = P (or, even, coRP ` &quot;ffl?0NTIME(2nffl), infinitely often), then NEXP is not computable by polynomialsize arithmetic circuits. Thus, establishing that RP = coRP or BPP = P would require proving superpolynomial lower bounds for Boolean or arithmetic circuits. We also show that any derandomization of RNC would yield new circuit lower bounds for a language in NEXP.
The Hardness of Approximate Optima in Lattices, Codes, and Systems of Linear Equations
, 1993
"... We prove the following about the Nearest Lattice Vector Problem (in any `p norm), the Nearest Codeword Problem for binary codes, the problem of learning a halfspace in the presence of errors, and some other problems. 1. Approximating the optimum within any constant factor is NPhard. 2. If for some ..."
Abstract

Cited by 170 (7 self)
 Add to MetaCart
We prove the following about the Nearest Lattice Vector Problem (in any `p norm), the Nearest Codeword Problem for binary codes, the problem of learning a halfspace in the presence of errors, and some other problems. 1. Approximating the optimum within any constant factor is NPhard. 2. If for some ffl ? 0 there exists a polynomialtime algorithm that approximates the optimum within a factor of 2 log 0:5\Gammaffl n , then every NP language can be decided in quasipolynomial deterministic time, i.e., NP ` DTIME(n poly(log n) ). Moreover, we show that result 2 also holds for the Shortest Lattice Vector Problem in the `1 norm. Also, for some of these problems we can prove the same result as above, but for a larger factor such as 2 log 1\Gammaffl n or n ffl . Improving the factor 2 log 0:5\Gammaffl n to p dimension for either of the lattice problems would imply the hardness of the Shortest Vector Problem in `2 norm; an old open problem. Our proofs use reductions from fewpr...
On the Power of MultiProver Interactive Protocols
 THEORETICAL COMPUTER SCIENCE
, 1988
"... ..."
(Show Context)
Fast batch verification for modular exponentiation and digital signatures
, 1998
"... Abstract Many tasks in cryptography (e.g., digital signature verification) call for verification of a basicoperation like modular exponentiation in some group: given ( g, x, y) check that gx = y. Thisis typically done by recomputing gx and checking we get y. We would like to do it differently,and f ..."
Abstract

Cited by 141 (2 self)
 Add to MetaCart
(Show Context)
Abstract Many tasks in cryptography (e.g., digital signature verification) call for verification of a basicoperation like modular exponentiation in some group: given ( g, x, y) check that gx = y. Thisis typically done by recomputing gx and checking we get y. We would like to do it differently,and faster. The approach we use is batching. Focusing first on the basic modular exponentiation operation, we provide some probabilistic batch verifiers, or tests, that verify a sequence of modular exponentiations significantly faster than the naive recomputation method. This yields speedupsfor several verification tasks that involve modular exponentiations.
Software reliability via runtime resultchecking
 J. ACM
, 1997
"... We review the eld of resultchecking, discussing simple checkers and selfcorrectors. We argue that such checkers could protably be incorporated in software as an aid to ecient debugging and enhanced reliability. We consider how to modify traditional checking methodologies to make them more appropr ..."
Abstract

Cited by 124 (2 self)
 Add to MetaCart
We review the eld of resultchecking, discussing simple checkers and selfcorrectors. We argue that such checkers could protably be incorporated in software as an aid to ecient debugging and enhanced reliability. We consider how to modify traditional checking methodologies to make them more appropriate for use in realtime, realnumber computer systems. In particular, we suggest that checkers should be allowed to use stored randomness: i.e., that they should be allowed to generate, preprocess, and store random bits prior to runtime, and then to use this information repeatedly in a series of runtime checks. In a case study of checking a general realnumber linear transformation (for example, a Fourier Transform), we present a simple checker which uses stored randomness, and a selfcorrector which is particularly ecient if stored
Checking the Correctness of Memories
 Algorithmica
, 1995
"... We extend the notion of program checking to include programs which alter their environment. In particular, we consider programs which store and retrieve data from memory. The model we consider allows the checker a small amount of reliable memory. The checker is presented with a sequence of reques ..."
Abstract

