Results 1  10
of
21
Finding Pessiland
, 2006
"... We explore the minimal assumptions that are necessary for nontrivial argument systems, such as Kilian’s argument system for NP with polylogarithmic communication complexity [K92]. We exhibit an oracle relative to which there is a 2round argument system with polylogarithmic communication complexit ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
We explore the minimal assumptions that are necessary for nontrivial argument systems, such as Kilian’s argument system for NP with polylogarithmic communication complexity [K92]. We exhibit an oracle relative to which there is a 2round argument system with polylogarithmic communication complexity for some language in NP, but no oneway functions. The language lies outside BPTime(2 o(n)), so the relaxation to computational soundness is essential for achieving sublinear communication complexity. We obtain as a corollary that under blackbox reductions, nontrivial argument systems do not imply oneway functions.
There is no Indistinguishability Obfuscation in Pessiland
, 2013
"... We show that if NP � co−RP then the existence of efficient indistinguishability obfuscation (iO) implies the existence of oneway functions. Thus, if we live in “Pessiland”, where NP problems are hard on the average but oneway functions do not exist, or even in “Heuristica”, where NP problems are h ..."
Abstract

Cited by 7 (1 self)
 Add to MetaCart
We show that if NP � co−RP then the existence of efficient indistinguishability obfuscation (iO) implies the existence of oneway functions. Thus, if we live in “Pessiland”, where NP problems are hard on the average but oneway functions do not exist, or even in “Heuristica”, where NP problems
If NP languages are hard on the worstcase then it is easy to find their hard instances
 PROCEEDINGS OF THE 20TH ANNUAL CONFERENCE ON COMPUTATIONAL COMPLEXITY, (CCC)
, 2005
"... We prove that if NP 6t, BPP, i.e., if some NPcomplete language is worstcase hard, then for every probabilistic algorithm trying to decide the language,there exists some polynomially samplable distribution that is hard for it. That is, the algorithm often errson inputs from this distribution. This ..."
Abstract

Cited by 19 (7 self)
 Add to MetaCart
We prove that if NP 6t, BPP, i.e., if some NPcomplete language is worstcase hard, then for every probabilistic algorithm trying to decide the language,there exists some polynomially samplable distribution that is hard for it. That is, the algorithm often errson inputs from this distribution. This is the first worstcase to averagecase reduction for NP of any kind.We stress however, that this does not mean that there exists one fixed samplable distribution that is hard for all probabilistic polynomial time algorithms, which isa prerequisite assumption needed for OWF and cryptography (even if not a sufficient assumption). Nevertheless, we do show that there is a fixed distribution on instances of NPcomplete languages, that is samplable in quasipolynomial time and is hard for all probabilistic polynomial time algorithms (unless NP is easy in the worstcase). Our results are based on the following lemma that may be of independent interest: Given the description of an efficient (probabilistic) algorithm that failsto solve SAT in the worstcase, we can efficiently generate at most three Boolean formulas (of increasing
unknown title
"... If NP languages are hard on the worstcase then it is easy to find their hard instances ..."
Abstract
 Add to MetaCart
If NP languages are hard on the worstcase then it is easy to find their hard instances
On Basing LowerBounds for Learning on WorstCase Assumptions
"... We consider the question of whether P != NP implies that there exists some concept class that is efficiently representable but is still hard to learn in the PAC model of Valiant (CACM ’84), where the learner is allowed to output any efficient hypothesis approximating the concept, including an “impro ..."
Abstract

