There is no generally accepted definition for conditional Tsallis entropy. The standard definitio... more There is no generally accepted definition for conditional Tsallis entropy. The standard definition of (unconditional) Tsallis entropy depends on a parameter α that converges to the Shannon entropy as α approaches 1. In this paper, we describe three proposed definitions of conditional Tsallis entropy suggested in the literature—their properties are studied and their values, as a function of α, are compared. We also consider another natural proposal for conditional Tsallis entropy and compare it with the existing ones. Lastly, we present an online tool to compute the four conditional Tsallis entropies, given the probability distributions and the value of the parameter α.
The oblivious transfer primitive is sufficient to implement secure multiparty computation. Howeve... more The oblivious transfer primitive is sufficient to implement secure multiparty computation. However, secure multiparty computation based on public-key cryptography is limited by the security and efficiency of the oblivious transfer implementation. We present a method to generate and distribute oblivious keys by exchanging qubits and by performing commitments using classical hash functions. With the presented hybrid approach of quantum and classical, we obtain a practical and high-speed oblivious transfer protocol. We analyse the security and efficiency features of the technique and conclude that it presents advantages in both areas when compared to public-key based techniques.
We study characterizations of one-way functions in terms of time-bounded Kolmogorov complexity. A... more We study characterizations of one-way functions in terms of time-bounded Kolmogorov complexity. As the main contribution, we propose definitions for strong and weak Kolmogorov one-way functions and show that these are equivalent to classical strong and weak one-way functions, respectively. The new definitions were motivated by the fact that the expected value approach is not able to characterize strong one-way functions as we prove in the paper.
Journal of Physics A: Mathematical and Theoretical
We present a bit-string quantum oblivious transfer protocol based on single-qubit rotations. The ... more We present a bit-string quantum oblivious transfer protocol based on single-qubit rotations. The proposed protocol does not violate the Lo's nogo theorem that prevents the unconditional security of 1-out-of-2 oblivious transfer. Our protocol is based on a previously proposed quantum public key protocol and its security relies on the laws of Quantum Mechanics. We also present a single-bit oblivious transfer based on the proposed bitstring protocol. The protocol can be implemented with current technology based on optics.
We introduced a new method for distinguishing two probability ensembles called one from each meth... more We introduced a new method for distinguishing two probability ensembles called one from each method, in which the distinguisher receives as input two samples, one from each ensemble. We compare this new method with multi-sample from the same method already exiting in the literature and prove that there are ensembles distinguishable by the new method, but indistinguishable by the multi-sample from the same method. To evaluate the power of the proposed method we also show that if non-uniform distinguishers (probabilistic circuits) are used, the one from each
We propose an individual approach to one-way functions based on Kolmogorov complexity and prove s... more We propose an individual approach to one-way functions based on Kolmogorov complexity and prove some relationships between the new proposals and the classical definitions of one-way functions. We also give some insight about Kolmogorov one-way functions relating it with the conjecture of polynomial time symmetry of information.
We present a quantum public-key crypto-system based on quantum walks. We show its security and an... more We present a quantum public-key crypto-system based on quantum walks. We show its security and analyze the complexity of public-key generation and encryption/decryption procedures.
Depth of an object concerns a tradeoff between computation time and excess of program length over... more Depth of an object concerns a tradeoff between computation time and excess of program length over the shortest program length required to obtain the object. It gives an unconditional lower bound on the computation time from a given program in absence of auxiliary information. Variants known as logical depth and computational depth are expressed in Kolmogorov complexity theory. We derive quantitative relation between logical depth and computational depth and unify the different depth notions by relating them to A. Kolmogorov and L. Levin’s fruitful notion of randomness deficiency. Subsequently, we revisit the computational The authors from University of Porto are partially supported by KCrypt (POSC/EIA/60819/2004) and funds granted to LIACC through the Programa de Financiamento Plurianual, Fundação para a Ciência e Tecnologia and Programa POSI.
