on basing search sivp on np hardness
play

On Basing Search SIVP on NP-Hardness Tianren Liu MIT liutr@mit.edu - PowerPoint PPT Presentation

Oct 12, 2022 •457 likes •1.46k views

On Basing Search SIVP on NP-Hardness Tianren Liu MIT liutr@mit.edu Sixteenth IACR Theory of Cryptography Conference Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 1 / 18 Assumptions and Primitives in Cryptography

  1. On Basing Search SIVP on NP-Hardness Tianren Liu MIT liutr@mit.edu Sixteenth IACR Theory of Cryptography Conference Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 1 / 18

  2. Assumptions and Primitives in Cryptography Add-Homomorphic Enc Trapdoor PIR Permutation Pub-key Enc CRHF OWP OWF Avg-NP � BPP NP � BPP Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 2 / 18

  3. Assumptions and Primitives in Cryptography Add-Homomorphic Enc Trapdoor PIR Permutation Pub-key Enc CRHF OWP OWF Avg-NP � BPP NP � BPP Can we prove the security of a cryptographic primitive from the minimal assumption NP � BPP ? (Brassard 1979) Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 2 / 18

  4. (Black-box) Security Proofs To prove the security of X based on NP � BPP , find a (p.p.t.) reduction R s.t. for any oracle A that “breaks the security of X ”, R A solves SAT R Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 3 / 18

  5. (Black-box) Security Proofs To prove the security of X based on NP � BPP , find a (p.p.t.) reduction R s.t. for any oracle A that “breaks the security of X ”, R A solves SAT A R Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 3 / 18

  6. (Black-box) Security Proofs To prove the security of X based on NP � BPP , find a (p.p.t.) reduction R s.t. for any oracle A that “breaks the security of X ”, R A solves SAT A � � accepts w.p. ≥ 2 / 3 , if x ∈ SAT � x accepts w.p. ≤ 1 / 3 , if x / ∈ SAT R Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 3 / 18

  7. Impossibility Results Add-Homomorphic Enc No known cryptographic scheme based on NP � BPP . Trapdoor PIR Several negative results* Permutation [Brassard’79, . . . ] Pub-key Enc CRHF OWP OWF Avg-NP � BPP NP � BPP Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 4 / 18

  8. Impossibility Results Add-Homomorphic Enc Trapdoor PIR Permutation Pub-key Enc CRHF OWP One-way Permutations [Brassard’79] OWF Avg-NP � BPP NP � BPP Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 4 / 18

  9. Impossibility Results Add-Homomorphic Enc Trapdoor PIR Permutation Pub-key Enc CRHF OWP One-way Permutations OWF ∗ [Brassard’79] OWF Size-Verifiable One-way Functions Avg-NP � BPP [Akavia-Goldreich-Goldwasser- Moshkovitz’06, NP � BPP Bogdanov-Brzuska’14] Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 4 / 18

  10. Impossibility Results Add-Homomorphic Enc Add-Homomorphic Encryption [Bogdanov-Lee’13] Trapdoor PIR Permutation Pub-key Enc CRHF OWP One-way Permutations OWF ∗ [Brassard’79] OWF Size-Verifiable One-way Functions Avg-NP � BPP [Akavia-Goldreich-Goldwasser- Moshkovitz’06, NP � BPP Bogdanov-Brzuska’14] Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 4 / 18

  11. Impossibility Results Add-Homomorphic Enc Add-Homomorphic Encryption [Bogdanov-Lee’13] Trapdoor PIR Permutation Private Information Retrieval [Liu-Vaikuntanathan’16] Pub-key Enc CRHF OWP One-way Permutations OWF ∗ [Brassard’79] OWF Size-Verifiable One-way Functions Avg-NP � BPP [Akavia-Goldreich-Goldwasser- Moshkovitz’06, NP � BPP Bogdanov-Brzuska’14] Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 4 / 18

  12. Impossibility Results (restricting the reductions) Add-Homomorphic Enc Public-key Encryption Scheme, via “smart” reduction Trapdoor PIR [Goldreich-Goldwasser’98] Permutation Collision-resistant Hash Functions, Pub-key Enc CRHF OWP via constant-adaptive reduction [Haitner-Mahmoody-Xiao’09] OWF Average-case NP, via non-adaptive reduction Avg-NP � BPP [Bogdanov-Trevisan’06] NP � BPP Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 4 / 18

  13. A New Hope Hardness of Add-Homomorphic Enc Lattice Problems Trapdoor PIR Permutation Pub-key Enc CRHF OWP OWF Avg-NP � BPP NP � BPP Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 5 / 18

