Results 1  10
of
46
A New RecursionTheoretic Characterization Of The Polytime Functions
 COMPUTATIONAL COMPLEXITY
, 1992
"... We give a recursiontheoretic characterization of FP which describes polynomial time computation independently of any externally imposed resource bounds. In particular, this syntactic characterization avoids the explicit size bounds on recursion (and the initial function 2 xy ) of Cobham. ..."
Abstract

Cited by 234 (7 self)
 Add to MetaCart
We give a recursiontheoretic characterization of FP which describes polynomial time computation independently of any externally imposed resource bounds. In particular, this syntactic characterization avoids the explicit size bounds on recursion (and the initial function 2 xy ) of Cobham.
A probabilistic polynomialtime calculus for analysis of cryptographic protocols
 Electronic Notes in Theoretical Computer Science
, 2001
"... We prove properties of a process calculus that is designed for analyzing security protocols. Our longterm goal is to develop a form of protocol analysis, consistent with standard cryptographic assumptions, that provides a language for expressing probabilistic polynomialtime protocol steps, a spec ..."
Abstract

Cited by 48 (8 self)
 Add to MetaCart
(Show Context)
We prove properties of a process calculus that is designed for analyzing security protocols. Our longterm goal is to develop a form of protocol analysis, consistent with standard cryptographic assumptions, that provides a language for expressing probabilistic polynomialtime protocol steps, a specification method based on a compositional form of equivalence, and a logical basis for reasoning about equivalence. The process calculus is a variant of CCS, with bounded replication and probabilistic polynomialtime expressions allowed in messages and boolean tests. To avoid inconsistency between security and nondeterminism, messages are scheduled probabilistically instead of nondeterministically. We prove that evaluation of any process expression halts in probabilistic polynomial time and define a form of asymptotic protocol equivalence that allows security properties to be expressed using observational equivalence, a standard relation from programming language theory that involves quantifying over possible environments that might interact with the protocol. We develop a form of probabilistic bisimulation and use it to establish the soundness of an equational proof system based on observational equivalences. The proof system is illustrated by a formation derivation of the assertion, wellknown in cryptography, that ElGamal encryption’s semantic security is equivalent to the (computational) Decision DiffieHellman assumption. This example demonstrates the power of probabilistic bisimulation and equational reasoning for protocol security.
Probabilistic PolynomialTime Process Calculus and Security Protocol Analysis
 Theoretical Computer Science
, 2006
"... Abstract. We prove properties of a process calculus that is designed for analysing security protocols. Our longterm goal is to develop a form of protocol analysis, consistent with standard cryptographic assumptions, that provides a language for expressing probabilistic polynomialtime protocol step ..."
Abstract

Cited by 41 (3 self)
 Add to MetaCart
(Show Context)
Abstract. We prove properties of a process calculus that is designed for analysing security protocols. Our longterm goal is to develop a form of protocol analysis, consistent with standard cryptographic assumptions, that provides a language for expressing probabilistic polynomialtime protocol steps, a specification method based on a compositional form of equivalence, and a logical basis for reasoning about equivalence. The process calculus is a variant of CCS, with bounded replication and probabilistic polynomialtime expressions allowed in messages and boolean tests. To avoid inconsistency between security and nondeterminism, messages are scheduled probabilistically instead of nondeterministically. We prove that evaluation of any process expression halts in probabilistic polynomial time and define a form of asymptotic protocol equivalence that allows security properties to be expressed using observational equivalence, a standard relation from programming language theory that involves quantifying over all possible environments that might interact with the protocol. We develop a form of probabilistic bisimulation and use it to establish the soundness of an equational proof system based on observational equivalences. The proof system is illustrated by a formation derivation of the assertion, wellknown in cryptography, that El Gamal encryption’s semantic security is equivalent to the (computational) Decision DiffieHellman assumption. This example demonstrates the power of probabilistic bisimulation and equational reasoning for protocol security.
A Linguistic Characterization of Bounded Oracle Computation and Probabilistic Polynomial Time
, 1998
"... We present a higherorder functional notation for polynomialtime computation with an arbitrary 0, 1valued oracle. This formulation provides a linguistic characterization for classes such as NP and BPP, as well as a notation for probabilistic polynomialtime functions. The language is derived from H ..."
Abstract