Oblivious transfer protocol is a basic building block in cryptography and is used to transfer inf... more Oblivious transfer protocol is a basic building block in cryptography and is used to transfer information from a sender to a receiver in such a way that, at the end of the protocol, the sender does not know if the receiver got the message or not. Since Shor's quantum algorithm appeared, the security of most of classical cryptographic schemes has been compromised, as they rely on the fact that factoring is unfeasible. To overcome this, quantum mechanics has been used intensively in the past decades, and alternatives resistant to quantum attacks have been developed in order to fulfill the (potential) lack of security of a significant number of classical schemes. In this paper, we present a quantum computationally secure protocol for oblivious transfer between two parties, under the assumption of quantum hardness of state distinguishability. The protocol is feasible, in the sense that it is implementable in polynomial time.
The logical depth with significance b of a finite binary string x is the shortest running time of... more The logical depth with significance b of a finite binary string x is the shortest running time of a binary program for x that can be compressed by at most b bits. There is another definition of logical depth. We give two theorems about the quantitative relation between these versions: the first theorem concerns a variation of a known fact with a new proof, the second theorem and its proof are new. We select the above version of logical depth and show the following. There is an infinite sequence of strings of increasing length such that for each j there is a b such that the logical depth of the jth string as a function of j is incomputable (it rises faster than any computable function) but with b replaced by b + 1 the resuling function is computable. Hence the maximal gap between the logical depths resulting from incrementing appropriate b's by 1 rises faster than any computable function. All functions mentioned are upper bounded by the Busy Beaver function. Since for every string its logical depth is nonincreasing in b, the minimal computation time of the shortest programs for the sequence of strings as a function of j rises faster than any computable function but not so fast as the Busy Beaver function.
Oblivious transfer protocol is a basic building block in cryptography and is used to transfer inf... more Oblivious transfer protocol is a basic building block in cryptography and is used to transfer information from a sender to a receiver in such a way that, at the end of the protocol, the sender does not know if the receiver got the message or not. Since Shor's quantum algorithm appeared, the security of most of classical cryptographic schemes has been compromised, as they rely on the fact that factoring is unfeasible. To overcome this, quantum mechanics has been used intensively in the past decades, and alternatives resistant to quantum attacks have been developed in order to fulfill the (potential) lack of security of a significant number of classical schemes. In this paper, we present a quantum computationally secure protocol for oblivious transfer between two parties, under the assumption of quantum hardness of state distinguishability. The protocol is feasible, in the sense that it is implementable in polynomial time.
We present a bit-string quantum oblivious transfer protocol based on single-qubit rotations. The ... more We present a bit-string quantum oblivious transfer protocol based on single-qubit rotations. The proposed protocol does not violate the Lo's nogo theorem that prevents the unconditional security of 1-out-of-2 oblivious transfer. Our protocol is based on a previously proposed quantum public key protocol and its security relies on the laws of Quantum Mechanics. We also present a single-bit oblivious transfer based on the proposed bitstring protocol. The protocol can be implemented with current technology based on optics.
Usually one can quantify the subjective notion of useful information in two different perspective... more Usually one can quantify the subjective notion of useful information in two different perspectives: static resources-measuring the amount of planing required to construct the object; or dynamic resources-measuring the computational effort required to produce the object. We study the robustness of logical depth measuring dynamic resources, proving that small variations in the significance level can cause large changes in the logical depth.
2010 IEEE International Symposium on Information Theory, 2010
We further study the connection between Algorithmic Entropy and Shannon and Rényi Entropies. It i... more We further study the connection between Algorithmic Entropy and Shannon and Rényi Entropies. It is given an example for which the difference between the expected value of algorithmic entropy and Shannon Entropy meets the known upperbound and, for Rényi Entropy, proving that all other values of the parameter (α), the same difference can be big. We also prove that for a particular type of distributions Shannon Entropy is able to capture the notion of computationally accessible information by relating it to time-bounded algorithmic entropy. In order to better study this unexpected relation it is investigated the behavior of the different entropies (Shannon, Rényi and Tsallis) under the distribution based on the time-bounded algorithmic entropy.
We study the relationship between complexity cores of a language and the descriptional complexity... more We study the relationship between complexity cores of a language and the descriptional complexity of the characteristic sequence of the language based on Kolmogorov complexity. Intuitively, a complexity core is a set of hard instances of a language, i.e. instances which cannot be decided in polynomial time. Kolmogorov complexity measures the information content of a string by the length of the shortest program which prints the string. Time-bounded Kolmogorov complexity looks at the length of a shortest program which prints the string within a specified time bound. We prove that a recursive set A has a complexity core if for all constants c, the computational depth (the difference between time-bounded and unbounded Kolmogorov complexities) of the characteristic sequence of A up to length n is larger than c infinitely often. We also show that if a language has a complexity core of exponential density, then it cannot be accepted in average polynomial time, when the strings are distributed according to a time bounded version of the universal distribution.
