Proofs, codes, and polynomial-time reducibilities

Lecture Notes in Computer Science, 2008

We prove, using a non-standard complexity assumption, that any language in N P has a 1-round (that is, the verifier sends a message to the prover, and the prover sends a message to the verifier) argument system (that is, a proof system where soundness holds against polynomial-time provers) with communication complexity only polylogarithmic in the size of the N P instance. We also show formal evidence that the nature of the non-standard complexity assumption we use is analogous to previous assumptions proposed in the cryptographic literature. The question of whether complexity assumptions of this nature can be considered acceptable or not remains of independent interest in complexity-theoretic cryptography as well as complexity theory.

Journal of Cryptology, 1998

We consider noninteractive zero-knowledge proofs in the shared random string model proposed by Blum et al. [5]. Until recently there was a sizable polynomial gap between the most efficient noninteractive proofs for NP based on general complexity assumptions [11] versus those based on specific algebraic assumptions [7]. Recently, this gap was reduced to a polylogarithmic factor [17]; we further reduce the gap to a constant factor. Our proof system relies on the existence of one-way permutations (or trapdoor permutations for bounded provers). Our protocol is stated in the hidden bit model introduced by Feige et al. [11]. We show how to prove that an n-gate circuit is satisfiable, with error probability 1/n O(1) , using only O(n lg n) random committed bits. For this error probability, this result matches to within a constant factor the number of committed bits required by the most efficient known interactive proof systems.

2008

We show that for all reals c and d such that c 2 d < 4 there exists a positive real e such that tautologies cannot be decided by both a nondeterministic algorithm that runs in time n c , and a nondeterministic algorithm that runs in time n d and space n e. In particular, for every d < 3 √ 4 there exists a positive e such that tautologies cannot be decided by a nondeterministic algorithm that runs in time n d and space n e .

Lecture Notes in Computer Science, 2006

A new class UF of problems is introduced, strictly included in the class NP, which arises in the analysis of the time verifying the intermediate results of computations. The implications of the introduction of this class are considered. First of all, we prove that P  NP and establish that it needs to consider the problem "P vs UF" instead the problem "P vs NP". Also, we determine the set-theoretical of properties of one-way functions that used in cryptology.

Proceedings of the twenty-ninth annual ACM symposium on Theory of computing - STOC '97, 1997

We present a zero-knowledge proof system [19] for any NP language L, which allows showing that x ∈ L with error probability less than 2 −k using communication corresponding to O(|x| c) + k bit commitments, where c is a constant depending only on L. The proof can be based on any bit commitment scheme with a particular set of properties. We suggest an efficient implementation based on factoring. We also present a 4-move perfect zero-knowledge interactive argument for any NPlanguage L. On input x ∈ L, the communication complexity is O(|x| c) • max(k, l) bits, where l is the security parameter for the prover 1. Again, the protocol can be based on any bit commitment scheme with a particular set of properties. We suggest efficient implementations based on discrete logarithms or factoring. We present an application of our techniques to multiparty computations, allowing for example t committed oblivious transfers with error probability 2 −k to be done simultaneously using O(t+k) commitments. Results for general computations follow from this. As a function of the security parameters, our protocols have the smallest known asymptotic communication complexity among general proofs or arguments for NP. Moreover, the constants involved are small enough for the protocols to be practical in a realistic situation: both protocols are based on a Boolean formula Φ containing and-, or-and not-operators which verifies an NP-witness of membership in L. Let n be the number of times this formula reads an input variable. Then the communication complexity of the protocols when using our concrete commitment schemes can be more precisely stated as at most 4n + k + 1 commitments for the interactive proof and at most 5nl + 5l bits for the argument (assuming k ≤ l). Thus, if we use k = n, the number of commitments required for the proof is linear in n. Both protocols are also proofs of knowledge of an NP-witness of membership in the language involved. * Basic Research in Computer Science, Centre of the Danish National Research Foundation. 1 The meaning of l is that if the prover is unable to solve an instance of a hard problem of size l before the protocol is finished, he can cheat with probability at most 2 −k

Journal of Cryptology, 1993

The fact that there are zero-knowledge proofs for all languages in NP (see , , and [5]) has, potentially, enormous implications to cryptography. For cryptographers, the issue is no longer "which languages in NP have zeroknowledge proofs" but rather "which languages in NP have practical zeroknowledge proofs." Thus, the concrete complexity of zero-knowledge proofs for different languages must be established.

Tr, 1993

This paper proves that every language in NP is recognized by an RP P] machine whose time complexity is quasilinear, apart from the time to verify witnesses. The results signi cantly improve the number of random bits, success probability, and running time of Valiant and Vazirani's original construction VV86], and beat both the 2n random bits and time/success tradeo in subsequent methods based on universal hashing. Questions of further improvements are connected to open problems in the theory of error-correcting codes.

2004

This paper studies for various natural problems in NP whether they can be reduced to sets with low information content, such as branches, P-selective sets, and membership comparable sets. The problems that are studied include the satisfiability problem, the graph automorphism problem, the undirected graph accessibility problem, the determinant function, and all logspace self-reducible languages.

arXiv (Cornell University), 2007

In this article we introduce a new complexity class called PQMA log (2). Informally, this is the class of languages for which membership has a logarithmic-size quantum proof with perfect completeness and soundness which is polynomially close to 1 in a context where the verifier is provided a proof with two unentangled parts. We then show that PQMA log (2) = NP. For this to be possible, it is important, when defining the class, not to give too much power to the verifier. This result, when compared to the fact that QMA log = BQP, gives us new insight on the power of quantum information and the impact of entanglement.