Results 1  10
of
18
On MemoryBound Functions for Fighting Spam
 In Crypto
, 2002
"... In 1992, Dwork and Naor proposed that email messages be accompanied by easytocheck proofs of computational effort in order to discourage junk email, now known as spam. They proposed specific CPUbound functions for this purpose. Burrows suggested that, since memory access speeds vary across ma ..."
Abstract

Cited by 82 (2 self)
 Add to MetaCart
In 1992, Dwork and Naor proposed that email messages be accompanied by easytocheck proofs of computational effort in order to discourage junk email, now known as spam. They proposed specific CPUbound functions for this purpose. Burrows suggested that, since memory access speeds vary across machines much less than do CPU speeds, memorybound functions may behave more equitably than CPUbound functions; this approach was first explored by Abadi, Burrows, Manasse, and Wobber [8].
Quantum Algorithms for Element Distinctness
 SIAM Journal of Computing
, 2001
"... We present several applications of quantum amplitude amplification to finding claws and collisions in ordered or unordered functions. Our algorithms generalize those of Brassard, Høyer, and Tapp, and imply an O(N 3/4 log N) quantum upper bound for the element distinctness problem in the comparison c ..."
Abstract

Cited by 58 (11 self)
 Add to MetaCart
We present several applications of quantum amplitude amplification to finding claws and collisions in ordered or unordered functions. Our algorithms generalize those of Brassard, Høyer, and Tapp, and imply an O(N 3/4 log N) quantum upper bound for the element distinctness problem in the comparison complexity model. This contrasts with Θ(N log N) classical complexity. We also prove a lower bound of Ω ( √ N) comparisons for this problem and derive bounds for a number of related problems. 1
Reducing the servers' computation in private information retrieval: Pir with preprocessing
 In CRYPTO 2000
, 2000
"... Abstract. Private information retrieval (PIR) enables a user to retrieve a specific data item from a database, replicated among one or more servers, while hiding from each server the identity of the retrieved item. This problem was suggested by Chor et al. [11], and since then efficient protocols wi ..."
Abstract

Cited by 45 (8 self)
 Add to MetaCart
Abstract. Private information retrieval (PIR) enables a user to retrieve a specific data item from a database, replicated among one or more servers, while hiding from each server the identity of the retrieved item. This problem was suggested by Chor et al. [11], and since then efficient protocols with sublinear communication were suggested. However, in all these protocols the servers ’ computation for each retrieval is at least linear in the size of entire database, even if the user requires just one bit. In this paper, we study the computational complexity of PIR. We show that in the standard PIR model, where the servers hold only the database, linear computation cannot be avoided. To overcome this problem we propose the model of PIR with preprocessing: Before the execution of the protocol each server may compute and store polynomiallymany information bits regarding the database; later on, this information should enable the servers to answer each query of the user with more efficient computation. We demonstrate that preprocessing can save work. In particular, we construct, for any constant k ≥ 2, a kserver protocol with O(n 1/(2k−1)) communication and O(n / log 2k−2 n) work, and for any constants k ≥ 2 and ɛ> 0 a kserver protocol with O(n 1/k+ɛ) communication and work. We also prove some lower bounds on the work of the servers when they are only allowed to store a small number of extra bits. Finally, we present some alternative approaches to saving computation, by batching queries or by moving most of the computation to an offline stage. 1
TimeSpace Tradeoffs in the Counting Hierarchy
, 2001
"... We extend the lower bound techniques of [14], to the unboundederror probabilistic model. A key step in the argument is a generalization of Nepomnjasci's theorem from the Boolean setting to the arithmetic setting. This generalization is made possible, due to the recent discovery of logspaceuniform ..."
Abstract

Cited by 19 (4 self)
 Add to MetaCart
We extend the lower bound techniques of [14], to the unboundederror probabilistic model. A key step in the argument is a generalization of Nepomnjasci's theorem from the Boolean setting to the arithmetic setting. This generalization is made possible, due to the recent discovery of logspaceuniform TC 0 circuits for iterated multiplication [9]. Here is an
Amplifying lower bounds by means of selfreducibility
 In IEEE Conference on Computational Complexity
, 2008
"... We observe that many important computational problems in NC 1 share a simple selfreducibility property. We then show that, for any problem A having this selfreducibility property, A has polynomial size TC 0 circuits if and only if it has TC 0 circuits of size n 1+ɛ for every ɛ>0 (counting the numb ..."
Abstract