We prove several results relating injective one-way functions, timebounded conditional Kolmogorov... more We prove several results relating injective one-way functions, timebounded conditional Kolmogorov complexity, and time-bounded conditional entropy. First we establish a connection between injective, strong and weak one-way functions and the expected value of the polynomial time-bounded Kolmogorov complexity, denoted here by E(K t (x|f (x))). These results are in both directions. More precisely, conditions on E(K t (x|f (x))) that imply that f is a weak one-way function, and properties of E(K t (x|f (x))) that are implied by the fact that f is a strong oneway function. In particular, we prove a separation result: based on the concept of time-bounded Kolmogorov complexity, we find an interval in which every function f is a necessarily weak but not a strong one-way function. Then we propose an individual approach to injective one-way functions based on Kolmogorov complexity, defining Kolmogorov one-way functions and prove some relationships between the new proposal and the classical definition of one-way functions, showing that a Kolmogorov one-way function is also a deterministic one-way function. A relationship between Kolmogorov one-way functions and the conjecture of polynomial time symmetry of information is also proved. Finally, we relate E(K t (x|f (x))) and two forms of time-bounded entropy, the unpredictable entropy H unp , in which "one-wayness" of a function can be easily expressed, and the Yao + entropy, a measure based on compression/decompression schema in which only the decompressor is restricted to be time-bounded.
In the present paper, we answer a question raised in the paper Constructions and Bounds for Uncon... more In the present paper, we answer a question raised in the paper Constructions and Bounds for Unconditionally Secure Non-Interactive Commitment Schemes, by Blundo et al, 2002, showing that there is a close relation between unconditionally secure commitment schemes and unconditionally secure authentication schemes, and that an unconditionally secure commitment scheme can be built from such an authentication scheme and an unconditionally secure cipher system. To investigate the opposite direction, we define optimal commitment systems and show that these must be resolvable design commitment schemes. Then, a proof is given that the resolvable design commitment schemes are a composition of an authentication system and a cipher system and the conclusion follows that this is the case for all optimal commitment systems. We also show how to build optimal schemes from transversal designs that are easy to build and can be more efficiently implemented than the proposal in the previously cited paper.
Kolmogorov complexity and Shannon entropy are conceptually different measures. However, for any r... more Kolmogorov complexity and Shannon entropy are conceptually different measures. However, for any recursive probability distribution, the expected value of Kolmogorov complexity equals its Shannon entropy, up to a constant. We study if a similar relationship holds for Rényi and Tsallis entropies of order α, showing that it only holds for α = 1. Regarding a time-bounded analogue relationship, we show that, for some distributions we have a similar result. We prove that, for universal time-bounded distribution m t (x), Tsallis and Rényi entropies converge if and only if α is greater than 1. We also establish the uniform continuity of these entropies.
The concept of combinatorial rectangle is of fundamental importance in Communication Complexity. ... more The concept of combinatorial rectangle is of fundamental importance in Communication Complexity. Given a finite set R, a combinatorial rectangle is a set of the form A × B where A and B are subsets of R. A square R × R together with a function c : R × R → {0, 1} is called a colored square. A colored square is called random if each c(a, b) is an independent random variable; in this case, c is called a random function. A colored combinatorial rectangle A × B is called monochromatic if c(a, b) has the same value (either 0 or 1) for every a ∈ A and b ∈ B. We prove that the decision problem associated with the problem of finding the maximum area of a monochromatic combinatorial rectangle (mcr) of a given colored square is NP-complete. Most of this paper deals with the asymptotic maximum area of the mcrs of a random square. Let p be the probability that any cell has the value 1. We establish several improvements and generalizations of the results previously known, namely: (i) better bounds for several statistical parameters associated with the asymptotic maximum areas of mcrs; (ii) the generalization for arbitrary values of p of the results obtained for p = 1/2, the only value previously studied. These results can be useful in Information Theory and Communication Complexity; we use them to obtain a lower bound of the communication complexity of "random functions".