  14. A New Hope Hardness of Add-Homomorphic Enc A successful history of Lattice Problems lattice-based cryptography Trapdoor LWE PIR SIS [GGH’97, Regev’05, GPV’08, Permutation Gentry’09, BV’11, . . . ] Pub-key Enc CRHF OWP OWF Avg-NP � BPP NP � BPP Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 5 / 18

  15. A New Hope gapSVP , gapSIVP � BPP Hardness of Add-Homomorphic Enc A successful history of SIVP � BPP Lattice Problems lattice-based cryptography Trapdoor LWE PIR SIS [GGH’97, Regev’05, GPV’08, Permutation Gentry’09, BV’11, . . . ] Pub-key Enc CRHF OWP Based on worst-case hardness of lattice problems OWF such as SIVP, gapSVP [Ajtai’96, MR’04, Regev’05, Avg-NP � BPP Peikert’09, LPR’10, MP’12, . . . ] NP � BPP Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 5 / 18

  16. A New Hope gapSVP , gapSIVP � BPP Hardness of Add-Homomorphic Enc Impossibility Results [GG’00, SIVP � BPP Lattice Problems Trapdoor MV’03,AR’04,GMR’04,PV’08] LWE PIR SIS Permutation gapSVP ˜ O ( √ n ) , gapSIVP ˜ O ( √ n ) are not NP -hard unless Pub-key Enc CRHF OWP polynomial hierarchy collapses. OWF Avg-NP � BPP NP � BPP Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 5 / 18

  17. A New Hope gapSVP , gapSIVP � BPP Hardness of Add-Homomorphic Enc Impossibility Results [GG’00, SIVP � BPP Lattice Problems Trapdoor MV’03,AR’04,GMR’04,PV’08] LWE PIR SIS Permutation gapSVP ˜ O ( √ n ) , gapSIVP ˜ O ( √ n ) are not NP -hard unless Pub-key Enc CRHF OWP polynomial hierarchy collapses. OWF Our Result Search problem SIVP ˜ O ( n ) is not Avg-NP � BPP NP -hard unless polynomial hierarchy collapses. NP � BPP Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 5 / 18

  18. Lattice Full-rank discrete additive subgroup in R n Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 6 / 18

  19. Lattice Full-rank discrete additive subgroup in R n Basis B = ( b 1 , . . . , b n ) ∈ R n × n b 1 L ( B ) := { B z | z ∈ Z n } b 2 Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 6 / 18

  20. Lattice Full-rank discrete additive subgroup in R n Basis B = ( b 1 , . . . , b n ) ∈ R n × n b 1 L ( B ) := { B z | z ∈ Z n } b 2 Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 6 / 18

  21. Lattice b ′ Full-rank discrete additive 1 subgroup in R n b ′ 2 Basis B = ( b 1 , . . . , b n ) ∈ R n × n b 1 L ( B ) := { B z | z ∈ Z n } b 2 Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 6 / 18

  22. Lattice Problems b ′ Full-rank discrete additive 1 subgroup in R n b ′ 2 Basis B = ( b 1 , . . . , b n ) ∈ R n × n b 1 L ( B ) := { B z | z ∈ Z n } b 2 Shortest Independent Vector Problem (SIVP) Search Find shortest basis in lattice L ( B ). Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 6 / 18

  23. Lattice Problems b ′ Full-rank discrete additive 1 subgroup in R n b ′ 2 Basis B = ( b 1 , . . . , b n ) ∈ R n × n b 1 L ( B ) := { B z | z ∈ Z n } b 2 Shortest Independent Vector Problem (SIVP) Search Find shortest basis in lattice L ( B ). Decision Given a real d , distinguish between λ n ( B ) ≤ d and λ n ( B ) > d . λ n ( B ) := length of the shortest basis in lattice L ( B ). Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 6 / 18

  24. Lattice Problems b ′ Full-rank discrete additive 1 subgroup in R n b ′ 2 Basis B = ( b 1 , . . . , b n ) ∈ R n × n b 1 L ( B ) := { B z | z ∈ Z n } b 2 Shortest Independent Vector Problem (SIVP), γ -Approx. Search Find shortest basis in lattice L ( B ). Decision Given a real d , distinguish between λ n ( B ) ≤ d and λ n ( B ) > d . λ n ( B ) := length of the shortest basis in lattice L ( B ). Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 6 / 18

