Results 1  10
of
94
Algebraic Methods for Interactive Proof Systems
, 1990
"... We present a new algebraic technique for the construction of interactive proof systems. We use our technique to prove that every language in the polynomialtime hierarchy has an interactive proof system. This technique played a pivotal role in the recent proofs that IP=PSPACE (Shamir) and that MIP ..."
Abstract

Cited by 349 (28 self)
 Add to MetaCart
We present a new algebraic technique for the construction of interactive proof systems. We use our technique to prove that every language in the polynomialtime hierarchy has an interactive proof system. This technique played a pivotal role in the recent proofs that IP=PSPACE (Shamir) and that MIP=NEXP (Babai, Fortnow and Lund).
The NPcompleteness column: an ongoing guide
 JOURNAL OF ALGORITHMS
, 1987
"... This is the nineteenth edition of a (usually) quarterly column that covers new developments in the theory of NPcompleteness. The presentation is modeled on that used by M. R. Garey and myself in our book "Computers and Intractability: A Guide to the Theory of NPCompleteness," W. H. Freem ..."
Abstract

Cited by 242 (0 self)
 Add to MetaCart
(Show Context)
This is the nineteenth edition of a (usually) quarterly column that covers new developments in the theory of NPcompleteness. The presentation is modeled on that used by M. R. Garey and myself in our book "Computers and Intractability: A Guide to the Theory of NPCompleteness," W. H. Freeman & Co., New York, 1979 (hereinafter referred to as "[G&J]"; previous columns will be referred to by their dates). A background equivalent to that provided by [G&J] is assumed, and, when appropriate, crossreferences will be given to that book and the list of problems (NPcomplete and harder) presented there. Readers who have results they would like mentioned (NPhardness, PSPACEhardness, polynomialtimesolvability, etc.) or open problems they would like publicized, should
On the complexity of the parity argument and other inefficient proofs of existence
 JCSS
, 1994
"... We define several new complexity classes of search problems, "between " the classes FP and FNP. These new classes are contained, along with factoring, and the class PLS, in the class TFNP of search problems in FNP that always have a witness. A problem in each of these new classes is define ..."
Abstract

Cited by 202 (8 self)
 Add to MetaCart
We define several new complexity classes of search problems, "between " the classes FP and FNP. These new classes are contained, along with factoring, and the class PLS, in the class TFNP of search problems in FNP that always have a witness. A problem in each of these new classes is defined in terms of an implicitly given, exponentially large graph. The existence of the solution sought is established via a simple graphtheoretic argument with an inefficiently constructive proof; for example, PLS can be thought of as corresponding to the lemma "every dag has a sink. " The new classes are based on lemmata such as "every graph has an even number of odddegree nodes. " They contain several important problems for which no polynomial time algorithm is presently known, including the computational versions of Sperner's lemma, Brouwer's fixpoint theorem, Chfvalley's theorem, and the BorsukUlam theorem, the linear complementarity problem for Pmatrices, finding a mixed equilibrium in a nonzero sum game, finding a second Hamilton circuit in a Hamiltonian cubic graph, a second Hamiltonian decomposition in a quartic graph, and others. Some of these problems are shown to be complete. © 1994 Academic Press, Inc. 1.
Derandomizing Polynomial Identity Tests Means Proving Circuit Lower Bounds (Extended Abstract)
, 2003
"... Since Polynomial Identity Testing is a coRP problem, we obtain the following corollary: If RP = P (or, even, coRP ` "ffl?0NTIME(2nffl), infinitely often), then NEXP is not computable by polynomialsize arithmetic circuits. Thus, establishing that RP = coRP or BPP = P would require proving s ..."
Abstract

Cited by 187 (4 self)
 Add to MetaCart
Since Polynomial Identity Testing is a coRP problem, we obtain the following corollary: If RP = P (or, even, coRP ` &quot;ffl?0NTIME(2nffl), infinitely often), then NEXP is not computable by polynomialsize arithmetic circuits. Thus, establishing that RP = coRP or BPP = P would require proving superpolynomial lower bounds for Boolean or arithmetic circuits. We also show that any derandomization of RNC would yield new circuit lower bounds for a language in NEXP.
On Hiding Information from an Oracle
, 1989
"... : We consider the problem of computing with encrypted data. Player A wishes to know the value f(x) for some x but lacks the power to compute it. Player B has the power to compute f and is willing to send f(y) to A if she sends him y, for any y. Informally, an encryption scheme for the problem f is a ..."
Abstract

Cited by 153 (15 self)
 Add to MetaCart
: We consider the problem of computing with encrypted data. Player A wishes to know the value f(x) for some x but lacks the power to compute it. Player B has the power to compute f and is willing to send f(y) to A if she sends him y, for any y. Informally, an encryption scheme for the problem f is a method by which A, using her inferior resources, can transform the cleartext instance x into an encrypted instance y, obtain f(y) from B, and infer f(x) from f(y) in such a way that B cannot infer x from y. When such an encryption scheme exists, we say that f is encryptable. The framework defined in this paper enables us to prove precise statements about what an encrypted instance hides and what it leaks, in an informationtheoretic sense. Our definitions are cast in the language of probability theory and do not involve assumptions such as the intractability of factoring or the existence of oneway functions. We use our framework to describe encryption schemes for some wellknown function...
The Complexity of Mean Payoff Games on Graphs
 THEORETICAL COMPUTER SCIENCE
, 1996
"... We study the complexity of finding the values and optimal strategies of mean payoff games on graphs, a family of perfect information games introduced by Ehrenfeucht and Mycielski and considered by Gurvich, Karzanov and Khachiyan. We describe a pseudopolynomial time algorithm for the solution of suc ..."
Abstract