Cited by 13 (4 self)
 Add to MetaCart
We observe that many important computational problems in NC 1 share a simple selfreducibility property. We then show that, for any problem A having this selfreducibility property, A has polynomial size TC 0 circuits if and only if it has TC 0 circuits of size n 1+ɛ for every ɛ>0 (counting the number of wires in a circuit as the size of the circuit). As an example of what this observation yields, consider the Boolean Formula Evaluation problem (BFE), which is complete for NC 1 and has the selfreducibility property. It follows from a lower bound of Impagliazzo, Paturi, and Saks, that BFE requires depth d TC 0 circuits of size n 1+ɛd. If one were able to improve this lower bound to show that there is some constant ɛ>0 such that every TC 0 circuit family recognizing BFE has size n 1+ɛ, then it would follow that TC 0 ̸ = NC 1. We show that proving lower bounds of the form n 1+ɛ is not ruled out by the Natural Proof framework of Razborov and Rudich and hence there is currently no known barrier for separating classes such as ACC 0,TC 0 and NC 1 via existing “natural ” approaches to proving circuit lower bounds. We also show that problems with small uniform constantdepth circuits have algorithms that simultaneously have small space and time bounds. We then make use of known timespace tradeoff lower bounds to show that SAT requires uniform depth d TC 0 and AC 0 [6] circuits of size n 1+c for some constant c depending on d. 1
Quantum timespace tradeoffs for sorting
 Proceedings of 35th ACM STOC
, 2003
"... We investigate the complexity of sorting in the model of sequential quantum circuits. While it is known that a quantum algorithm based on comparisons alone cannot outperform classical sorting algorithms by more than a constant factor in time complexity, this is wrong in a space bounded setting. We o ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
We investigate the complexity of sorting in the model of sequential quantum circuits. While it is known that a quantum algorithm based on comparisons alone cannot outperform classical sorting algorithms by more than a constant factor in time complexity, this is wrong in a space bounded setting. We observe that for all storage bounds S, one can devise a quantum algorithm that sorts n numbers (using comparisons only) in time T = O(n
Pebbling and Proofs of Work
"... Abstract. We investigate methods for providing easytocheck proofs of computational effort. Originally intended for discouraging spam, the concept has wide applicability as a method for controlling denial of service attacks. Dwork, Goldberg, and Naor proposed a specific memorybound function for th ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
Abstract. We investigate methods for providing easytocheck proofs of computational effort. Originally intended for discouraging spam, the concept has wide applicability as a method for controlling denial of service attacks. Dwork, Goldberg, and Naor proposed a specific memorybound function for this purpose and proved an asymptotically tight amortized lower bound on the number of memory accesses any polynomial time bounded adversary must make. Their function requires a large random table which, crucially, cannot be compressed. We answer an open question of Dwork et al. by designing a compact representation for the table. The paradox, compressing an incompressible table, is resolved by embedding a time/space tradeoff into the process for constructing the table from its representation. 1
Parity graphdriven readonce branching programs and an exponential lower bound for integer multiplication
 In Proc. of 2nd TCS
, 2002
"... Abstract Branching programs are a wellestablished computation model for boolean functions, especially readonce branching programs have been studied intensively. Exponential lower bounds for deterministic and nondeterministic readonce branching programs are known for a long time. On the other hand ..."
Abstract

Cited by 5 (3 self)
 Add to MetaCart
Abstract Branching programs are a wellestablished computation model for boolean functions, especially readonce branching programs have been studied intensively. Exponential lower bounds for deterministic and nondeterministic readonce branching programs are known for a long time. On the other hand, the problem of proving superpolynomial lower bounds for parity readonce branching programs is still open. In this paper restricted parity readonce branching programs are considered and an exponential lower bound on the size of wellstructured parity graphdriven readonce branching programs for integer multiplication is proven. This is the first strongly exponential lower bound on the size of a nonoblivious parity readonce branching program model for an explicitly defined boolean function. In addition, more insight into the structure of integer multiplication is yielded.
Cracks in the Defenses: Scouting Out Approaches on Circuit Lower Bounds
"... Razborov and Rudich identified an imposing barrier that stands in the way of progress toward the goal of proving superpolynomial lower bounds on circuit size. Their work on “natural proofs” applies to a large class of arguments that have been used in complexity theory, and shows that no such argum ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
Razborov and Rudich identified an imposing barrier that stands in the way of progress toward the goal of proving superpolynomial lower bounds on circuit size. Their work on “natural proofs” applies to a large class of arguments that have been used in complexity theory, and shows that no such argument can prove that a problem requires circuits of superpolynomial size, even for some very restricted classes of circuits (under reasonable cryptographic assumptions). This barrier is so daunting, that some researchers have decided to focus their attentions elsewhere. Yet the goal of proving circuit lower bounds is of such importance, that some in the community have proposed concrete strategies for surmounting the obstacle. This lecture will discuss some of these strategies, and will dwell at length on a recent approach proposed by Michal Koucky and the author.
Optimal TimeSpace TradeOffs for NonComparisonBased Sorting ∗
, 2001
"... Reproduction of all or part of this work is permitted for educational or research use on condition that this copyright notice is included in any copy. See back inner page for a list of recent BRICS Report Series publications. Copies may be obtained by contacting: BRICS ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
Reproduction of all or part of this work is permitted for educational or research use on condition that this copyright notice is included in any copy. See back inner page for a list of recent BRICS Report Series publications. Copies may be obtained by contacting: BRICS