  25. Lattice Problems b ′ Full-rank discrete additive 1 subgroup in R n b ′ 2 Basis B = ( b 1 , . . . , b n ) ∈ R n × n b 1 L ( B ) := { B z | z ∈ Z n } b 2 Shortest Independent Vector Problem (SIVP), γ -Approx. SIVP γ Find short basis whose length ≤ γ · λ n ( B ). Decision Given a real d , distinguish between λ n ( B ) ≤ d and λ n ( B ) > d . λ n ( B ) := length of the shortest basis in lattice L ( B ). Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 6 / 18

  26. Lattice Problems b ′ Full-rank discrete additive 1 subgroup in R n b ′ 2 Basis B = ( b 1 , . . . , b n ) ∈ R n × n b 1 L ( B ) := { B z | z ∈ Z n } b 2 Shortest Independent Vector Problem (SIVP), γ -Approx. SIVP γ Find short basis whose length ≤ γ · λ n ( B ). GapSIVP γ Given a real d , distinguish between λ n ( B ) ≤ d and λ n ( B ) > γ · d . λ n ( B ) := length of the shortest basis in lattice L ( B ). Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 6 / 18

  27. Lattice Problems b ′ Full-rank discrete additive 1 subgroup in R n b ′ 2 Basis B = ( b 1 , . . . , b n ) ∈ R n × n b 1 L ( B ) := { B z | z ∈ Z n } b 2 Shortest Vector Problem (SVP), γ -Approx. SVP γ Find short non-zero vector whose length ≤ γ · λ 1 ( B ). GapSVP γ Given a real d , distinguish between λ 1 ( B ) ≤ d and λ 1 ( B ) > γ · d . λ 1 ( B ) := length of the shortest non-zero vector in lattice L ( B ). Tianren LIU (MIT) Basing Search SIVP on NP-Hardness TCC 2018 6 / 18

Recommend

On Basing Private Information Retrieval on NP-Hardness Tianren Liu 1 Vinod Vaikuntanathan 1 1 MIT

On Basing Private Information Retrieval on NP-Hardness Tianren Liu 1 Vinod Vaikuntanathan 1 1 MIT

On Basing Private Information Retrieval on NP-Hardness Tianren Liu 1 Vinod Vaikuntanathan 1 1 MIT liutr@mit.edu , vinodv@csail.mit.edu Thirteenth IACR Theory of Cryptography Conference . . . . . . . . . . . . . . . . . . . . .

696 views • 56 slides
Mechanical Properties of Paint Coatings Hardness Measurement Shore Hardness D Barcol Hardness

Mechanical Properties of Paint Coatings Hardness Measurement Shore Hardness D Barcol Hardness

Mechanical Properties of Paint Coatings Hardness Measurement Shore Hardness D Barcol Hardness ASTM D2583 Fiberglass Aluminum Aluminum Alloys Soft Metals Plastics Scratch Hardness- (IS 101 - Part 5/Sec 2) BS 3900 Hardness can

1.89k views • 30 slides
Beyond NP [HMU06,Chp.11a] Tautology Problem NP-Hardness and co-NP Historical

Beyond NP [HMU06,Chp.11a] Tautology Problem NP-Hardness and co-NP Historical

Beyond NP [HMU06,Chp.11a] Tautology Problem NP-Hardness and co-NP Historical Comments Optimization Problems More Complexity Classes 1 Tautology Problem & NP-Hardness & co-NP 2 NP-Hardness Another

559 views • 23 slides
Subsection 2 NP -hardness 36 / 109 NP -Hardness Do hard problems exist? Depends on P = NP

Subsection 2 NP -hardness 36 / 109 NP -Hardness Do hard problems exist? Depends on P = NP

Subsection 2 NP -hardness 36 / 109 NP -Hardness Do hard problems exist? Depends on P = NP Next best thing: define hardest problem in NP A problem P is NP -hard if Every problem Q in NP can be solved in this way: 1. given an instance

609 views • 14 slides
Basing Elk Population Limits on Direct Measurements of Vegetation Health and Use Patterns. By:

Basing Elk Population Limits on Direct Measurements of Vegetation Health and Use Patterns. By:

Basing Elk Population Limits on Direct Measurements of Vegetation Health and Use Patterns. By: Catherine Schnurrenberger, C.S. Ecological Surveys and Assessments, 11331 Star Pine Rd. Truckee, CA 96161. cadavis@ltol.com Why do we need effective

808 views • 42 slides
On basing one-way permutations on NP-hard problems under quantum reductions Nai-Hui Chia