Cited by 122 (13 self)
 Add to MetaCart
(Show Context)
We extend the notion of program checking to include programs which alter their environment. In particular, we consider programs which store and retrieve data from memory. The model we consider allows the checker a small amount of reliable memory. The checker is presented with a sequence of requests (online) to a data structure which must reside in a large but unreliable memory. We view the data structure as being controlled by an adversary. We want the checker to perform each operation in the input sequence using its reliable memory and the unreliable data structure so that any error in the operation of the structure will be detected by the checker with high probability. We present checkers for various data structures. We prove lower bounds of log n on the amount of reliable memory needed by these checkers where n is the size of the structure. The lower bounds are information theoretic and apply under various assumptions. We also show timespace tradeoffs for checking random access memories as a generalization of those for coherent functions. 1
Hardness Of Approximations
, 1996
"... This chapter is a selfcontained survey of recent results about the hardness of approximating NPhard optimization problems. ..."
Abstract

Cited by 117 (5 self)
 Add to MetaCart
This chapter is a selfcontained survey of recent results about the hardness of approximating NPhard optimization problems.
Watermarking, TamperProofing, and Obfuscation  Tools for Software Protection
 SOFTWARE ENGINEERING, IEEE TRANSACTIONS ON
, 2002
"... We identify three types of attack on the intellectual property contained in software and three corresponding technical defenses. A defense against reverse engineering is obfuscation, a process that renders software unintelligible but still functional. A defense against software piracy is watermarkin ..."
Abstract

Cited by 117 (4 self)
 Add to MetaCart
We identify three types of attack on the intellectual property contained in software and three corresponding technical defenses. A defense against reverse engineering is obfuscation, a process that renders software unintelligible but still functional. A defense against software piracy is watermarking, a process that makes it possible to determine the origin of software. A defense against tampering is tamperproofing, so that unauthorized modifications to software (for example, to remove a watermark) will result in nonfunctional code. We briefly survey the available technology for each type of defense.
COMPUTATIONALLY SOUND PROOFS
, 2000
"... This paper puts forward a new notion of a proof based on computational complexity and explores its implications for computation at large. Computationally sound proofs provide, in a novel and meaningful framework, answers to old and new questions in complexity theory. In particular, given a random o ..."
Abstract

Cited by 117 (6 self)
 Add to MetaCart
This paper puts forward a new notion of a proof based on computational complexity and explores its implications for computation at large. Computationally sound proofs provide, in a novel and meaningful framework, answers to old and new questions in complexity theory. In particular, given a random oracle or a new complexity assumption, they enable us to 1. prove that verifying is easier than deciding for all theorems; 2. provide a quite effective way to prove membership in computationally hard languages (such as CoNPcomplete ones); and 3. show that every computation possesses a short certificate vouching its correctness. Finally, if a special type of computationally sound proof exists, we show that Blum’s notion of program checking can be meaningfully broadened so as to prove that NPcomplete languages are checkable.
Delegating computation: interactive proofs for muggles
 In Proceedings of the ACM Symposium on the Theory of Computing (STOC
, 2008
"... In this work we study interactive proofs for tractable languages. The (honest) prover should be efficient and run in polynomial time, or in other words a “muggle”. 1 The verifier should be superefficient and run in nearlylinear time. These proof systems can be used for delegating computation: a se ..."
Abstract

Cited by 113 (6 self)
 Add to MetaCart
(Show Context)
In this work we study interactive proofs for tractable languages. The (honest) prover should be efficient and run in polynomial time, or in other words a “muggle”. 1 The verifier should be superefficient and run in nearlylinear time. These proof systems can be used for delegating computation: a server can run a computation for a client and interactively prove the correctness of the result. The client can verify the result’s correctness in nearlylinear time (instead of running the entire computation itself). Previously, related questions were considered in the Holographic Proof setting by Babai, Fortnow, Levin and Szegedy, in the argument setting under computational assumptions by Kilian, and in the random oracle model by Micali. Our focus, however, is on the original interactive proof model where no assumptions are made on the computational power or adaptiveness of dishonest provers. Our main technical theorem gives a public coin interactive proof for any language computable by a logspace uniform boolean circuit with depth d and input length n. The verifier runs in time (n+d)·polylog(n) and space O(log(n)), the communication complexity is d · polylog(n), and the prover runs in time poly(n). In particular, for languages computable by logspace uniform N C (circuits of polylog(n) depth), the prover is efficient, the verifier runs in time n · polylog(n) and space O(log(n)), and the communication complexity is polylog(n).