3 Switching Lemma
نویسندگان
چکیده
Why do we care about random oracles? It goes back to computability theory. Many results including halting problems, R vs RE, and etc., were based on black-box simulations and the existence of universal machine. This includes clever methods such as diagonalization. People thought that the same technique would work for complexity theory, for example, P versus NP problem. An oracle machine is a Turing machine equipped with an oracle O : {0, 1}∗ → {0, 1}. Oracle machine can make queries to its oracle with unit cost. They allow us to do black-box simulations and to use universal oracle machines. It implies that those results in computability theory hold for oracle machines. In other words, they relativizes. However, there is no hope to prove that P = NP or P 6= NP by relativizing techniques. As we have seen in the class, Baker, Gill, and Solovay showed that there exists an oracle A where P = NP holds, and another oracle B where P 6= NP holds. People tried to fix this problem by considering random oracles. Note that zero-one law implies that any complexity result holds with probability 0 or 1 in random oracle world. In this extent, Bennett and Gill showed in 1981 that P 6= NP holds for random oracles. We may suspect whether the random oracle results always coincide to the real world, but there are counterexamples such as IP = PSPACE. Then, why we still care about random oracles? One possible explanation is that random oracles provide some intuition to other area. For example, BKS conjecture directly contradicts to Hast̊ad conjecture, so if they knew this connection between low influence functions and random oracles, then they might not have made their conjecture. There is an interesting question: is P = NP∩coNP true for random oracles? To prove such statement we need a way to convert unstructured hard functions (random functions) to a hard function in NP∩coNP. Note that random functions are naturally related to private-key encryption system, and that every known public-key encryption system relies on a function in NP∩ coNP. So resolving such question may provide a way to resolve private-key versus public-key encryption problem [4].
منابع مشابه
An Entropy Proof of the Switching Lemma and Tight Bounds on the Decision-Tree Size of AC
The first result of this paper is (a novel proof of) the following switching lemma for m-clause DNF formulas F : (1) P[ DTdepth(F Rp) ≥ t ] = O(p log(m+ 1)) for all p ∈ [0, 1] and t ∈ N where Rp is the p-random restriction and DTdepth denotes decision-tree depth. Our proof replaces the counting arguments in previous proofs of H̊astad’s O(pw) switching lemma for width-w DNFs [5, 8, 2] with a nove...
متن کامل3 the Switching Lemma
Today we show that PARITY is not in AC0. AC0 is a family of circuits with constant depth, polynomial size, and unbounded fan-in for the AND and OR gates. We establish this result through an application of the Switching Lemma. This result is the first use of randomization in its full power in complexity. Circuits were defined in previous lectures. In this lecture, we always assume that the circu...
متن کاملSwitching Lemma for Bilinear Tests and Constant-Size NIZK Proofs for Linear Subspaces
We state a switching lemma for tests on adversarial responses involving bilinear pairings in hard groups, where the tester can effectively switch the randomness used in the test from being given to the adversary at the outset to being chosen after the adversary commits its response. The switching lemma can be based on any k-linear hardness assumptions on one of the groups. In particular, this e...
متن کاملA Non-Probabilistic Switching Lemma for the Sipser Function
Abs t r ac t . Valiant [12] showed that the clique function is structurally different than the majority function by establishing the following "switching lemma ~ : Any function f whose set of prime implicants is a large enough subset of the set of cliques (and thus requiring big ~2-circuits), has a large set of prime clauses (i.e., big II2-circuits). As a corollary, an exponential lower bound w...
متن کاملSimple Chosen-Ciphertext Security from Low-Noise LPN
Recently, Döttling et al. (ASIACRYPT 2012) proposed the first chosen-ciphertext (IND-CCA) secure public-key encryption scheme from the learning parity with noise (LPN) assumption. In this work we give an alternative scheme which is conceptually simpler and more efficient. At the core of our construction is a trapdoor technique originally proposed for lattices by Micciancio and Peikert (EUROCRYP...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2015