There is no generally accepted definition for conditional Tsallis entropy. The standard definitio... more There is no generally accepted definition for conditional Tsallis entropy. The standard definition of (unconditional) Tsallis entropy depends on a parameter α that converges to the Shannon entropy as α approaches 1. In this paper, we describe three proposed definitions of conditional Tsallis entropy suggested in the literature—their properties are studied and their values, as a function of α, are compared. We also consider another natural proposal for conditional Tsallis entropy and compare it with the existing ones. Lastly, we present an online tool to compute the four conditional Tsallis entropies, given the probability distributions and the value of the parameter α.
The oblivious transfer primitive is sufficient to implement secure multiparty computation. Howeve... more The oblivious transfer primitive is sufficient to implement secure multiparty computation. However, secure multiparty computation based on public-key cryptography is limited by the security and efficiency of the oblivious transfer implementation. We present a method to generate and distribute oblivious keys by exchanging qubits and by performing commitments using classical hash functions. With the presented hybrid approach of quantum and classical, we obtain a practical and high-speed oblivious transfer protocol. We analyse the security and efficiency features of the technique and conclude that it presents advantages in both areas when compared to public-key based techniques.
We study characterizations of one-way functions in terms of time-bounded Kolmogorov complexity. A... more We study characterizations of one-way functions in terms of time-bounded Kolmogorov complexity. As the main contribution, we propose definitions for strong and weak Kolmogorov one-way functions and show that these are equivalent to classical strong and weak one-way functions, respectively. The new definitions were motivated by the fact that the expected value approach is not able to characterize strong one-way functions as we prove in the paper.
Journal of Physics A: Mathematical and Theoretical
We present a bit-string quantum oblivious transfer protocol based on single-qubit rotations. The ... more We present a bit-string quantum oblivious transfer protocol based on single-qubit rotations. The proposed protocol does not violate the Lo's nogo theorem that prevents the unconditional security of 1-out-of-2 oblivious transfer. Our protocol is based on a previously proposed quantum public key protocol and its security relies on the laws of Quantum Mechanics. We also present a single-bit oblivious transfer based on the proposed bitstring protocol. The protocol can be implemented with current technology based on optics.
We introduced a new method for distinguishing two probability ensembles called one from each meth... more We introduced a new method for distinguishing two probability ensembles called one from each method, in which the distinguisher receives as input two samples, one from each ensemble. We compare this new method with multi-sample from the same method already exiting in the literature and prove that there are ensembles distinguishable by the new method, but indistinguishable by the multi-sample from the same method. To evaluate the power of the proposed method we also show that if non-uniform distinguishers (probabilistic circuits) are used, the one from each
We propose an individual approach to one-way functions based on Kolmogorov complexity and prove s... more We propose an individual approach to one-way functions based on Kolmogorov complexity and prove some relationships between the new proposals and the classical definitions of one-way functions. We also give some insight about Kolmogorov one-way functions relating it with the conjecture of polynomial time symmetry of information.
We present a quantum public-key crypto-system based on quantum walks. We show its security and an... more We present a quantum public-key crypto-system based on quantum walks. We show its security and analyze the complexity of public-key generation and encryption/decryption procedures.
Depth of an object concerns a tradeoff between computation time and excess of program length over... more Depth of an object concerns a tradeoff between computation time and excess of program length over the shortest program length required to obtain the object. It gives an unconditional lower bound on the computation time from a given program in absence of auxiliary information. Variants known as logical depth and computational depth are expressed in Kolmogorov complexity theory. We derive quantitative relation between logical depth and computational depth and unify the different depth notions by relating them to A. Kolmogorov and L. Levin’s fruitful notion of randomness deficiency. Subsequently, we revisit the computational The authors from University of Porto are partially supported by KCrypt (POSC/EIA/60819/2004) and funds granted to LIACC through the Programa de Financiamento Plurianual, Fundação para a Ciência e Tecnologia and Programa POSI.
