Russell Impagliazzo scite author profile

Pseudorandom generators are fundamental to many theoretical and applied aspects of computing. We show h o w to construct a pseudorandom generator from any oneway function. Since it is easy to construct a one-way function from a pseudorandom generator, this result shows that there is a pseudorandom generator i there is a one-way function.Warning: Essentially this paper has been published in SIAM Journal on Computing and is hence subject to copyright restrictions. It is for personal use only.

show abstract

On the (Im)possibility of Obfuscating Programs

Barak

et al. 2001

View full text Add to dashboard Cite

Abstract. Informally, an obfuscator O is an (efficient, probabilistic) "compiler" that takes as input a program (or circuit) P and produces a new program O(P ) that has the same functionality as P yet is "unintelligible" in some sense. Obfuscators, if they exist, would have a wide variety of cryptographic and complexity-theoretic applications, ranging from software protection to homomorphic encryption to complexity-theoretic analogues of Rice's theorem. Most of these applications are based on an interpretation of the "unintelligibility" condition in obfuscation as meaning that O(P ) is a "virtual black box," in the sense that anything one can efficiently compute given O(P ), one could also efficiently compute given oracle access to P . In this work, we initiate a theoretical investigation of obfuscation. Our main result is that, even under very weak formalizations of the above intuition, obfuscation is impossible. We prove this by constructing a family of functions F that are inherently unobfuscatable in the following sense: there is a property π : F → {0, 1} such that (a) given any program that computes a function f ∈ F, the value π(f ) can be efficiently computed, yet (b) given oracle access to a (randomly selected) function f ∈ F, no efficient algorithm can compute π(f ) much better than random guessing. We extend our impossibility result in a number of ways, including even obfuscators that (a) are not necessarily computable in polynomial time, (b) only approximately preserve the functionality, and (c) only need to work for very restricted models of computation (TC 0). We also rule out several potential applications of obfuscators, by constructing "unobfuscatable" signature schemes, encryption schemes, and pseudorandom function families.

show abstract

Which problems have strongly exponential complexity?

Zane³

View full text Add to dashboard Cite

On the Complexity of k-SAT

Impagliazzo

Paturi

2001

Journal of Computer and System Sciences

1,024

757

View full text Add to dashboard Cite

The k-SAT problem is to determine if a given k-CNF has a satisfying assignment. It is a celebrated open question as to whether it requires exponential time to solve k-SAT for k 3. Here exponential time means 2 $n for some $>0. In this paper, assuming that, for k 3, k-SAT requires exponential time complexity, we show that the complexity of k-SAT increases as k increases. More precisely, for k 3, define s k =inf[$: there exists 2 $n algorithm for solving k-SAT]. Define ETH (Exponential-Time Hypothesis) for k-SAT as follows: for k 3, s k >0. In this paper, we show that s k is increasing infinitely often assuming ETH for k-SAT. Let s be the limit of s k. We will in fact show that s k (1&dÂk) s for some constant d>0. We prove this result by bringing together the ideas of critical clauses and the Sparsification Lemma to reduce the satisfiability of a k-CNF to the satisfiability of a disjunction of 2 =n k$-CNFs in fewer variables for some k$ k and arbitrarily small =>0. We also show that such a disjunction can be computed in time 2 =n for arbitrarily small =>0. 2001 Academic Press Although all NP-complete problems are equivalent as far as the existence of polynomial-time algorithm is concerned, there is wide variation in the worst-case complexity of known algorithms for these problems. For example, there have been several algorithms for maximum independent set [6, 12, 17, 18], and the best of these takes time 1.2108 n in the worst-case [12]. Recently, a 3-coloring algorithm with 1.3446 n worst-case time complexity is presented [2] and it is known that k-coloring can be solved in 2.442 n time [8]. However, it is not known what, if any, relationships exist among the worst-case complexities of various problems. In this paper, we examine the complexity of k-SAT, and derive a relationship that governs

show abstract

Which Problems Have Strongly Exponential Complexity?

Impagliazzo

Paturi

Zane³

2001

Journal of Computer and System Sciences

1,047

614

View full text Add to dashboard Cite

For several NP-complete problems, there have been a progression of better but still exponential algorithms. In this paper, we address the relative likelihood of sub-exponential algorithms for these problems. We introduce a generalized reduction that we call Sub-exponential Reduction Family (SERF) that preserves sub-exponential complexity. We show that Circuit-SAT is SERF-complete for all NP-search problems, and that for any fixed k \ 3, k-SAT, k-Colorability, k-Set Cover, Independent Set, Clique, and Vertex Cover, are SERF-complete for the class SNP of search problems expressible by secondorder existential formulas whose first-order part is universal. In particular, sub-exponential complexity for any one of the above problems implies the same for all others.We also look at the issue of proving strongly exponential lower bounds for AC 0 , that is, bounds of the form 2 W(n). This problem is even open for depth-3 circuits. In fact, such a bound for depth-3 circuits with even limited (at most n e ) fan-in for bottom-level gates would imply a nonlinear size lower bound for logarithmic depth circuits. We show that with high probability even random degree 2 GF(2) polynomials require strongly exponential size for S k 3 circuits for k=o(log log n). We thus exhibit a much smaller space of 2functions such that almost every function in this class requires strongly exponential size S k 3 circuits. As a corollary, we derive a pseudorandom generator (requiring O(n 2 ) bits of advice) that maps n bits into a larger number of bits so that computing parity on the range is hard for S k 3 circuits. Our main technical lemma is an algorithm that, for any fixed e > 0, represents an arbitrary k-CNF formula as a disjunction of 2 en k-CNF formulas that are sparse, that is, each disjunct has O(n) clauses.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.