Cited by 148 (4 self)
 Add to MetaCart
(Show Context)
We study the complexity of finding the values and optimal strategies of mean payoff games on graphs, a family of perfect information games introduced by Ehrenfeucht and Mycielski and considered by Gurvich, Karzanov and Khachiyan. We describe a pseudopolynomial time algorithm for the solution of such games, the decision problem for which is in NP " coNP. Finally, we describe a polynomial reduction from mean payoff games to the simple stochastic games studied by Condon. These games are also known to be in NP " coNP, but no polynomial or pseudopolynomial time algorithm is known for them.
Interpolation Theorems, Lower Bounds for Proof Systems, and Independence Results for Bounded Arithmetic
"... A proof of the (propositional) Craig interpolation theorem for cutfree sequent calculus yields that a sequent with a cutfree proof (or with a proof with cutformulas of restricted form; in particular, with only analytic cuts) with k inferences has an interpolant whose circuitsize is at most k. We ..."
Abstract

Cited by 91 (4 self)
 Add to MetaCart
A proof of the (propositional) Craig interpolation theorem for cutfree sequent calculus yields that a sequent with a cutfree proof (or with a proof with cutformulas of restricted form; in particular, with only analytic cuts) with k inferences has an interpolant whose circuitsize is at most k. We give a new proof of the interpolation theorem based on a communication complexity approach which allows a similar estimate for a larger class of proofs. We derive from it several corollaries: 1. Feasible interpolation theorems for the following proof systems: (a) resolution. (b) a subsystem of LK corresponding to the bounded arithmetic theory S 2 2 (ff). (c) linear equational calculus. (d) cutting planes. 2. New proofs of the exponential lower bounds (for new formulas) (a) for resolution ([15]). (b) for the cutting planes proof system with coefficients written in unary ([4]). 3. An alternative proof of the independence result of [43] concerning the provability of circuitsize lower bounds ...
Almost All Primes Can be Quickly Certified
"... This paper presents a new probabilistic primality test. Upon termination the test outputs "composite" or "prime", along with a short proof of correctness, which can be verified in deterministic polynomial time. The test is different from the tests of Miller [M], SolovayStrassen ..."
Abstract

Cited by 85 (4 self)
 Add to MetaCart
This paper presents a new probabilistic primality test. Upon termination the test outputs "composite" or "prime", along with a short proof of correctness, which can be verified in deterministic polynomial time. The test is different from the tests of Miller [M], SolovayStrassen [SSI, and Rabin [R] in that its assertions of primality are certain, rather than being correct with high probability or dependent on an unproven assumption. Thc test terminates in expected polynomial time on all but at most an exponentially vanishing fraction of the inputs of length k, for every k. This result implies: • There exist an infinite set of primes which can be recognized in expected polynomial time. • Large certified primes can be generated in expected polynomial time. Under a very plausible condition on the distribution of primes in "small" intervals, the proposed algorithm can be shown'to run in expected polynomial time on every input. This
Some Consequences of Cryptographical Conjectures for . . .
, 1995
"... We show that there is a pair of disjoint NPsets, whose disjointness is provable in S 1 2 and which cannot be separated by a set in P=poly, if the cryptosystem RSA is secure. Further we show that factoring and the discrete logarithm are implicitly definable in any extension of S 1 2 admittin ..."
Abstract

Cited by 72 (14 self)
 Add to MetaCart
We show that there is a pair of disjoint NPsets, whose disjointness is provable in S 1 2 and which cannot be separated by a set in P=poly, if the cryptosystem RSA is secure. Further we show that factoring and the discrete logarithm are implicitly definable in any extension of S 1 2 admitting an NP definition of primes about which it can prove that no number satisfying the definition is composite. As a corollary we obtain that the Extended Frege (EF) proof system does not admit feasible interpolation theorem unless the RSA cryptosystem is not secure, and that an extension of EF by tautologies p (p primes), formalizing that p is not composite, as additional axioms does not admit feasible interpolation theorem unless factoring and the discrete logarithm are in P=poly . The NP 6= coNP conjecture is equivalent to the statement that no propositional proof system (as defined in [6]) admits polynomial size proofs of all tautologies. However, only for few proof systems occur...
NonTransitive Transfer of Confidence: A Perfect ZeroKnowledge Interactive Protocol for SAT and Beyond
, 1986
"... A perfect zeroknowledge interactive proof is a protocol by which Alice can convince Bob of the truth of some theorem in a way that yields no information as to how the proof might proceed (in the sense of Shannon's information theory). We give a general technique for achieving this goal for any ..."
Abstract

Cited by 60 (5 self)
 Add to MetaCart
A perfect zeroknowledge interactive proof is a protocol by which Alice can convince Bob of the truth of some theorem in a way that yields no information as to how the proof might proceed (in the sense of Shannon's information theory). We give a general technique for achieving this goal for any problem in NP (and beyond). The fact that our protocol is perfect zeroknowledge does not depend on unproved cryptographic assumptions. Furthermore, our protocol is powerful enough to allow Alice to convince Bob of theorems for which she does not even have a proof. Whenever Alice can convince herself probabilistically of a theorem, perhaps thanks to her knowledge of some trapdoor information, she can convince Bob as well, without compromising the trapdoor in any way. This results in a nontransitive transfer of confidence from Alice to Bob, because Bob will not be able to convince anyone else afterwards. Our protocol is dual to those of [GrMiWi86a, BrCr86]. 1. INTRODUCTION Assume that Alice h...