Results 1  10
of
32
On MemoryBound Functions for Fighting Spam
 In Crypto
, 2002
"... In 1992, Dwork and Naor proposed that email messages be accompanied by easytocheck proofs of computational effort in order to discourage junk email, now known as spam. They proposed specific CPUbound functions for this purpose. Burrows suggested that, since memory access speeds vary across ma ..."
Abstract

Cited by 86 (2 self)
 Add to MetaCart
(Show Context)
In 1992, Dwork and Naor proposed that email messages be accompanied by easytocheck proofs of computational effort in order to discourage junk email, now known as spam. They proposed specific CPUbound functions for this purpose. Burrows suggested that, since memory access speeds vary across machines much less than do CPU speeds, memorybound functions may behave more equitably than CPUbound functions; this approach was first explored by Abadi, Burrows, Manasse, and Wobber [8].
Quantum Algorithms for Element Distinctness
 SIAM Journal of Computing
, 2001
"... We present several applications of quantum amplitude amplification to finding claws and collisions in ordered or unordered functions. Our algorithms generalize those of Brassard, Høyer, and Tapp, and imply an O(N 3/4 log N) quantum upper bound for the element distinctness problem in the comparison c ..."
Abstract

Cited by 60 (11 self)
 Add to MetaCart
(Show Context)
We present several applications of quantum amplitude amplification to finding claws and collisions in ordered or unordered functions. Our algorithms generalize those of Brassard, Høyer, and Tapp, and imply an O(N 3/4 log N) quantum upper bound for the element distinctness problem in the comparison complexity model. This contrasts with Θ(N log N) classical complexity. We also prove a lower bound of Ω ( √ N) comparisons for this problem and derive bounds for a number of related problems. 1
Reducing the servers' computation in private information retrieval: Pir with preprocessing
 In CRYPTO 2000
, 2000
"... Abstract. Private information retrieval (PIR) enables a user to retrieve a specific data item from a database, replicated among one or more servers, while hiding from each server the identity of the retrieved item. This problem was suggested by Chor et al. [11], and since then efficient protocols wi ..."
Abstract

Cited by 50 (8 self)
 Add to MetaCart
(Show Context)
Abstract. Private information retrieval (PIR) enables a user to retrieve a specific data item from a database, replicated among one or more servers, while hiding from each server the identity of the retrieved item. This problem was suggested by Chor et al. [11], and since then efficient protocols with sublinear communication were suggested. However, in all these protocols the servers ’ computation for each retrieval is at least linear in the size of entire database, even if the user requires just one bit. In this paper, we study the computational complexity of PIR. We show that in the standard PIR model, where the servers hold only the database, linear computation cannot be avoided. To overcome this problem we propose the model of PIR with preprocessing: Before the execution of the protocol each server may compute and store polynomiallymany information bits regarding the database; later on, this information should enable the servers to answer each query of the user with more efficient computation. We demonstrate that preprocessing can save work. In particular, we construct, for any constant k ≥ 2, a kserver protocol with O(n 1/(2k−1)) communication and O(n / log 2k−2 n) work, and for any constants k ≥ 2 and ɛ> 0 a kserver protocol with O(n 1/k+ɛ) communication and work. We also prove some lower bounds on the work of the servers when they are only allowed to store a small number of extra bits. Finally, we present some alternative approaches to saving computation, by batching queries or by moving most of the computation to an offline stage. 1
TimeSpace Tradeoffs in the Counting Hierarchy
, 2001
"... We extend the lower bound techniques of [14], to the unboundederror probabilistic model. A key step in the argument is a generalization of Nepomnjasci's theorem from the Boolean setting to the arithmetic setting. This generalization is made possible, due to the recent discovery of logspaceuni ..."
Abstract

Cited by 18 (3 self)
 Add to MetaCart
(Show Context)
We extend the lower bound techniques of [14], to the unboundederror probabilistic model. A key step in the argument is a generalization of Nepomnjasci's theorem from the Boolean setting to the arithmetic setting. This generalization is made possible, due to the recent discovery of logspaceuniform TC 0 circuits for iterated multiplication [9]. Here is an
Amplifying lower bounds by means of selfreducibility
 IN IEEE CONFERENCE ON COMPUTATIONAL COMPLEXITY
, 2008
"... We observe that many important computational problems in NC¹ share a simple selfreducibility property. We then show that, for any problem A having this selfreducibility property, A has polynomial size TC 0 circuits if and only if it has TC⁰ circuits of size n 1+ɛ for every ɛ>0 (counting the num ..."
Abstract