On basing one-way permutations on NP-hard problems under quantum reductions Nai-Hui Chia

On basing one-way permutations on NP-hard problems under quantum reductions Nai-Hui Chia (PennState to UTAustin) Joint work with Sean Hallgren (PennState) and Fang Song (PortlandState to TAMU) 1 How do people say a crypto system is

567 views • 24 slides
G-APD radiation hardness D. Renker 1 , Y. Musienko 2, * 1) Paul Scherrer Institute, Villigen,

G-APD radiation hardness D. Renker 1 , Y. Musienko 2, * 1) Paul Scherrer Institute, Villigen,

G-APD radiation hardness D. Renker 1 , Y. Musienko 2, * 1) Paul Scherrer Institute, Villigen, Switzerland 2) Northeastern University, Boston, USA * ) on leave from INR(Moscow) LIGHT 07, September 26, 2007, Ringberg Castle G-APD radiation hardness

375 views • 23 slides
CS 758/858: Algorithms http://www.cs.unh.edu/~ruml/cs758 Backtracking Local Search Wheeler Ruml

CS 758/858: Algorithms http://www.cs.unh.edu/~ruml/cs758 Backtracking Local Search Wheeler Ruml

CS 758/858: Algorithms http://www.cs.unh.edu/~ruml/cs758 Backtracking Local Search Wheeler Ruml (UNH) Class 25, CS 758 1 / 20 Backtracking Hardness Optimization Backtracking Depth-first Search DFS Order Problems

466 views • 20 slides
From CATS to SAT: Modeling Empirical Hardness to Understand and Solve Hard Computational Problems

From CATS to SAT: Modeling Empirical Hardness to Understand and Solve Hard Computational Problems

From CATS to SAT: Modeling Empirical Hardness to Understand and Solve Hard Computational Problems Kevin Leyton Brown Computer Science Department University of British Columbia CATS Empirical Hardness Models EHMs for SAT SATzilla Intro

1.15k views • 75 slides
Viterbi Training for PCFGs: Hardness Results and Competitiveness of Uniform Initialization Shay

Viterbi Training for PCFGs: Hardness Results and Competitiveness of Uniform Initialization Shay

Viterbi Training for PCFGs: Hardness Results and Competitiveness of Uniform Initialization Shay Cohen Noah Smith Carnegie Mellon University July 14, 2010 Outline Hardness results for unsupervised learning of PCFGs Background and problem

602 views • 46 slides
Trapdoor Problems Basing the solution on the complexity of problems, which are easy to solve for

Trapdoor Problems Basing the solution on the complexity of problems, which are easy to solve for

Trapdoor Problems Basing the solution on the complexity of problems, which are easy to solve for the legal users, but are very difficult to the eavesdroppers. Public Key Cryptography 1 Such problems are called trapdoor problems .

345 views • 3 slides
Trapdoor Problems Basing the solution on the complexity of problems, which are easy to solve for

Trapdoor Problems Basing the solution on the complexity of problems, which are easy to solve for

Trapdoor Problems Basing the solution on the complexity of problems, which are easy to solve for the legal users, but are very difficult to the eavesdroppers. Public Key Cryptography 1 Such problems are called trapdoor problems . They allow to

379 views • 5 slides
Sentential Decision Diagrams and their Applications Guy Van den Broeck, Arthur Choi, and Adnan

Sentential Decision Diagrams and their Applications Guy Van den Broeck, Arthur Choi, and Adnan

Sentential Decision Diagrams and their Applications Guy Van den Broeck, Arthur Choi, and Adnan Darwiche Nov 4, 2015, INFORMS Basing Decisions on Sentences US Senate: 54 Rep., 44 Dem., and 2 Indep. p1 s1 p2 s2 p3 s3 Basing Decisions on

931 views • 65 slides
Parameters of Two-Prover-One-Round Game and The Hardness of Connectivity Problems Bundit

Parameters of Two-Prover-One-Round Game and The Hardness of Connectivity Problems Bundit

Parameters of Two-Prover-One-Round Game and The Hardness of Connectivity Problems Bundit Laekhanukit McGill University 1 This Talk Investigate the connection between 2-Prover-1-Round Game (2P1R) and Hardness of Approximating

540 views • 43 slides
NP-Hardness Proofs With What Problems We . . . What Problems We . . . Realistic Computers

NP-Hardness Proofs With What Problems We . . . What Problems We . . . Realistic Computers