Oblivious transfer protocol is a basic building block in cryptography and is used to transfer inf... more Oblivious transfer protocol is a basic building block in cryptography and is used to transfer information from a sender to a receiver in such a way that, at the end of the protocol, the sender does not know if the receiver got the message or not. Since Shor's quantum algorithm appeared, the security of most of classical cryptographic schemes has been compromised, as they rely on the fact that factoring is unfeasible. To overcome this, quantum mechanics has been used intensively in the past decades, and alternatives resistant to quantum attacks have been developed in order to fulfill the (potential) lack of security of a significant number of classical schemes. In this paper, we present a quantum computationally secure protocol for oblivious transfer between two parties, under the assumption of quantum hardness of state distinguishability. The protocol is feasible, in the sense that it is implementable in polynomial time.
The logical depth with significance b of a finite binary string x is the shortest running time of... more The logical depth with significance b of a finite binary string x is the shortest running time of a binary program for x that can be compressed by at most b bits. There is another definition of logical depth. We give two theorems about the quantitative relation between these versions: the first theorem concerns a variation of a known fact with a new proof, the second theorem and its proof are new. We select the above version of logical depth and show the following. There is an infinite sequence of strings of increasing length such that for each j there is a b such that the logical depth of the jth string as a function of j is incomputable (it rises faster than any computable function) but with b replaced by b + 1 the resuling function is computable. Hence the maximal gap between the logical depths resulting from incrementing appropriate b's by 1 rises faster than any computable function. All functions mentioned are upper bounded by the Busy Beaver function. Since for every string its logical depth is nonincreasing in b, the minimal computation time of the shortest programs for the sequence of strings as a function of j rises faster than any computable function but not so fast as the Busy Beaver function.
Oblivious transfer protocol is a basic building block in cryptography and is used to transfer inf... more Oblivious transfer protocol is a basic building block in cryptography and is used to transfer information from a sender to a receiver in such a way that, at the end of the protocol, the sender does not know if the receiver got the message or not. Since Shor's quantum algorithm appeared, the security of most of classical cryptographic schemes has been compromised, as they rely on the fact that factoring is unfeasible. To overcome this, quantum mechanics has been used intensively in the past decades, and alternatives resistant to quantum attacks have been developed in order to fulfill the (potential) lack of security of a significant number of classical schemes. In this paper, we present a quantum computationally secure protocol for oblivious transfer between two parties, under the assumption of quantum hardness of state distinguishability. The protocol is feasible, in the sense that it is implementable in polynomial time.
We present a bit-string quantum oblivious transfer protocol based on single-qubit rotations. The ... more We present a bit-string quantum oblivious transfer protocol based on single-qubit rotations. The proposed protocol does not violate the Lo's nogo theorem that prevents the unconditional security of 1-out-of-2 oblivious transfer. Our protocol is based on a previously proposed quantum public key protocol and its security relies on the laws of Quantum Mechanics. We also present a single-bit oblivious transfer based on the proposed bitstring protocol. The protocol can be implemented with current technology based on optics.
Usually one can quantify the subjective notion of useful information in two different perspective... more Usually one can quantify the subjective notion of useful information in two different perspectives: static resources-measuring the amount of planing required to construct the object; or dynamic resources-measuring the computational effort required to produce the object. We study the robustness of logical depth measuring dynamic resources, proving that small variations in the significance level can cause large changes in the logical depth.
2010 IEEE International Symposium on Information Theory, 2010
We further study the connection between Algorithmic Entropy and Shannon and Rényi Entropies. It i... more We further study the connection between Algorithmic Entropy and Shannon and Rényi Entropies. It is given an example for which the difference between the expected value of algorithmic entropy and Shannon Entropy meets the known upperbound and, for Rényi Entropy, proving that all other values of the parameter (α), the same difference can be big. We also prove that for a particular type of distributions Shannon Entropy is able to capture the notion of computationally accessible information by relating it to time-bounded algorithmic entropy. In order to better study this unexpected relation it is investigated the behavior of the different entropies (Shannon, Rényi and Tsallis) under the distribution based on the time-bounded algorithmic entropy.
We study the relationship between complexity cores of a language and the descriptional complexity... more We study the relationship between complexity cores of a language and the descriptional complexity of the characteristic sequence of the language based on Kolmogorov complexity. Intuitively, a complexity core is a set of hard instances of a language, i.e. instances which cannot be decided in polynomial time. Kolmogorov complexity measures the information content of a string by the length of the shortest program which prints the string. Time-bounded Kolmogorov complexity looks at the length of a shortest program which prints the string within a specified time bound. We prove that a recursive set A has a complexity core if for all constants c, the computational depth (the difference between time-bounded and unbounded Kolmogorov complexities) of the characteristic sequence of A up to length n is larger than c infinitely often. We also show that if a language has a complexity core of exponential density, then it cannot be accepted in average polynomial time, when the strings are distributed according to a time bounded version of the universal distribution.