Cited by 13 (5 self)
 Add to MetaCart
We observe that many important computational problems in NC¹ share a simple selfreducibility property. We then show that, for any problem A having this selfreducibility property, A has polynomial size TC 0 circuits if and only if it has TC⁰ circuits of size n 1+ɛ for every ɛ>0 (counting the number of wires in a circuit as the size of the circuit). As an example of what this observation yields, consider the Boolean Formula Evaluation problem (BFE), which is complete for NC¹ and has the selfreducibility property. It follows from a lower bound of Impagliazzo, Paturi, and Saks, that BFE requires depth d TC 0 circuits of size n 1+ɛd. If one were able to improve this lower bound to show that there is some constant ɛ>0 such that every TC 0 circuit family recognizing BFE has size n 1+ɛ, then it would follow that TC⁰ ̸ = NC¹. We show that proving lower bounds of the form n 1+ɛ is not ruled out by the Natural Proof framework of Razborov and Rudich and hence there is currently no known barrier for separating classes such as ACC⁰, TC⁰ and NC¹ via existing “natural ” approaches to proving circuit lower bounds. We also show that problems with small uniform constantdepth circuits have algorithms that simultaneously have small space and time bounds. We then make use of known timespace tradeoff lower bounds to show that SAT requires uniform depth d TC⁰ and AC⁰ [6] circuits of size n 1+c for some constant c depending on d.
Pebbling and Proofs of Work
"... Abstract. We investigate methods for providing easytocheck proofs of computational effort. Originally intended for discouraging spam, the concept has wide applicability as a method for controlling denial of service attacks. Dwork, Goldberg, and Naor proposed a specific memorybound function for th ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
Abstract. We investigate methods for providing easytocheck proofs of computational effort. Originally intended for discouraging spam, the concept has wide applicability as a method for controlling denial of service attacks. Dwork, Goldberg, and Naor proposed a specific memorybound function for this purpose and proved an asymptotically tight amortized lower bound on the number of memory accesses any polynomial time bounded adversary must make. Their function requires a large random table which, crucially, cannot be compressed. We answer an open question of Dwork et al. by designing a compact representation for the table. The paradox, compressing an incompressible table, is resolved by embedding a time/space tradeoff into the process for constructing the table from its representation. 1
Quantum timespace tradeoffs for sorting
 Proceedings of 35th ACM STOC
, 2003
"... We investigate the complexity of sorting in the model of sequential quantum circuits. While it is known that a quantum algorithm based on comparisons alone cannot outperform classical sorting algorithms by more than a constant factor in time complexity, this is wrong in a space bounded setting. We o ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
(Show Context)
We investigate the complexity of sorting in the model of sequential quantum circuits. While it is known that a quantum algorithm based on comparisons alone cannot outperform classical sorting algorithms by more than a constant factor in time complexity, this is wrong in a space bounded setting. We observe that for all storage bounds S, one can devise a quantum algorithm that sorts n numbers (using comparisons only) in time T = O(n
Parity graphdriven readonce branching programs and an exponential lower bound for integer multiplication
 In Proc. of 2nd TCS
, 2002
"... Abstract Branching programs are a wellestablished computation model for boolean functions, especially readonce branching programs have been studied intensively. Exponential lower bounds for deterministic and nondeterministic readonce branching programs are known for a long time. On the other hand ..."
Abstract

Cited by 7 (3 self)
 Add to MetaCart
(Show Context)
Abstract Branching programs are a wellestablished computation model for boolean functions, especially readonce branching programs have been studied intensively. Exponential lower bounds for deterministic and nondeterministic readonce branching programs are known for a long time. On the other hand, the problem of proving superpolynomial lower bounds for parity readonce branching programs is still open. In this paper restricted parity readonce branching programs are considered and an exponential lower bound on the size of wellstructured parity graphdriven readonce branching programs for integer multiplication is proven. This is the first strongly exponential lower bound on the size of a nonoblivious parity readonce branching program model for an explicitly defined boolean function. In addition, more insight into the structure of integer multiplication is yielded.
A Hierarchy Result for ReadOnce Branching Programs with Restricted Parity Nondeterminism
 IN MATHEMATICAL FOUNDATIONS OF COMPUTER SCIENCE: 25TH INTERNATIONAL SYMPOSIUM, VOLUME 1893 OF LECTURE NOTES IN COMPUTER SCIENCE
, 2000
"... Restricted branching programs are considered in complexity theory in order to study the space complexity of sequential computations and in applications as a data structure for Boolean functions. In this paper (⊕, k)branching programs and (#, k)branching programs are considered, i.e., branching pro ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
(Show Context)
Restricted branching programs are considered in complexity theory in order to study the space complexity of sequential computations and in applications as a data structure for Boolean functions. In this paper (⊕, k)branching programs and (#, k)branching programs are considered, i.e., branching programs starting with a ⊕ (or #)node with a fanout of k whose successors are k readonce branching programs. This model is motivated by the investigation of the power of nondeterminism in branching programs and of similar variants that have been considered as a data structure. Lower bound methods and hierarchy results for polynomial size (⊕, k) and (#, k)branching programs with respect to k are presented.