Cited by 26 (9 self)
 Add to MetaCart
We present a higherorder functional notation for polynomialtime computation with an arbitrary 0, 1valued oracle. This formulation provides a linguistic characterization for classes such as NP and BPP, as well as a notation for probabilistic polynomialtime functions. The language is derived from Hofmann 's adaptation of BellantoniCook safe recursion, extended to oracle computation via work derived from that of Kapron and Cook. Like Hofmann's language, ours is an applied typed lambda calculus with complexity bounds enforced by a type system. The type system uses a modal operator to distinguish between two sorts of numerical expressions. Recursion can take place on only one of these sorts. The proof that the language captures precisely oracle polynomial time is modeltheoretic, using adaptations of various techniques from category theory.
Probabilistic Bisimulation and Equivalence for Security Analysis of Network Protocols
 In FOSSACS 2004  Foundations of Software Science and Computation Structures
, 2004
"... Using a probabilistic polynomialtime process calculus designed for specifying security properties as observational equivalences, we develop a form of bisimulation that justifies an equational proof system. ..."
Abstract

Cited by 24 (9 self)
 Add to MetaCart
(Show Context)
Using a probabilistic polynomialtime process calculus designed for specifying security properties as observational equivalences, we develop a form of bisimulation that justifies an equational proof system.
A mixed modal/linear lambda calculus with applications to BellantoniCook safe recursion
, 1998
"... . This paper introduces a simplytyped lambda calculus with both modal and linear function types. Through the use of subtyping extra term formers associated with modality and linearity are avoided. We study the basic metatheory of this system including existence and inference of principal types. The ..."
Abstract

Cited by 19 (7 self)
 Add to MetaCart
. This paper introduces a simplytyped lambda calculus with both modal and linear function types. Through the use of subtyping extra term formers associated with modality and linearity are avoided. We study the basic metatheory of this system including existence and inference of principal types. The system serves as a platform for certain higherorder generalisations of BellantoniCook's function algebra capturing polynomial time using a separation of the variables into "safe" and "normal" ones. The distinction between and the syntactic restrictions involved with the safe and normal variables in the BellantoniCook framework are captured by the modal function space and the associated typing rules. The linear function spaces on the other hand are used to enable a certain form of primitive recursion with functional result type which is conservative over polynomial time. The proofs associated with these applications are based on an interpretation of the lambda calculus in a categorytheor...
Functionalgebraic characterizations of log and polylog parallel time
 Computational Complexity
, 1994
"... Abstract. The main results of this paper are recursiontheoretic characterizations of two parallel complexity classes: the functions computable by uniform bounded fanin circuit families of log and polylog depth (or equivalently, the functions bitwise computable by alternating Turing machines in log ..."
Abstract

Cited by 14 (4 self)
 Add to MetaCart
Abstract. The main results of this paper are recursiontheoretic characterizations of two parallel complexity classes: the functions computable by uniform bounded fanin circuit families of log and polylog depth (or equivalently, the functions bitwise computable by alternating Turing machines in log and polylog time). The present characterizations avoid the complex base functions, function constructors, and a priori size or depth bounds typical of previous work on these classes. This simplicity is achieved by extending the \tiered recursion &quot; techniques of Leivant and Bellantoni&Cook. Key words. Circuit complexity � subrecursion. Subject classi cations. 68Q15, 03D20, 94C99. 1.
Ranking primitive recursions: The low grzegorczyk classes revisited
 SIAM Journal of Computing
, 1998
"... Abstract. Traditional results in subrecursion theory are integrated with the recent work in “predicative recursion ” by defining a simple ranking ρ of all primitive recursive functions. The hierarchy defined by this ranking coincides with the Grzegorczyk hierarchy at and above the linearspace level. ..."
Abstract

Cited by 11 (1 self)
 Add to MetaCart
(Show Context)
Abstract. Traditional results in subrecursion theory are integrated with the recent work in “predicative recursion ” by defining a simple ranking ρ of all primitive recursive functions. The hierarchy defined by this ranking coincides with the Grzegorczyk hierarchy at and above the linearspace level. Thus, the result is like an extension of the Schwichtenberg/Müller theorems. When primitive recursion is replaced by recursion on notation, the same series of classes is obtained except with the polynomial time computable functions at the first level.