Cited by 15 (4 self)
 Add to MetaCart
We consider the question of whether P != NP implies that there exists some concept class that is efficiently representable but is still hard to learn in the PAC model of Valiant (CACM ’84), where the learner is allowed to output any efficient hypothesis approximating the concept, including an “improper” hypothesis that is not itself in the concept class. We show that unless the Polynomial Hierarchy collapses, such a statement cannot be proven via a large class of reductions including Karp reductions, truthtable reductions, and a restricted form of nonadaptive Turing reductions. Also, a proof that uses a Turing reduction of constant levels of adaptivity would imply an important consequence in cryptography as it yields a transformation from any averagecase hard problem in NP to a oneway function. Our results hold even in the stronger model of agnostic learning. These results are obtained by showing that lower bounds for improper learning are intimately related to the complexity of zeroknowledge arguments and to the existence of weak cryptographic primitives. In particular, we prove that if a language L reduces to the task of improper learning of circuits, then, depending on the type of the reduction in use, either (1) L has a statistical zeroknowledge argument system, or (2) the worstcase hardness of L implies the existence of a weak variant of oneway functions defined by OstrovskyWigderson (ISTCS ’93). Interestingly, we observe that the converse implication also holds. Namely, if (1) or (2) hold then the intractability of L implies that improper learning is hard.
unknown title
"... Abstract. We explore the minimal assumptions that are necessary for nontrivial argument systems, such as Kilian’s argument system for NP with polylogarithmic communication complexity [K92]. We exhibit an oracle relative to which there is a 2round argument system with polylogarithmic communication ..."
Abstract
 Add to MetaCart
Abstract. We explore the minimal assumptions that are necessary for nontrivial argument systems, such as Kilian’s argument system for NP with polylogarithmic communication complexity [K92]. We exhibit an oracle relative to which there is a 2round argument system with polylogarithmic communication complexity for some language in NP, but no oneway functions. The language lies outside BPTime(2 o(n)), so the relaxation to computational soundness is essential for achieving sublinear communication complexity. We obtain as a corollary that under blackbox reductions, nontrivial argument systems do not imply oneway functions. 1
Weak pseudorandom functions in Minicrypt
, 2008
"... A family of functions is weakly pseudorandom if a random member of the family is indistinguishable from a uniform random function when queried on random inputs. We point out a subtle ambiguity in the definition of weak PRFs: there are natural weak PRFs whose security breaks down if the randomness u ..."
Abstract

Cited by 6 (2 self)
 Add to MetaCart
A family of functions is weakly pseudorandom if a random member of the family is indistinguishable from a uniform random function when queried on random inputs. We point out a subtle ambiguity in the definition of weak PRFs: there are natural weak PRFs whose security breaks down if the randomness used to sample the inputs is revealed. To capture this ambiguity we distinguish between publiccoin and secretcoin weak PRFs. We show that the existence of a secretcoin weak PRF which is not also a publiccoin weak PRF implies the existence of two pass keyagreement (i.e. publickey encryption). So in Minicrypt, i.e. under the assumption that oneway functions exist but publickey cryptography does not, the notion of public and secretcoin weak PRFs coincide. Previous to this paper all positive cryptographic statements known to hold exclusively in Minicrypt concerned the adaptive security of constructions using nonadaptively secure components. Weak PRFs give rise to a new set of statements having this property. As another example we consider the problem of range extension for weak PRFs. We show that in Minicrypt one can beat the best possible range expansion factor (using a fixed number of distinct keys) for a very general class of constructions (in particular, this class contains all constructions that are known today).
On Basing LowerBounds for Learning on WorstCase Assumptions
"... We consider the question of whether P � = NP implies that there exists some concept class that is efficiently representable but is still hard to learn in the PAC model of Valiant (CACM ’84), where the learner is allowed to output any efficient hypothesis approximating the concept, including an “impr ..."
Abstract
 Add to MetaCart
We consider the question of whether P � = NP implies that there exists some concept class that is efficiently representable but is still hard to learn in the PAC model of Valiant (CACM ’84), where the learner is allowed to output any efficient hypothesis approximating the concept, including an “improper” hypothesis that is not itself in the concept class. We show that unless the Polynomial Hierarchy collapses, such a statement cannot be proven via a large class of reductions including Karp reductions, truthtable reductions, and a restricted form of nonadaptive Turing reductions. Also, a proof that uses a Turing reduction of constant levels of adaptivity would imply an important consequence in cryptography as it yields a transformation from any averagecase hard problem in NP to a oneway function. Our results hold even in the stronger model of agnostic learning. These results are obtained by showing that lower bounds for improper learning are intimately related to the complexity of zeroknowledge arguments and to the existence of weak cryptographic primitives. In particular, we prove that if a language L reduces to the task of improper learning of circuits, then, depending on the type of the reduction in use, either (1) L has a statistical zeroknowledge argument system, or (2) the worstcase hardness of L implies the existence of a weak variant of oneway functions defined by OstrovskyWigderson (ISTCS ’93). Interestingly, we observe that the converse implication also holds. Namely, if (1) or (2) hold then the intractability of L implies that improper learning is hard. 1.
Results 1  10
of
21