We prove several results relating injective one-way functions, timebounded conditional Kolmogorov... more We prove several results relating injective one-way functions, timebounded conditional Kolmogorov complexity, and time-bounded conditional entropy. First we establish a connection between injective, strong and weak one-way functions and the expected value of the polynomial time-bounded Kolmogorov complexity, denoted here by E(K t (x|f (x))). These results are in both directions. More precisely, conditions on E(K t (x|f (x))) that imply that f is a weak one-way function, and properties of E(K t (x|f (x))) that are implied by the fact that f is a strong oneway function. In particular, we prove a separation result: based on the concept of time-bounded Kolmogorov complexity, we find an interval in which every function f is a necessarily weak but not a strong one-way function. Then we propose an individual approach to injective one-way functions based on Kolmogorov complexity, defining Kolmogorov one-way functions and prove some relationships between the new proposal and the classical definition of one-way functions, showing that a Kolmogorov one-way function is also a deterministic one-way function. A relationship between Kolmogorov one-way functions and the conjecture of polynomial time symmetry of information is also proved. Finally, we relate E(K t (x|f (x))) and two forms of time-bounded entropy, the unpredictable entropy H unp , in which "one-wayness" of a function can be easily expressed, and the Yao + entropy, a measure based on compression/decompression schema in which only the decompressor is restricted to be time-bounded.
In the present paper, we answer a question raised in the paper Constructions and Bounds for Uncon... more In the present paper, we answer a question raised in the paper Constructions and Bounds for Unconditionally Secure Non-Interactive Commitment Schemes, by Blundo et al, 2002, showing that there is a close relation between unconditionally secure commitment schemes and unconditionally secure authentication schemes, and that an unconditionally secure commitment scheme can be built from such an authentication scheme and an unconditionally secure cipher system. To investigate the opposite direction, we define optimal commitment systems and show that these must be resolvable design commitment schemes. Then, a proof is given that the resolvable design commitment schemes are a composition of an authentication system and a cipher system and the conclusion follows that this is the case for all optimal commitment systems. We also show how to build optimal schemes from transversal designs that are easy to build and can be more efficiently implemented than the proposal in the previously cited paper.
Kolmogorov complexity and Shannon entropy are conceptually different measures. However, for any r... more Kolmogorov complexity and Shannon entropy are conceptually different measures. However, for any recursive probability distribution, the expected value of Kolmogorov complexity equals its Shannon entropy, up to a constant. We study if a similar relationship holds for Rényi and Tsallis entropies of order α, showing that it only holds for α = 1. Regarding a time-bounded analogue relationship, we show that, for some distributions we have a similar result. We prove that, for universal time-bounded distribution m t (x), Tsallis and Rényi entropies converge if and only if α is greater than 1. We also establish the uniform continuity of these entropies.
The concept of combinatorial rectangle is of fundamental importance in Communication Complexity. ... more The concept of combinatorial rectangle is of fundamental importance in Communication Complexity. Given a finite set R, a combinatorial rectangle is a set of the form A × B where A and B are subsets of R. A square R × R together with a function c : R × R → {0, 1} is called a colored square. A colored square is called random if each c(a, b) is an independent random variable; in this case, c is called a random function. A colored combinatorial rectangle A × B is called monochromatic if c(a, b) has the same value (either 0 or 1) for every a ∈ A and b ∈ B. We prove that the decision problem associated with the problem of finding the maximum area of a monochromatic combinatorial rectangle (mcr) of a given colored square is NP-complete. Most of this paper deals with the asymptotic maximum area of the mcrs of a random square. Let p be the probability that any cell has the value 1. We establish several improvements and generalizations of the results previously known, namely: (i) better bounds for several statistical parameters associated with the asymptotic maximum areas of mcrs; (ii) the generalization for arbitrary values of p of the results obtained for p = 1/2, the only value previously studied. These results can be useful in Information Theory and Communication Complexity; we use them to obtain a lower bound of the communication complexity of "random functions".
Uploads
Papers by André Souto