NP-Hardness Proofs . . . Usual Proofs of NP- . . . Proofs of NP- . . . Pedagogical Problem . . . NP-Hardness Proofs With What Problems We . . . What Problems We . . . Realistic Computers Instead What Is NP-Hard: . . . Proof that . . . of

296 views • 12 slides
Basing Markov Transition Systems on the Giry Monad Smooth Equiva- lence Relations Congruences

Basing Markov Transition Systems on the Giry Monad Smooth Equiva- lence Relations Congruences

EED. Motivation The Giry Monad Basing Markov Transition Systems on the Giry Monad Smooth Equiva- lence Relations Congruences Ernst-Erich Doberkat Factoring Chair for Software Technology Some Technische Universitt Dortmund Conclu-

379 views • 16 slides
Local Search and the Traveling Salesman Problem: A Feature-Based Characterization of Problem

Local Search and the Traveling Salesman Problem: A Feature-Based Characterization of Problem

O. Mersmann et.al LION 6 Paris, France Local Search and the Traveling Salesman Problem: A Feature-Based Characterization of Problem Hardness Olaf Mersmann, Bernd Bischl, Jakob Bossek and Heike Trautmann Department of Statistics, TU

429 views • 28 slides
Broad-basing the pyramid SKIPPER LIMITED INVESTOR PRESENTATION About Us W H O W E A R E

Broad-basing the pyramid SKIPPER LIMITED INVESTOR PRESENTATION About Us W H O W E A R E

Q1 PERFORMANCE, 2019 - 20 SKIPPER LIMITED INVESTOR PRESENTATION Broad-basing the pyramid SKIPPER LIMITED INVESTOR PRESENTATION About Us W H O W E A R E Skipper Limited is Indias largest and world's most competitive integrated

476 views • 45 slides
Unified characterisations of resolution hardness measures Olaf Beyersdorff 1 Oliver Kullmann 2 1

Unified characterisations of resolution hardness measures Olaf Beyersdorff 1 Oliver Kullmann 2 1

Unified characterisations of resolution hardness measures Olaf Beyersdorff 1 Oliver Kullmann 2 1 School of Computing, University of Leeds, UK 2 Computer Science Department, Swansea University, UK 1 Hardness measures for resolution Historically

659 views • 23 slides
Hardness vs Randomness for Bounded Depth Arithmetic Circuits Chi-Ning Chou Mrinal Kumar Noam

Hardness vs Randomness for Bounded Depth Arithmetic Circuits Chi-Ning Chou Mrinal Kumar Noam

Hardness vs Randomness for Bounded Depth Arithmetic Circuits Chi-Ning Chou Mrinal Kumar Noam Solomon Harvard University 1 Outline Arithmetic circuits and algebraic complexity classes Polynomial identity testing (PIT) Hardness vs

1.8k views • 145 slides
Hardness of Mastermind Giovanni Viglietta Department of Computer Science, University of Pisa,

Hardness of Mastermind Giovanni Viglietta Department of Computer Science, University of Pisa,

Hardness of Mastermind Giovanni Viglietta Department of Computer Science, University of Pisa, Italy Venice - June 5 th , 2012 Easy to learn. Easy to play. But not so easy to win. Mastermind commercial, 1981 Hardness of Mastermind

1.16k views • 60 slides
On the Quantitative Hardness of CVP Huck Bennett, Alexander Golovnev, Noah Stephens-Davidowitz

On the Quantitative Hardness of CVP Huck Bennett, Alexander Golovnev, Noah Stephens-Davidowitz

On the Quantitative Hardness of CVP Huck Bennett, Alexander Golovnev, Noah Stephens-Davidowitz NYCAC 2017 Outline Closest Vector Problem Applications Hardness Isolating Parallelepipeds The Closest Vector Problem n is the rank

1.05k views • 83 slides
Recap: Search Example: Pancake Problem Search problem:

Recap: Search Example: Pancake Problem Search problem:

Today CS 232: Ar)ficial Intelligence Informed Search Informed Search Sep 10, 2015 Heuris)cs Greedy Search A* Search Graph Search

387 views • 15 slides
Monge blunts Bayes: Hardness Results for Adversarial Training Zac Cranko Aditya Krishna Menon

Monge blunts Bayes: Hardness Results for Adversarial Training Zac Cranko Aditya Krishna Menon

Monge blunts Bayes: Hardness Results for Adversarial Training Zac Cranko Aditya Krishna Menon Richard Nock Cheng Soon Ong Zhan Shi Christian Walder Overview Hardness results on adversarial training. Key result applicable to a learner:

204 views • 17 slides

More recommend